so much shit my b, adding db backups tho

flake.lock

@@ -88,6 +88,23 @@
         "type": "github"
       }
     },
+    "brew-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1758543057,
+        "narHash": "sha256-lw3V2jOGYphUFHYQ5oARcb6urlbNpUCLJy1qhsGdUmc=",
+        "owner": "Homebrew",
+        "repo": "brew",
+        "rev": "5b236456eb93133c2bd0d60ef35ed63f1c0712f6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Homebrew",
+        "ref": "4.6.12",
+        "repo": "brew",
+        "type": "github"
+      }
+    },
     "copyparty": {
       "inputs": {
         "flake-utils": "flake-utils",
@@ -285,6 +302,24 @@
         "type": "github"
       }
     },
+    "nix-homebrew": {
+      "inputs": {
+        "brew-src": "brew-src"
+      },
+      "locked": {
+        "lastModified": 1758598228,
+        "narHash": "sha256-qr60maXGbZ4FX5tejPRI3nr0bnRTnZ3AbbbfO6/6jq4=",
+        "owner": "zhaofengli",
+        "repo": "nix-homebrew",
+        "rev": "f36e5db56e117f7df701ab152d0d2036ea85218c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "nix-homebrew",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1748162331,
@@ -386,6 +421,7 @@
         "copyparty": "copyparty",
         "home-manager": "home-manager",
         "nix-darwin": "nix-darwin",
+        "nix-homebrew": "nix-homebrew",
         "nixpkgs": "nixpkgs_2",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nvf": "nvf",

flake.nix

@@ -10,6 +10,7 @@
       url = "github:LnL7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nix-homebrew.url = "github:zhaofengli/nix-homebrew";
     home-manager = {
       url = "github:nix-community/home-manager/release-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -40,6 +41,7 @@
     nixpkgs,
     nixpkgs-unstable,
     nix-darwin,
+    nix-homebrew,
     ...
   } @ inputs: let
     systems = {
@@ -55,7 +57,7 @@
         system = systems.x86_64;
         specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
         modules = [
-          ./hosts/snowbelle/configuration.nix
+          ./hosts/nixos/snowbelle/configuration.nix
           inputs.home-manager.nixosModules.default
         ];
       };
@@ -63,7 +65,7 @@
         system = systems.x86_64;
         specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
         modules = [
-          ./hosts/vaniville/configuration.nix
+          ./hosts/nixos/vaniville/configuration.nix
           inputs.home-manager.nixosModules.default
         ];
       };
@@ -71,10 +73,18 @@
     darwinConfigurations = {
       CEN-IT-07 = nix-darwin.lib.darwinSystem {
         system = systems.darwin;
-        specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
+        specialArgs = {inherit inputs stable_pkgs unstable_pkgs nix-homebrew;};
         modules = [
-          ./hosts/cen-it-07/configuration.nix
+          ./hosts/darwin/cen-it-07/configuration.nix
           inputs.home-manager.darwinModules.default
+          nix-homebrew.darwinModules.nix-homebrew
+          {
+            nix-homebrew = {
+              enable = true;  # install homebrew
+              enableRosetta = true;   # install homebrew for rosetta as well
+              user = "blake";  # user owning homebrew prefix
+            };
+          }
         ];
       };
     };

hosts/darwin/default.nix

@@ -0,0 +1,40 @@
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+
+  imports = [
+  ];
+
+  # base system package install list
+  environment.systemPackages = with pkgs; [
+    wget
+    curl
+    rsync
+    git
+    age
+    fzf
+    neofetch
+    usbutils
+    pciutils
+    python3
+    vim
+    lf
+    btop
+    powertop
+  ];
+
+  # set timezone
+  time.timeZone = "America/Chicago";
+
+  # allow proprietary packages
+  nixpkgs.config.allowUnfree = true;
+
+  # enable flakes
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  users.defaultUserShell = pkgs.zsh;
+
+}

hosts/nixos/snowbelle/configuration.nix

@@ -8,12 +8,12 @@ in
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
-      ../../hosts
+      ../../nixos
-      ../../users/blake
+      ../../../users/blake
-      ../../modules/system
+      ../../../modules/system
-      ../../modules/holocron
+      ../../../modules/holocron
-      ../../modules/homelab
+      ../../../modules/homelab
-      ../../modules/homelab/minecraft_recpro
+      ../../../modules/homelab/minecraft_recpro
     ];
 
