so much shit my b, adding db backups tho

2025-10-17 19:42:39 -05:00
parent 1cc6abb89a
commit 6d3ae434a5
8 changed files with 82 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -77,6 +77,14 @@
        modules = [
          ./hosts/darwin/cen-it-07/configuration.nix
          inputs.home-manager.darwinModules.default
          nix-homebrew.darwinModules.nix-homebrew
          {
            nix-homebrew = {
              enable = true;  # install homebrew
              enableRosetta = true;   # install homebrew for rosetta as well
              user = "blake";  # user owning homebrew prefix
            };
          }
        ];
      };
    };
--- a/modules/holocron/perms/default.nix
+++ b/modules/holocron/perms/default.nix
@@ -42,7 +42,7 @@ in {
              user=$(basename "$user_dir")
              echo "starting $user_dir"
              chown -Rc "$user:$user" "$user_dir"
-              chmod -Rc 700 "$user_dir"
+              chmod -Rc 770 "$user_dir"
            fi
          done
          echo "fin"
--- a/modules/holocron/smb/default.nix
+++ b/modules/holocron/smb/default.nix
@@ -16,6 +16,16 @@ let
      "create mask" = "0775";
      "directory mask" = "0775";
    };
    timemachine = {
        "path" = "/mnt/Shares/tm_share";
        "valid users" = "username";
        "public" = "no";
        "writeable" = "yes";
        "force user" = "username";
        "fruit:aapl" = "yes";
        "fruit:time machine" = "yes";
        "vfs objects" = "catia fruit streams_xattr";
    };
    users = {
      path = "/holocron/users";
      browseable = true;
--- a/modules/homelab/immich/default.nix
+++ b/modules/homelab/immich/default.nix
@@ -58,7 +58,7 @@ in {
      home = cfg.data_dir;
      createHome = true;
      group = service;
-      extraGroups = ["video" "render"];
+      extraGroups = ["video" "render" "blake"];
    };
    # enable the ${service} service
@@ -72,13 +72,17 @@ in {
      mediaLocation = cfg.data_dir;
      host = "0.0.0.0";
      port = cfg.port;
-      settings.server.externalDomain = "https://pics.blakedheld.xyz";
+      settings = null;
      #settings.server.externalDomain = "https://photos.blakedheld.xyz";
    };
    # override umask to make permissions work out
    #    systemd.services."${toString service}-server".serviceConfig = {
    #      UMask = lib.mkForce "0007";
    #    };
    #    systemd.services."${toString service}-machine-learning".serviceConfig = {
    #      UMask = lib.mkForce "0007";
    #    };
    #    # open firewall
    #    networking.firewall.allowedTCPPorts = [ cfg.port ];
--- a/modules/system/backups/default.nix
+++ b/modules/system/backups/default.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
-
+  config,
  lib,
  pkgs,
  ...
 }:
 /*
 this module enables a backup script made with borg!
 to use import & set the options below
@@ -13,13 +17,11 @@ in a borg archive to the specified repo
    ${service} = { paths = [ cfg.data_dir ]; };
  };
 */
 let
  cfg = config.system.backups;
  sec = config.sops.secrets;
  borg = "${pkgs.borgbackup}/bin/borg";
-in
+in {
 {
  options.system.backups = {
    enable = lib.mkEnableOption "enables backups with borg";
    baks = lib.mkOption {
@@ -39,24 +41,23 @@ in
    };
    mode = lib.mkOption {
      type = lib.types.str;
-      default = "split";  # "all"
+      default = "split"; # "all"
      description = "choice between creating one archive of all paths or one archive per service";
    };
  };
  config = lib.mkIf (cfg.enable && cfg.baks != {}) {
    systemd.tmpfiles.rules = [
      "d /holocron/archives 2770 root archives - -"
    ];
    systemd.services.backups = {
      description = "backup service with borg!";
-      path = [ pkgs.borgbackup ];
+      path = [pkgs.borgbackup];
      serviceConfig = {
        Type = "oneshot";
        User = "root";
-        Group = "archives";   # make perms shake out
+        Group = "archives"; # make perms shake out
        # the actual script borg is using
        ExecStart = pkgs.writeShellScript "borg-backup" ''
          backup() {
@@ -78,8 +79,8 @@ in
            if [ "$mode" = "split" ]; then
              # loop for each backup
-              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (bak_name: bak_paths:
+              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
-                ''
+              bak_name: bak_paths: ''
                  echo "------------ Backing up ${bak_name} ------------"
                  archive="$timestamp-${bak_name}"
                  echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive"
@@ -99,16 +100,17 @@ in
                  --keep-weekly=52 \
                  --keep-monthly=-1
                echo "backup run complete at \"$BORG_REPO::$archive\""
-                ''
+              ''
-              ) cfg.baks)}
+            )
            cfg.baks)}
                exit 0
            else
            # flatten all paths from cfg.baks into one big list
              all_paths="${
-                lib.concatStringsSep " "
+            lib.concatStringsSep " "
-                (lib.flatten
+            (lib.flatten
-                  (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
+              (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
-              }"
+          }"
                borg create \
                  --verbose \
                  --filter AME \
@@ -145,19 +147,42 @@ in
    # create timer to run backups daily
    systemd.timers.backups = {
      description = "daily borg backup timer";
-      wantedBy = [ "timers.target" ];
+      wantedBy = ["timers.target"];
      timerConfig = {
        OnCalendar = "04:00";
        Persistent = true;
      };
    };
    # db backups
    services.mysqlBackup = lib.mkIf config.services.mysql.enable {
      # mc servers use this
      enable = true;
      location = "/var/backup/mysql";
      user = "root";
      startAt = "03:58";
      compression = "zstd";
      databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
    };
    services.postgresqlBackup = config.services.postgresql.enable {
      # immich uses this
      enable = true;
      location = "/var/backup/postgresql";
      compression = "gzip"; # optional: "xz", "zstd", "none"
      startAt = "03:58";
      user = "postgres";
      databases = ["immich"]; # set to all databases defined in esure databases
      #databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
    };
    services.mysql.ensureDatabases = ["FUCKING_NOTICE_ME"];
    # install borg binary
-    environment.systemPackages = with pkgs; [ borgbackup tree ];
+    environment.systemPackages = with pkgs; [borgbackup tree];
    # declare secret for repo password
    sops.secrets = {
-      "borg_passwd" = { 
+      "borg_passwd" = {
        owner = "root";
        group = "root";
      };
--- a/users/blake/default.nix
+++ b/users/blake/default.nix
@@ -10,7 +10,7 @@
    users = {
      blake = {
        isNormalUser = true;
-        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" "immich" ]; # Enable ‘sudo’ for the user.
        uid = 1000;
        shell = pkgs.zsh;
        group = "blake";
--- a/users/blake/dots/darwin/default.nix
+++ b/users/blake/dots/darwin/default.nix
@@ -0,0 +1,10 @@
 {
  pkgs,
  config,
  lib,
  inputs,
  ...
 }:
 {
 }
--- a/users/blake/home.nix
+++ b/users/blake/home.nix
@@ -19,6 +19,7 @@ in
 {
  imports = [
    inputs.sops-nix.homeManagerModules.sops
    ./dots/darwin
    ./dots/neovim
    ./dots/lf
    ./dots/zsh