so much shit my b, adding db backups tho

flake.lock

@@ -88,6 +88,23 @@
         "type": "github"
       }
     },
+    "brew-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1758543057,
+        "narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
+        "owner": "Homebrew",
+        "repo": "brew",
+        "rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Homebrew",
+        "ref": "4.6.12",
+        "repo": "brew",
+        "type": "github"
+      }
+    },
     "copyparty": {
       "inputs": {
         "flake-utils": "flake-utils",
@@ -285,6 +302,24 @@
         "type": "github"
       }
     },
+    "nix-homebrew": {
+      "inputs": {
+        "brew-src": "brew-src"
+      },
+      "locked": {
+        "lastModified": 1758598228,
+        "narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
+        "owner": "zhaofengli",
+        "repo": "nix-homebrew",
+        "rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "nix-homebrew",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1748162331,
@@ -386,6 +421,7 @@
         "copyparty": "copyparty",
         "home-manager": "home-manager",
         "nix-darwin": "nix-darwin",
+        "nix-homebrew": "nix-homebrew",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nvf": "nvf",

flake.nix

@@ -10,6 +10,7 @@
       url = "github:LnL7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nix-homebrew.url = "github:zhaofengli/nix-homebrew";
     home-manager = {
       url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -40,6 +41,7 @@
     nixpkgs,
     nixpkgs-unstable,
     nix-darwin,
+    nix-homebrew,
     ...
   } @ inputs: let
     systems = {
@@ -55,7 +57,7 @@
         system = systems.x86_64;
         specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
         modules = [
-          ./hosts/snowbelle/configuration.nix
+          ./hosts/nixos/snowbelle/configuration.nix
           inputs.home-manager.nixosModules.default
         ];
       };
@@ -63,7 +65,7 @@
         system = systems.x86_64;
         specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
         modules = [
-          ./hosts/vaniville/configuration.nix
+          ./hosts/nixos/vaniville/configuration.nix
           inputs.home-manager.nixosModules.default
         ];
       };
@@ -71,10 +73,18 @@
     darwinConfigurations = {
       CEN-IT-07 = nix-darwin.lib.darwinSystem {
         system = systems.darwin;
-        specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
+        specialArgs = {inherit inputs stable_pkgs unstable_pkgs nix-homebrew;};
         modules = [
-          ./hosts/cen-it-07/configuration.nix
+          ./hosts/darwin/cen-it-07/configuration.nix
           inputs.home-manager.darwinModules.default
+          nix-homebrew.darwinModules.nix-homebrew
+          {
+            nix-homebrew = {
+              enable = true;  # install homebrew
+              enableRosetta = true;   # install homebrew for rosetta as well
+              user = "blake";  # user owning homebrew prefix
+            };
+          }
         ];
       };
     };

hosts/darwin/default.nix

@@ -0,0 +1,40 @@
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+
+  imports = [
+  ];
+
+  # base system package install list
+  environment.systemPackages = with pkgs; [
+    wget
+    curl
+    rsync
+    git
+    age
+    fzf
+    neofetch
+    usbutils
+    pciutils
+    python3
+    vim
+    lf
+    btop
+    powertop
+  ];
+
+  # set timezone
+  time.timeZone = "America/Chicago";
+
+  # allow proprietary packages
+  nixpkgs.config.allowUnfree = true;
+
+  # enable flakes
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  users.defaultUserShell = pkgs.zsh;
+
+}

hosts/nixos/snowbelle/configuration.nix

@@ -8,12 +8,12 @@ in
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../hosts
+      ../../nixos
-      ../../users/blake
+      ../../../users/blake
-      ../../modules/system
+      ../../../modules/system
-      ../../modules/holocron
+      ../../../modules/holocron
-      ../../modules/homelab
+      ../../../modules/homelab
-      ../../modules/homelab/minecraft_recpro
+      ../../../modules/homelab/minecraft_recpro
     ];
 
   system = {

modules/holocron/perms/default.nix

@@ -42,7 +42,7 @@ in {
               user=$(basename "$user_dir")
               echo "starting $user_dir"
               chown -Rc "$user:$user" "$user_dir"
-              chmod -Rc 700 "$user_dir"
+              chmod -Rc 770 "$user_dir"
             fi
           done
           echo "fin"

modules/holocron/smb/default.nix

@@ -16,6 +16,16 @@ let
       "create mask" = "0775";
       "directory mask" = "0775";
     };
+    timemachine = {
+        "path" = "/mnt/Shares/tm_share";
+        "valid users" = "username";
+        "public" = "no";
+        "writeable" = "yes";
+        "force user" = "username";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+    };
     users = {
       path = "/holocron/users";
       browseable = true;

modules/homelab/immich/default.nix

@@ -1,12 +1,16 @@
-{ pkgs, config, lib, inputs, ... }:
+{
-
+  pkgs,
-let
+  config,
+  lib,
+  inputs,
+  unstable_pkgs,
+  ...
+}: let
   service = "immich";
   cfg = config.homelab.${service};
   sec = config.sops.secrets;
   homelab = config.homelab;
-in
+in {
-{
   options.homelab.${service} = {
     enable = lib.mkEnableOption "enables ${service}";
 
