so much shit my b, adding db backups tho

2025-10-17 19:42:39 -05:00
parent 1cc6abb89a
commit 6d3ae434a5
8 changed files with 82 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -77,6 +77,14 @@
        modules = [
          ./hosts/darwin/cen-it-07/configuration.nix
          inputs.home-manager.darwinModules.default
+          nix-homebrew.darwinModules.nix-homebrew
+          {
+            nix-homebrew = {
+              enable = true;  # install homebrew
+              enableRosetta = true;   # install homebrew for rosetta as well
+              user = "blake";  # user owning homebrew prefix
+            };
+          }
        ];
      };
    };
--- a/modules/holocron/perms/default.nix
+++ b/modules/holocron/perms/default.nix
@@ -42,7 +42,7 @@ in {
              user=$(basename "$user_dir")
              echo "starting $user_dir"
              chown -Rc "$user:$user" "$user_dir"
-              chmod -Rc 700 "$user_dir"
+              chmod -Rc 770 "$user_dir"
            fi
          done
          echo "fin"
--- a/modules/holocron/smb/default.nix
+++ b/modules/holocron/smb/default.nix
@@ -16,6 +16,16 @@ let
      "create mask" = "0775";
      "directory mask" = "0775";
    };
+    timemachine = {
+        "path" = "/mnt/Shares/tm_share";
+        "valid users" = "username";
+        "public" = "no";
+        "writeable" = "yes";
+        "force user" = "username";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+    };
    users = {
      path = "/holocron/users";
      browseable = true;
--- a/modules/homelab/immich/default.nix
+++ b/modules/homelab/immich/default.nix
@@ -58,7 +58,7 @@ in {
      home = cfg.data_dir;
      createHome = true;
      group = service;
-      extraGroups = ["video" "render"];
+      extraGroups = ["video" "render" "blake"];
    };

    # enable the ${service} service
@@ -72,13 +72,17 @@ in {
      mediaLocation = cfg.data_dir;
      host = "0.0.0.0";
      port = cfg.port;
-      settings.server.externalDomain = "https://pics.blakedheld.xyz";
+      settings = null;
+      #settings.server.externalDomain = "https://photos.blakedheld.xyz";
    };

    # override umask to make permissions work out
    #    systemd.services."${toString service}-server".serviceConfig = {
    #      UMask = lib.mkForce "0007";
    #    };
+    #    systemd.services."${toString service}-machine-learning".serviceConfig = {
+    #      UMask = lib.mkForce "0007";
+    #    };

    #    # open firewall
    #    networking.firewall.allowedTCPPorts = [ cfg.port ];
--- a/modules/system/backups/default.nix
+++ b/modules/system/backups/default.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
-
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 /*
 this module enables a backup script made with borg!
 to use import & set the options below
@@ -13,13 +17,11 @@ in a borg archive to the specified repo
    ${service} = { paths = [ cfg.data_dir ]; };
  };
 */
-
 let
  cfg = config.system.backups;
  sec = config.sops.secrets;
  borg = "${pkgs.borgbackup}/bin/borg";
-in
-{
+in {
  options.system.backups = {
    enable = lib.mkEnableOption "enables backups with borg";
    baks = lib.mkOption {
@@ -39,24 +41,23 @@ in
    };
    mode = lib.mkOption {
      type = lib.types.str;
-      default = "split";  # "all"
+      default = "split"; # "all"
      description = "choice between creating one archive of all paths or one archive per service";
    };
  };

  config = lib.mkIf (cfg.enable && cfg.baks != {}) {
-    
    systemd.tmpfiles.rules = [
      "d /holocron/archives 2770 root archives - -"
    ];

    systemd.services.backups = {
      description = "backup service with borg!";
-      path = [ pkgs.borgbackup ];
+      path = [pkgs.borgbackup];
      serviceConfig = {
        Type = "oneshot";
        User = "root";
-        Group = "archives";   # make perms shake out
+        Group = "archives"; # make perms shake out
        # the actual script borg is using
        ExecStart = pkgs.writeShellScript "borg-backup" ''
          backup() {
@@ -78,8 +79,8 @@ in

            if [ "$mode" = "split" ]; then
              # loop for each backup
-              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (bak_name: bak_paths:
-                ''
+              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
+              bak_name: bak_paths: ''
                  echo "------------ Backing up ${bak_name} ------------"
                  archive="$timestamp-${bak_name}"
                  echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive"
@@ -99,16 +100,17 @@ in
                  --keep-weekly=52 \
                  --keep-monthly=-1
                echo "backup run complete at \"$BORG_REPO::$archive\""
-                ''
-              ) cfg.baks)}
+              ''
+            )
+            cfg.baks)}
                exit 0
            else
            # flatten all paths from cfg.baks into one big list
              all_paths="${
-                lib.concatStringsSep " "
-                (lib.flatten
-                  (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
-              }"
+            lib.concatStringsSep " "
+            (lib.flatten
+              (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
+          }"
                borg create \
                  --verbose \
                  --filter AME \
@@ -145,15 +147,38 @@ in
    # create timer to run backups daily
    systemd.timers.backups = {
      description = "daily borg backup timer";
-      wantedBy = [ "timers.target" ];
+      wantedBy = ["timers.target"];
      timerConfig = {
        OnCalendar = "04:00";
        Persistent = true;
      };
    };

+    # db backups
+    services.mysqlBackup = lib.mkIf config.services.mysql.enable {
+      # mc servers use this
+      enable = true;
+      location = "/var/backup/mysql";
+      user = "root";
+      startAt = "03:58";
+      compression = "zstd";
+      databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
+    };
+    services.postgresqlBackup = config.services.postgresql.enable {
+      # immich uses this
+      enable = true;
+      location = "/var/backup/postgresql";
+      compression = "gzip"; # optional: "xz", "zstd", "none"
+      startAt = "03:58";
+      user = "postgres";
+      databases = ["immich"]; # set to all databases defined in esure databases
+      #databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
+    };
+
+    services.mysql.ensureDatabases = ["FUCKING_NOTICE_ME"];
+
    # install borg binary
-    environment.systemPackages = with pkgs; [ borgbackup tree ];
+    environment.systemPackages = with pkgs; [borgbackup tree];

    # declare secret for repo password
    sops.secrets = {
--- a/users/blake/default.nix
+++ b/users/blake/default.nix
@@ -10,7 +10,7 @@
    users = {
      blake = {
        isNormalUser = true;
-        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" "immich" ]; # Enable ‘sudo’ for the user.
        uid = 1000;
        shell = pkgs.zsh;
        group = "blake";
--- a/users/blake/dots/darwin/default.nix
+++ b/users/blake/dots/darwin/default.nix
@@ -0,0 +1,10 @@
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}:
+{
+
+}
--- a/users/blake/home.nix
+++ b/users/blake/home.nix
@@ -19,6 +19,7 @@ in
 {
  imports = [
    inputs.sops-nix.homeManagerModules.sops
+    ./dots/darwin
    ./dots/neovim
    ./dots/lf
    ./dots/zsh