move to backup

hosts/dnsc-air/default.nix

@@ -1,89 +0,0 @@
-{
-  inputs,
-  outputs,
-  lib,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    inputs.home-manager.darwinModules.home-manager
-    outputs.nixosModules.base
-    outputs.nixosModules.macos
-    outputs.nixosModules.homebrew
-    outputs.nixosModules.aerospace
-    outputs.nixosModules.direnv
-  ];
-
-  # Device & user-specific settings
-  networking.hostName = "dnsc-air";
-  networking.computerName = "dnsc-air";
-  system.defaults.smb.NetBIOSName = "dnsc-air";
-  users.users."dennis" = {
-    home = "/Users/dennis";
-    description = "Dennis Schoepf";
-  };
-  nix.settings.trusted-users = [ "dennis" ];
-  security.pam.services.sudo_local.touchIdAuth = true;
-
-  # Device specific overlays
-  nixpkgs.overlays = [ ];
-
-  # System Packages
-  environment.systemPackages = lib.mkAfter (
-    with pkgs;
-    [
-      rsync
-      # Some global devtools that are
-      # not included in project flakes
-      tree-sitter
-      nil
-      stylua
-      lua-language-server
-    ]
-  );
-
-  # Install additional homebrew apps
-  homebrew.masApps = {
-    Bitwarden = 1352778147;
-    "Yesterday For Old Reddit" = 1603279883;
-    "Final Cut Pro" = 424389933;
-    Wireguard = 1451685025;
-    Pages = 409201541;
-  };
-
-  homebrew.brews = lib.mkAfter ([
-    "harfbuzz"
-    "openexr"
-    "openjph"
-    "p11-kit"
-    "ca-certificates"
-    "gettext"
-    "yt-dlp"
-  ]);
-
-  homebrew.casks = lib.mkAfter ([
-    "cyberduck"
-    "krita"
-    "darktable"
-  ]);
-
-  # Shells
-  environment.shells = [ pkgs.fish ];
-
-  # Home Manager Setup
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    useGlobalPkgs = true;
-    backupFileExtension = "backup";
-    users = {
-      dennis = import ../../home/darwin.nix;
-    };
-  };
-
-  nix.enable = false;
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-}

hosts/dnsc-machine/default.nix

@@ -1,84 +0,0 @@
-{
-  lib,
-  inputs,
-  outputs,
-  pkgs,
-  ...
-}:
-
-{
-  imports = [
-    # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-    inputs.home-manager.nixosModules.home-manager
-    outputs.nixosModules.base
-    outputs.nixosModules.unix
-    outputs.nixosModules.nvidia
-    outputs.nixosModules.bluetooth
-    outputs.nixosModules.printing
-    outputs.nixosModules.tablet
-    outputs.nixosModules.audio
-    outputs.nixosModules.ly
-    outputs.nixosModules.niriSystem
-    outputs.nixosModules.keyd
-    outputs.nixosModules.steam
-  ];
-
-  # Device specific overlays
-  # Overlays for all devices are defined
-  # in flake.nix
-  nixpkgs.overlays = [
-    (final: prev: {
-      python3Packages = prev.python3Packages // {
-        python-dbusmock =
-          inputs.nixpkgs-backport-fix.legacyPackages.x86_64-linux.python3Packages.python-dbusmock;
-      };
-    })
-  ];
-
-  # General settings
-  networking.hostName = "dnsc-machine";
-  time.timeZone = "Europe/Berlin";
-  services.xserver.xkb.layout = "eu";
-
-  users.users.dennis = {
-    isNormalUser = true;
-    description = "dennis";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnmuxDkpDIku5t1Tykz21u78xoQ7LJR8JEcfth32LGu dennis@dnsc-work"
-    ];
-  };
-
-  # Home Manager
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    backupFileExtension = "backup";
-    users = {
-      dennis = {
-        imports = [
-          inputs.zen-browser.homeModules.beta
-          ../../home/linux.nix
-        ];
-      };
-    };
-  };
-
-  # System Packages
-  environment.systemPackages = lib.mkAfter (with pkgs; [ ]);
-
-  # Enable some services that do not need configuration
-  services.openssh.enable = true;
-  services.udisks2.enable = true;
-  services.tuned.enable = true;
-  services.upower.enable = true;
-  services.udev.packages = with pkgs; [
-    vial
-  ];
-
-  system.stateVersion = "25.05";
-}

hosts/dnsc-machine/hardware-configuration.nix

@@ -1,41 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/30277f94-8b7b-4e91-8438-6815170edfdd";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/4DC9-7AB7";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/9b7564e7-2deb-4432-a4fc-d18d21ef2d11"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp45s0f3u3u4.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/dnsc-server/default.nix