@@ -43,7 +47,6 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    
     # declare ${service} group
     users.groups.${service} = {gid = lib.mkForce cfg.ids;};
 
@@ -55,26 +58,31 @@ in
       home = cfg.data_dir;
       createHome = true;
       group = service;
-      extraGroups = [ "video" "render" ];
+      extraGroups = ["video" "render" "blake"];
     };
 
     # enable the ${service} service
     services.${service} = {
       enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
+      #package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
+      package = unstable_pkgs.x86_64.immich;
       openFirewall = true;
       user = service;
       group = service;
       mediaLocation = cfg.data_dir;
       host = "0.0.0.0";
       port = cfg.port;
-      settings.server.externalDomain = "https://pics.blakedheld.xyz";
+      settings = null;
+      #settings.server.externalDomain = "https://photos.blakedheld.xyz";
     };
 
     # override umask to make permissions work out
     #    systemd.services."${toString service}-server".serviceConfig = {
     #      UMask = lib.mkForce "0007";
     #    };
+    #    systemd.services."${toString service}-machine-learning".serviceConfig = {
+    #      UMask = lib.mkForce "0007";
+    #    };
 
     #    # open firewall
     #    networking.firewall.allowedTCPPorts = [ cfg.port ];
@@ -89,12 +97,15 @@ in
     };
 
     # add to glance
-    homelab.glance.links.services = [{
+    homelab.glance.links.services = [
+      {
         title = service;
         url = "https://photos.${homelab.public_domain}";
         error-url = "http://${homelab.host_ip}:${toString cfg.port}";
         check-url = "http://${homelab.host_ip}:${toString cfg.port}";
-      icon = "di:${service}"; }];
+        icon = "di:${service}";
+      }
+    ];
 
     # add to backups
     system.backups.baks = {

modules/system/backups/default.nix

@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
-
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 /*
 this module enables a backup script made with borg!
 to use import & set the options below
@@ -13,13 +17,11 @@ in a borg archive to the specified repo
     ${service} = { paths = [ cfg.data_dir ]; };
   };
 */
-
 let
   cfg = config.system.backups;
   sec = config.sops.secrets;
   borg = "${pkgs.borgbackup}/bin/borg";
-in
+in {
-{
   options.system.backups = {
     enable = lib.mkEnableOption "enables backups with borg";
     baks = lib.mkOption {
@@ -45,7 +47,6 @@ in
   };
 
   config = lib.mkIf (cfg.enable && cfg.baks != {}) {
-    
     systemd.tmpfiles.rules = [
       "d /holocron/archives 2770 root archives - -"
     ];
@@ -78,8 +79,8 @@ in
 
             if [ "$mode" = "split" ]; then
               # loop for each backup
-              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (bak_name: bak_paths:
+              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
-                ''
+              bak_name: bak_paths: ''
                   echo "------------ Backing up ${bak_name} ------------"
                   archive="$timestamp-${bak_name}"
                   echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive"
@@ -100,7 +101,8 @@ in
                   --keep-monthly=-1
                 echo "backup run complete at \"$BORG_REPO::$archive\""
               ''
-              ) cfg.baks)}
+            )
+            cfg.baks)}
                 exit 0
             else
             # flatten all paths from cfg.baks into one big list
@@ -152,6 +154,29 @@ in
       };
     };
 
+    # db backups
+    services.mysqlBackup = lib.mkIf config.services.mysql.enable {
+      # mc servers use this
+      enable = true;
+      location = "/var/backup/mysql";
+      user = "root";
+      startAt = "03:58";
+      compression = "zstd";
+      databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
+    };
+    services.postgresqlBackup = config.services.postgresql.enable {
+      # immich uses this
+      enable = true;
+      location = "/var/backup/postgresql";
+      compression = "gzip"; # optional: "xz", "zstd", "none"
+      startAt = "03:58";
+      user = "postgres";
+      databases = ["immich"]; # set to all databases defined in esure databases
+      #databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
+    };
+
+    services.mysql.ensureDatabases = ["FUCKING_NOTICE_ME"];
+
     # install borg binary
     environment.systemPackages = with pkgs; [borgbackup tree];
 

users/blake/default.nix

@@ -10,7 +10,7 @@
     users = {
       blake = {
         isNormalUser = true;
-        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" "immich" ]; # Enable ‘sudo’ for the user.
         uid = 1000;
         shell = pkgs.zsh;
         group = "blake";

users/blake/dots/darwin/default.nix

@@ -0,0 +1,10 @@
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}:
+{
+
+}

users/blake/home.nix

@@ -12,13 +12,14 @@
     homeDirectory = "/home/blake";
   };
   home_darwin = {
-    username = "bdhelderman";
+    username = "bhelderman";
-    homeDirectory = "/Users/bdhelderman";
+    homeDirectory = "/Users/bhelderman";
   };
 in
 {
   imports = [
     inputs.sops-nix.homeManagerModules.sops
+    ./dots/darwin
     ./dots/neovim
     ./dots/lf
     ./dots/zsh