   system = {

modules/holocron/perms/default.nix

@@ -42,7 +42,7 @@ in {
               user=$(basename "$user_dir")
               echo "starting $user_dir"
               chown -Rc "$user:$user" "$user_dir"
-              chmod -Rc 700 "$user_dir"
+              chmod -Rc 770 "$user_dir"
             fi
           done
           echo "fin"

modules/holocron/smb/default.nix

@@ -16,6 +16,16 @@ let
       "create mask" = "0775";
       "directory mask" = "0775";
     };
+    timemachine = {
+        "path" = "/mnt/Shares/tm_share";
+        "valid users" = "username";
+        "public" = "no";
+        "writeable" = "yes";
+        "force user" = "username";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+    };
     users = {
       path = "/holocron/users";
       browseable = true;

modules/homelab/immich/default.nix

@@ -1,12 +1,16 @@
-{ pkgs, config, lib, inputs, ... }:
+{
-
+  pkgs,
-let
+  config,
+  lib,
+  inputs,
+  unstable_pkgs,
+  ...
+}: let
   service = "immich";
   cfg = config.homelab.${service};
   sec = config.sops.secrets;
   homelab = config.homelab;
-in
+in {
-{
   options.homelab.${service} = {
     enable = lib.mkEnableOption "enables ${service}";
 
@@ -43,9 +47,8 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    
     # declare ${service} group
-    users.groups.${service} = { gid = lib.mkForce cfg.ids; };
+    users.groups.${service} = {gid = lib.mkForce cfg.ids;};
 
     # declare ${service} user
     users.users.${service} = {
@@ -55,33 +58,38 @@ in
       home = cfg.data_dir;
       createHome = true;
       group = service;
-      extraGroups = [ "video" "render" ];
+      extraGroups = ["video" "render" "blake"];
     };
 
     # enable the ${service} service
     services.${service} = {
       enable = true;
-      package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
+      #package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
+      package = unstable_pkgs.x86_64.immich;
       openFirewall = true;
       user = service;
       group = service;
       mediaLocation = cfg.data_dir;
       host = "0.0.0.0";
       port = cfg.port;
-      settings.server.externalDomain = "https://pics.blakedheld.xyz";
+      settings = null;
+      #settings.server.externalDomain = "https://photos.blakedheld.xyz";
     };
 
     # override umask to make permissions work out
-#    systemd.services."${toString service}-server".serviceConfig = {
+    #    systemd.services."${toString service}-server".serviceConfig = {
-#      UMask = lib.mkForce "0007";
+    #      UMask = lib.mkForce "0007";
-#    };
+    #    };
+    #    systemd.services."${toString service}-machine-learning".serviceConfig = {
+    #      UMask = lib.mkForce "0007";
+    #    };
 
-#    # open firewall
+    #    # open firewall
-#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+    #    networking.firewall.allowedTCPPorts = [ cfg.port ];
 
     # add to caddy for reverse proxy
     services.caddy.virtualHosts."${cfg.url}" = {
-      serverAliases = [ "photos.${homelab.public_domain}" ];
+      serverAliases = ["photos.${homelab.public_domain}"];
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy 127.0.0.1:${toString cfg.port}
@@ -89,16 +97,19 @@ in
     };
 
     # add to glance
-    homelab.glance.links.services = [{
+    homelab.glance.links.services = [
-      title = service;
+      {
-      url = "https://photos.${homelab.public_domain}";
+        title = service;
-      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
+        url = "https://photos.${homelab.public_domain}";
-      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+        error-url = "http://${homelab.host_ip}:${toString cfg.port}";
-      icon = "di:${service}"; }];
+        check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+        icon = "di:${service}";
+      }
+    ];
 
