sbc-deploys/flake.nix

{
  description = "A very basic flake";

  inputs = {
    deploy-rs = {
      url = "github:serokell/deploy-rs";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    image-builder.url = "git+https://git.asonix.dog/asonix/nixos-aarch64-images";
    nixpkgs.url = "github:nixos/nixpkgs/master";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, deploy-rs, image-builder, nixpkgs, sops-nix }:
    let
      pkgs = import nixpkgs {
        system = "aarch64-linux";
      };

      btrbkPrimary = { subvolumes ? [ ] }: {
        snapshot_dir = "@snapshots";
        subvolume = builtins.foldl'
          (acc: subvol: acc // {
            ${subvol} = { };
          })
          { }
          subvolumes;
      };

      btrbkSecondary = { target-dir, subvolumes ? [ ] }: {
        target = "send-receive ${target-dir}";
        subvolume = builtins.foldl'
          (acc: subvol: acc // {
            ${subvol} = {
              snapshot_dir = "@snapshots";
              snapshot_preserve_min = "all";
              snapshot_create = "no";
            };
          })
          { }
          subvolumes;
      };

      nextcloudSubvolumes = [
        "@nc-config"
        "@nc-data"
        "@postgres"
        "@redis"
        "@gitea"
        "@gitea-conf"
        "@pihole"
        "@papermc"
        "@docker-cfg"
        "@garage"
        "@garage-config"
      ];

      postgresSubvolumes = [
        "postgres"
        "postgres-cfg"
      ];

      sharedModule = ({ config, ... }: {
        services.openssh.settings.PasswordAuthentication = false;

        # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
        boot.loader.grub.enable = false;
        # Enables the generation of /boot/extlinux/extlinux.conf
        boot.loader.generic-extlinux-compatible.enable = true;

        fileSystems."/" =
          {
            device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
            fsType = "ext4";
          };

        environment.systemPackages = with pkgs; [
          btrbk
        ];

        sops = {
          age.keyFile = "/home/asonix/.config/sops/age/keys.txt";
          age.generateKey = true;
          secrets.private_key = {
            format = "yaml";
            sopsFile = ./secrets/btrbk.yaml;
          };
          secrets.btrfsKeyFile = {
            format = "binary";
            sopsFile = ./secrets/keyfile.bin;
          };
        };

        services.btrbk = {
          sshAccess = [
            {
              key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTqU3EvTgY5/e9m6YyQWypQPK58t9iPmPnPYAvnODGB asonix@lionheart";
              roles = [ "source" "info" "send" ];
            }
          ];
          extraPackages = with pkgs; [ xz ];
          instances.btrbk.settings = {
            transaction_log = "/var/log/btrbk.log";
            stream_buffer = "512m";
            snapshot_preserve_min = "2d";
            snapshot_preserve = "35d 20w 12m";
            target_preserve_min = "24h";
            target_preserve = "24h 7d";
            archive_preserve_min = "latest";
            archive_preserve = "12m 10y";
            ssh_user = "btrbk";
            ssh_identity = config.sops.secrets.private_key.path;
            backend_remote = "btrfs-progs-sudo";
          };
        };
      });

      makeDockerConfig = { hostname, volume, baseModule }: with image-builder.packages.aarch64-linux.modules; nixpkgs.lib.nixosSystem {
        system = "aarch64-linux";
        modules = [
          sops-nix.nixosModules.sops
          baseModule
          sharedModule
          userModule
          {
            environment.systemPackages = with pkgs; [
              docker
              docker-compose
            ];

            networking.hostName = hostname;

            virtualisation.docker.enable = true;

            services.btrbk.instances.btrbk.settings.volume = volume;
          }
        ];
      };

      deployer = { hostname, configuration }: {
        hostname = hostname;
        profiles.system = {
          sshUser = "asonix";
          user = "root";
          magicRollback = false;
          sshOpts = [
            "-i"
            "/home/asonix/.ssh/kube-rsa"
            "-t"
          ];
          path = deploy-rs.lib.aarch64-linux.activate.nixos configuration;
        };
      };
    in
    {
      nixosConfigurations = with image-builder.packages.aarch64-linux.modules; {
        nextcloud1 = makeDockerConfig {
          hostname = "nextcloud1";
          volume = {
            # "ssh://192.168.20.28/btrfs/hdd" = btrbkSecondary {
            #   target-dir = "/btrfs/hdd/@snapshots";
            #   subvolumes = nextcloudSubvolumes;
            # };
            "/btrfs/hdd" = btrbkPrimary {
              subvolumes = nextcloudSubvolumes;
            };
          };
          baseModule = rockPro64v2;
        };

