diff --git a/flake.nix b/flake.nix index 28842a3..0120be8 100644 --- a/flake.nix +++ b/flake.nix @@ -71,14 +71,16 @@ # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; environment.systemPackages = with pkgs; [ + bottom btrbk + cryptsetup + htop ]; sops = { @@ -102,30 +104,33 @@ } ]; extraPackages = with pkgs; [ xz ]; - instances.btrbk.settings = { - transaction_log = "/var/log/btrbk.log"; - stream_buffer = "512m"; - snapshot_preserve_min = "2d"; - snapshot_preserve = "35d 20w 12m"; - target_preserve_min = "24h"; - target_preserve = "24h 7d"; - archive_preserve_min = "latest"; - archive_preserve = "12m 10y"; - ssh_user = "btrbk"; - ssh_identity = config.sops.secrets.private_key.path; - backend_remote = "btrfs-progs-sudo"; + instances.btrbk = { + onCalendar = "hourly"; + settings = { + transaction_log = "/var/log/btrbk.log"; + stream_buffer = "512m"; + snapshot_preserve_min = "2d"; + snapshot_preserve = "35d 20w 12m"; + target_preserve_min = "24h"; + target_preserve = "24h 7d"; + archive_preserve_min = "latest"; + archive_preserve = "12m 10y"; + ssh_user = "btrbk"; + ssh_identity = config.sops.secrets.private_key.path; + backend_remote = "btrfs-progs-sudo"; + }; }; }; }); - makeDockerConfig = { hostname, volume, baseModule }: with image-builder.packages.aarch64-linux.modules; nixpkgs.lib.nixosSystem { + makeDockerConfig = { hostname, volume, baseModule, extraModules ? [ ] }: with image-builder.packages.aarch64-linux.modules; nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ sops-nix.nixosModules.sops baseModule sharedModule userModule - { + ({ config, ... }: { environment.systemPackages = with pkgs; [ docker docker-compose @@ -136,7 +141,31 @@ virtualisation.docker.enable = true; services.btrbk.instances.btrbk.settings.volume = volume; - } + }) + ] ++ extraModules; + }; + + makeNextcloudConfig = { hostname, volume }: with image-builder.packages.aarch64-linux.modules; makeDockerConfig { + inherit hostname; + inherit volume; + baseModule = rockPro64v2; + extraModules = [ + ({ config, ... }: { + environment.etc.crypttab = { + enable = true; + text = '' + cryptdrive1 /dev/sda1 ${config.sops.secrets.btrfsKeyFile.path} luks + cryptdrive2 /dev/sdb1 ${config.sops.secrets.btrfsKeyFile.path} luks + cryptdrive3 /dev/sdc1 ${config.sops.secrets.btrfsKeyFile.path} luks + ''; + }; + + fileSystems."/btrfs/hdd" = { + device = "/dev/mapper/cryptdrive1"; + fsType = "btrfs"; + options = [ "defaults" "compress=zstd" "rw" ]; + }; + }) ]; }; @@ -157,7 +186,7 @@ in { nixosConfigurations = with image-builder.packages.aarch64-linux.modules; { - nextcloud1 = makeDockerConfig { + nextcloud1 = makeNextcloudConfig { hostname = "nextcloud1"; volume = { # "ssh://192.168.20.28/btrfs/hdd" = btrbkSecondary { @@ -168,10 +197,9 @@ subvolumes = nextcloudSubvolumes; }; }; - baseModule = rockPro64v2; }; - nextcloud2 = makeDockerConfig { + nextcloud2 = makeNextcloudConfig { hostname = "nextcloud2"; volume = { "ssh://192.168.20.21/btrfs/hdd" = btrbkSecondary { @@ -182,7 +210,6 @@ # subvolumes = nextcloudSubvolumes; # }; }; - baseModule = rockPro64v2; }; redtail1 = makeDockerConfig {