     # add to backups
     system.backups.baks = {
-      ${service} = { paths = [ cfg.data_dir "/var/lib/redis-immich" ]; };
+      ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich"];};
     };
   };
 }

modules/system/backups/default.nix

@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
-
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 /*
 this module enables a backup script made with borg!
 to use import & set the options below
@@ -13,13 +17,11 @@ in a borg archive to the specified repo
     ${service} = { paths = [ cfg.data_dir ]; };
   };
 */
-
 let
   cfg = config.system.backups;
   sec = config.sops.secrets;
   borg = "${pkgs.borgbackup}/bin/borg";
-in
+in {
-{
   options.system.backups = {
     enable = lib.mkEnableOption "enables backups with borg";
     baks = lib.mkOption {
@@ -39,24 +41,23 @@ in
     };
     mode = lib.mkOption {
       type = lib.types.str;
-      default = "split";  # "all"
+      default = "split"; # "all"
       description = "choice between creating one archive of all paths or one archive per service";
     };
   };
 
   config = lib.mkIf (cfg.enable && cfg.baks != {}) {
-    
     systemd.tmpfiles.rules = [
       "d /holocron/archives 2770 root archives - -"
     ];
 
     systemd.services.backups = {
       description = "backup service with borg!";
-      path = [ pkgs.borgbackup ];
+      path = [pkgs.borgbackup];
       serviceConfig = {
         Type = "oneshot";
         User = "root";
-        Group = "archives";   # make perms shake out
+        Group = "archives"; # make perms shake out
         # the actual script borg is using
         ExecStart = pkgs.writeShellScript "borg-backup" ''
           backup() {
@@ -78,8 +79,8 @@ in
 
             if [ "$mode" = "split" ]; then
               # loop for each backup
-              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (bak_name: bak_paths:
+              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
-                ''
+              bak_name: bak_paths: ''
                   echo "------------ Backing up ${bak_name} ------------"
                   archive="$timestamp-${bak_name}"
                   echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive"
@@ -99,16 +100,17 @@ in
                   --keep-weekly=52 \
                   --keep-monthly=-1
                 echo "backup run complete at \"$BORG_REPO::$archive\""
-                ''
+              ''
-              ) cfg.baks)}
+            )
+            cfg.baks)}
                 exit 0
             else
             # flatten all paths from cfg.baks into one big list
               all_paths="${
-                lib.concatStringsSep " "
+            lib.concatStringsSep " "
-                (lib.flatten
+            (lib.flatten
-                  (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
+              (lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
-              }"
+          }"
                 borg create \
                   --verbose \
                   --filter AME \
@@ -145,15 +147,38 @@ in
     # create timer to run backups daily
     systemd.timers.backups = {
       description = "daily borg backup timer";
-      wantedBy = [ "timers.target" ];
+      wantedBy = ["timers.target"];
       timerConfig = {
         OnCalendar = "04:00";
         Persistent = true;
       };
     };
 
+    # db backups
+    services.mysqlBackup = lib.mkIf config.services.mysql.enable {
+      # mc servers use this
+      enable = true;
+      location = "/var/backup/mysql";
+      user = "root";
+      startAt = "03:58";
+      compression = "zstd";
+      databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
+    };
+    services.postgresqlBackup = config.services.postgresql.enable {
+      # immich uses this
+      enable = true;
+      location = "/var/backup/postgresql";
+      compression = "gzip"; # optional: "xz", "zstd", "none"
+      startAt = "03:58";
+      user = "postgres";
+      databases = ["immich"]; # set to all databases defined in esure databases
+      #databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
+    };
+
+    services.mysql.ensureDatabases = ["FUCKING_NOTICE_ME"];
+
     # install borg binary
-    environment.systemPackages = with pkgs; [ borgbackup tree ];
+    environment.systemPackages = with pkgs; [borgbackup tree];
 
     # declare secret for repo password
     sops.secrets = {

users/blake/default.nix

@@ -10,7 +10,7 @@
     users = {
       blake = {
         isNormalUser = true;
-        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" ]; # Enable ‘sudo’ for the user.
+        extraGroups = ["wheel" "networkmanager" "docker" "media" "podman" "minecraft" "archives" "immich" ]; # Enable ‘sudo’ for the user.
         uid = 1000;
         shell = pkgs.zsh;
         group = "blake";

users/blake/dots/darwin/default.nix

@@ -0,0 +1,10 @@
+{
+  pkgs,
+  config,
+  lib,
+  inputs,
+  ...
+}:
+{
+
+}

users/blake/home.nix

@@ -12,13 +12,14 @@
     homeDirectory = "/home/blake";
   };
   home_darwin = {
-    username = "bdhelderman";
+    username = "bhelderman";
-    homeDirectory = "/Users/bdhelderman";
+    homeDirectory = "/Users/bhelderman";
   };
 in
 {
   imports = [
     inputs.sops-nix.homeManagerModules.sops
+    ./dots/darwin
     ./dots/neovim
     ./dots/lf
     ./dots/zsh