        nextcloud2 = makeDockerConfig {
          hostname = "nextcloud2";
          volume = {
            "ssh://192.168.20.21/btrfs/hdd" = btrbkSecondary {
              target-dir = "/btrfs/hdd/@snapshots";
              subvolumes = nextcloudSubvolumes;
            };
            # "/btrfs/hdd" = btrbkPrimary {
            #   subvolumes = nextcloudSubvolumes;
            # };
          };
          baseModule = rockPro64v2;
        };

        redtail1 = makeDockerConfig {
          hostname = "redtail1";
          volume = {
            "ssh://192.168.20.24/btrfs/ssd" = btrbkSecondary {
              target-dir = "/btrfs/ssd/@snapshots";
              subvolumes = postgresSubvolumes;
            };
            # "/btrfs/ssd" = btrbkPrimary {
            #   subvolumes = postgresSubvolumes;
            # };
          };
          baseModule = rock64;
        };

        redtail2 = makeDockerConfig {
          hostname = "redtail2";
          volume = {
            # "ssh://192.168.20.23/btrfs/ssd" = btrbkSecondary {
            #   target-dir = "/btrfs/ssd/@snapshots";
            #   subvolumes = postgresSubvolumes;
            # };
            "/btrfs/ssd" = btrbkPrimary {
              subvolumes = postgresSubvolumes;
            };
          };
          baseModule = rock64;
        };

        whitestorm1 = makeDockerConfig {
          hostname = "whitestorm1";
          volume = {
            # "ssh://192.168.20.11/btrfs/ssd" = btrbkSecondary {
            #   target-dir = "/btrfs/ssd/@snapshots";
            #   subvolumes = postgresSubvolumes;
            # };
            "/btrfs/ssd" = btrbkPrimary {
              subvolumes = postgresSubvolumes;
            };
          };
          baseModule = rock64;
        };

        whitestorm2 = makeDockerConfig {
          hostname = "whitestorm2";
          volume = {
            "ssh://192.168.20.26/btrfs/ssd" = btrbkSecondary {
              target-dir = "/btrfs/ssd/@snapshots";
              subvolumes = postgresSubvolumes;
            };
            # "/btrfs/ssd" = btrbkPrimary {
            #   subvolumes = postgresSubvolumes;
            # };
          };
          baseModule = rock64;
        };
      };

      deploy.nodes.nextcloud2 = deployer {
        hostname = "192.168.20.28";
        configuration = self.nixosConfigurations.nextcloud2;
      };
    };
}
Initial flake 2023-01-25 01:58:10 +00:00			`{`
			`description = "A very basic flake";`

			`inputs = {`
Add secrets 2023-01-26 03:26:30 +00:00			`deploy-rs = {`
			`url = "github:serokell/deploy-rs";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`image-builder.url = "git+https://git.asonix.dog/asonix/nixos-aarch64-images";`
Add secrets 2023-01-26 03:26:30 +00:00			`nixpkgs.url = "github:nixos/nixpkgs/master";`
			`sops-nix = {`
			`url = "github:Mic92/sops-nix";`
			`inputs.nixpkgs.follows = "nixpkgs";`
			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`};`

Add secrets 2023-01-26 03:26:30 +00:00			`outputs = { self, deploy-rs, image-builder, nixpkgs, sops-nix }:`
Start configuring btrbk for nextcloud2 TODO: - cron to run btrbk hourly - format and mount drives 2023-01-25 04:23:29 +00:00			`let`
			`pkgs = import nixpkgs {`
			`system = "aarch64-linux";`
			`};`

			`btrbkPrimary = { subvolumes ? [ ] }: {`
			`snapshot_dir = "@snapshots";`
			`subvolume = builtins.foldl'`
			`(acc: subvol: acc // {`
			`${subvol} = { };`
			`})`
			`{ }`
			`subvolumes;`
			`};`

			`btrbkSecondary = { target-dir, subvolumes ? [ ] }: {`
			`target = "send-receive ${target-dir}";`
			`subvolume = builtins.foldl'`
			`(acc: subvol: acc // {`
			`${subvol} = {`
			`snapshot_dir = "@snapshots";`
			`snapshot_preserve_min = "all";`
			`snapshot_create = "no";`
			`};`
			`})`
			`{ }`
			`subvolumes;`
			`};`

			`nextcloudSubvolumes = [`
			`"@nc-config"`
			`"@nc-data"`
			`"@postgres"`
			`"@redis"`
			`"@gitea"`
			`"@gitea-conf"`
			`"@pihole"`
			`"@papermc"`
			`"@docker-cfg"`
			`"@garage"`
			`"@garage-config"`
			`];`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00
Add other node configurations 2023-01-25 05:08:04 +00:00			`postgresSubvolumes = [`
			`"postgres"`
			`"postgres-cfg"`
			`];`

Add secrets 2023-01-26 03:26:30 +00:00			`sharedModule = ({ config, ... }: {`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`services.openssh.settings.PasswordAuthentication = false;`
Working deploy for nextcloud2 2023-01-25 02:46:51 +00:00
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)`
			`boot.loader.grub.enable = false;`
			`# Enables the generation of /boot/extlinux/extlinux.conf`
			`boot.loader.generic-extlinux-compatible.enable = true;`
Working deploy for nextcloud2 2023-01-25 02:46:51 +00:00
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`fileSystems."/" =`
Working deploy for nextcloud2 2023-01-25 02:46:51 +00:00			`{`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";`
			`fsType = "ext4";`
			`};`
Start configuring btrbk for nextcloud2 TODO: - cron to run btrbk hourly - format and mount drives 2023-01-25 04:23:29 +00:00
			`environment.systemPackages = with pkgs; [`
			`btrbk`
Add secrets 2023-01-26 03:26:30 +00:00			`];`

			`sops = {`
Keyfile is string, not path 2023-01-26 04:51:32 +00:00			`age.keyFile = "/home/asonix/.config/sops/age/keys.txt";`
Add secrets 2023-01-26 03:26:30 +00:00			`age.generateKey = true;`
			`secrets.private_key = {`
			`format = "yaml";`
Add userModule, add --impure 2023-01-26 03:46:52 +00:00			`sopsFile = ./secrets/btrbk.yaml;`
Add secrets 2023-01-26 03:26:30 +00:00			`};`
			`secrets.btrfsKeyFile = {`
			`format = "binary";`
Add userModule, add --impure 2023-01-26 03:46:52 +00:00			`sopsFile = ./secrets/keyfile.bin;`
Add secrets 2023-01-26 03:26:30 +00:00			`};`
			`};`
Start configuring btrbk for nextcloud2 TODO: - cron to run btrbk hourly - format and mount drives 2023-01-25 04:23:29 +00:00
			`services.btrbk = {`
			`sshAccess = [`
			`{`
			`key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTqU3EvTgY5/e9m6YyQWypQPK58t9iPmPnPYAvnODGB asonix@lionheart";`
			`roles = [ "source" "info" "send" ];`
			`}`
			`];`
			`extraPackages = with pkgs; [ xz ];`
			`instances.btrbk.settings = {`
			`transaction_log = "/var/log/btrbk.log";`
			`stream_buffer = "512m";`
			`snapshot_preserve_min = "2d";`
			`snapshot_preserve = "35d 20w 12m";`
			`target_preserve_min = "24h";`
			`target_preserve = "24h 7d";`
			`archive_preserve_min = "latest";`
			`archive_preserve = "12m 10y";`
			`ssh_user = "btrbk";`
Add secrets 2023-01-26 03:26:30 +00:00			`ssh_identity = config.sops.secrets.private_key.path;`
Start configuring btrbk for nextcloud2 TODO: - cron to run btrbk hourly - format and mount drives 2023-01-25 04:23:29 +00:00			`backend_remote = "btrfs-progs-sudo";`
			`};`
			`};`
Add secrets 2023-01-26 03:26:30 +00:00			`});`
Initial flake 2023-01-25 01:58:10 +00:00
Add userModule, add --impure 2023-01-26 03:46:52 +00:00			`makeDockerConfig = { hostname, volume, baseModule }: with image-builder.packages.aarch64-linux.modules; nixpkgs.lib.nixosSystem {`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`system = "aarch64-linux";`
			`modules = [`
Add secrets 2023-01-26 03:26:30 +00:00			`sops-nix.nixosModules.sops`
Add other node configurations 2023-01-25 05:08:04 +00:00			`baseModule`
Add secrets 2023-01-26 03:26:30 +00:00			`sharedModule`
Add userModule, add --impure 2023-01-26 03:46:52 +00:00			`userModule`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`{`
Add secrets 2023-01-26 03:26:30 +00:00			`environment.systemPackages = with pkgs; [`
			`docker`
			`docker-compose`
			`];`

Add other node configurations 2023-01-25 05:08:04 +00:00			`networking.hostName = hostname;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`virtualisation.docker.enable = true;`

			`services.btrbk.instances.btrbk.settings.volume = volume;`
			`}`
			`];`
			`};`

			`deployer = { hostname, configuration }: {`
			`hostname = hostname;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`profiles.system = {`
Add secrets 2023-01-26 03:26:30 +00:00			`sshUser = "asonix";`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`user = "root";`
Add secrets 2023-01-26 03:26:30 +00:00			`magicRollback = false;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`sshOpts = [`
			`"-i"`
Add secrets 2023-01-26 03:26:30 +00:00			`"/home/asonix/.ssh/kube-rsa"`
			`"-t"`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`];`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`path = deploy-rs.lib.aarch64-linux.activate.nixos configuration;`
Move shared out of let-in 2023-01-25 02:49:00 +00:00			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`};`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`in`
			`{`
Add other node configurations 2023-01-25 05:08:04 +00:00			`nixosConfigurations = with image-builder.packages.aarch64-linux.modules; {`
			`nextcloud1 = makeDockerConfig {`
			`hostname = "nextcloud1";`
			`volume = {`
			`# "ssh://192.168.20.28/btrfs/hdd" = btrbkSecondary {`
			`# target-dir = "/btrfs/hdd/@snapshots";`
			`# subvolumes = nextcloudSubvolumes;`
			`# };`
			`"/btrfs/hdd" = btrbkPrimary {`
			`subvolumes = nextcloudSubvolumes;`
			`};`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`};`
Add other node configurations 2023-01-25 05:08:04 +00:00			`baseModule = rockPro64v2;`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`};`

Add other node configurations 2023-01-25 05:08:04 +00:00			`nextcloud2 = makeDockerConfig {`
			`hostname = "nextcloud2";`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`volume = {`
			`"ssh://192.168.20.21/btrfs/hdd" = btrbkSecondary {`
			`target-dir = "/btrfs/hdd/@snapshots";`
			`subvolumes = nextcloudSubvolumes;`
			`};`
			`# "/btrfs/hdd" = btrbkPrimary {`
			`# subvolumes = nextcloudSubvolumes;`
			`# };`
			`};`
Add other node configurations 2023-01-25 05:08:04 +00:00			`baseModule = rockPro64v2;`
Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`};`

Add other node configurations 2023-01-25 05:08:04 +00:00			`redtail1 = makeDockerConfig {`
			`hostname = "redtail1";`
			`volume = {`
			`"ssh://192.168.20.24/btrfs/ssd" = btrbkSecondary {`
			`target-dir = "/btrfs/ssd/@snapshots";`
			`subvolumes = postgresSubvolumes;`
			`};`
			`# "/btrfs/ssd" = btrbkPrimary {`
			`# subvolumes = postgresSubvolumes;`
			`# };`
			`};`
			`baseModule = rock64;`
			`};`

			`redtail2 = makeDockerConfig {`
			`hostname = "redtail2";`
			`volume = {`
			`# "ssh://192.168.20.23/btrfs/ssd" = btrbkSecondary {`
			`# target-dir = "/btrfs/ssd/@snapshots";`
			`# subvolumes = postgresSubvolumes;`
			`# };`
			`"/btrfs/ssd" = btrbkPrimary {`
			`subvolumes = postgresSubvolumes;`
			`};`
			`};`
			`baseModule = rock64;`
			`};`

			`whitestorm1 = makeDockerConfig {`
			`hostname = "whitestorm1";`
			`volume = {`
			`# "ssh://192.168.20.11/btrfs/ssd" = btrbkSecondary {`
			`# target-dir = "/btrfs/ssd/@snapshots";`
			`# subvolumes = postgresSubvolumes;`
			`# };`
			`"/btrfs/ssd" = btrbkPrimary {`
			`subvolumes = postgresSubvolumes;`
			`};`
			`};`
			`baseModule = rock64;`
			`};`

			`whitestorm2 = makeDockerConfig {`
			`hostname = "whitestorm2";`
			`volume = {`
			`"ssh://192.168.20.26/btrfs/ssd" = btrbkSecondary {`
			`target-dir = "/btrfs/ssd/@snapshots";`
			`subvolumes = postgresSubvolumes;`
			`};`
			`# "/btrfs/ssd" = btrbkPrimary {`
			`# subvolumes = postgresSubvolumes;`
			`# };`
			`};`
			`baseModule = rock64;`
			`};`
			`};`

Extract shared nextcloud logic 2023-01-25 04:55:24 +00:00			`deploy.nodes.nextcloud2 = deployer {`
			`hostname = "192.168.20.28";`
			`configuration = self.nixosConfigurations.nextcloud2;`
			`};`
Initial flake 2023-01-25 01:58:10 +00:00			`};`
			`}`