@@ -1,173 +0,0 @@
-{
-  config,
-  inputs,
-  outputs,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    ./hardware-configuration.nix
-    inputs.home-manager.nixosModules.home-manager
-    ../../modules/docker
-    ../../modules/ups
-    ../../modules/restic
-    ../../modules/samba
-    ../../modules/openssh
-    ../../modules/jellyfin
-    ../../modules/actual-server
-    ../../modules/immich
-    ../../modules/cockpit
-    ../../modules/backrest
-  ];
-
-  # General
-  time.timeZone = "Europe/Berlin";
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  # Boot
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.systemd-boot.configurationLimit = 10;
-  boot.supportedFilesystems = [ "zfs" ];
-  boot.zfs.forceImportRoot = false;
-  boot.zfs.extraPools = [ "main" ];
-
-  # Secrets
-  age = {
-    identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ];
-    secrets."restic/password" = {
-      file = ../../secrets/restic/password.age;
-    };
-  };
-
-  # Nix Settings
-  # Perform garbage collection weekly to maintain low disk usage
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 1w";
-  };
-  nix.settings.auto-optimise-store = true;
-
-  programs.bash = {
-    enable = true;
-  };
-
-  # Networking
-  networking.hostName = "dnsc-server";
-  networking.hostId = "380f584e";
-  networking.networkmanager.enable = true;
-  # Fix due to https://github.com/NixOS/nixpkgs/issues/180175
-  systemd.services.NetworkManager-wait-online.enable = false;
-
-  # Firewall
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [
-      22
-      443
-      9004
-    ];
-    allowedUDPPorts = [
-      22
-      443
-      9004
-    ];
-  };
-
-  # My user account
-  users.users.dennis = {
-    description = "dennis";
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnmuxDkpDIku5t1Tykz21u78xoQ7LJR8JEcfth32LGu dennis@dnsc-work"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8LXdDU3C4PcCHb/BEm1xQIZyo2KTR5Dcuw6ni+SxmH dennis@dnsc-machine"
-    ];
-  };
-
-  security.sudo.enable = true;
-
-  # Home Manager Setup
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    backupFileExtension = "backup";
-    users = {
-      dennis = import ../../home/server.nix;
-    };
-  };
-
-  # Enable new Nix CLI and flakes
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  # Install system wide packages
-  environment.systemPackages = with pkgs; [
-    git
-    btop
-    neovim
-    wget
-    jellyfin
-    jellyfin-web
-    jellyfin-ffmpeg
-    usbutils
-    restic
-    mkcert
-    actual-server
-    cockpit
-  ];
-
-  # GnuPG
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  # ZFS
-  services.zfs = {
-    autoSnapshot.enable = true;
-    trim.enable = true;
-  };
-
-  # Caddy
-  services.caddy = {
-    enable = true;
-    virtualHosts."media.home.lan".extraConfig = ''
-      reverse_proxy http://127.0.0.1:8096
-      tls internal
-    '';
-    virtualHosts."finance.home.lan".extraConfig = ''
-      encode gzip zstd
-      reverse_proxy http://127.0.0.1:9002
-      tls internal
-    '';
-    virtualHosts."photos.home.lan".extraConfig = ''
-      reverse_proxy http://127.0.0.1:9003
-      tls internal
-    '';
-    virtualHosts."backup.home.lan".extraConfig = ''
-      reverse_proxy http://127.0.0.1:9004
-      tls internal
-    '';
-  };
-
-  # Environment variables
-  environment.variables.EDITOR = "nvim";
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "24.11";
-}

hosts/dnsc-server/hardware-configuration.nix

@@ -1,40 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/89318ceb-c0c6-47f2-9cad-99612498bd75";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/EE6C-978E";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/9c843b67-418a-4d11-8700-6a0eb866c02c"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/dnsc-vps-sm/default.nix

@@ -1,187 +0,0 @@
-{
-  inputs,
-  outputs,
-  _lib,
-  config,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    ./hardware-configuration.nix
-    ./networking.nix
-    inputs.home-manager.nixosModules.home-manager
-    inputs.ip-whitelist.nixosModules.default
-    ../../modules/openssh
-    ../../modules/vaultwarden
-    ../../modules/uptime-kuma
-    ../../modules/glance
-    ../../modules/docker
-    ../../modules/actual-server
-  ];
-
-  # Secrets
-  age = {
-    identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ];
-    secrets."vaultwarden/env".file = ../../secrets/vaultwarden/env.age;
-    secrets."restic/password".file = ../../secrets/restic/password.age;
-  };
-
-  # Generated automatically
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = true;
-
-  # General
-  time.timeZone = "Europe/Berlin";
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  # Nix Settings
-  nix.gc = {
-    automatic = true;
-    dates = "03:15";
-    options = "-d";
-  };
-  nix.settings.auto-optimise-store = true;
-
-  programs.bash = {
-    enable = true;
-  };
-
-  security.sudo.enable = true;
-
-  # Networking
-  networking.hostName = "dnsc-vps-sm";
-  networking.hostId = "380f585f";
-  networking.domain = "dnsc.io";
-  networking.networkmanager.enable = true;
-  # Fix due to https://github.com/NixOS/nixpkgs/issues/180175
-  systemd.services.NetworkManager-wait-online.enable = false;
-
-  # Firewall
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [
-      22
-      80
-      443
-    ];
-  };
-
-  # My user account
-  users.users.dennis = {
-    description = "dennis";
-    initialPassword = "admin";
-    isNormalUser = true;
-    linger = true;
-    extraGroups = [
-      "wheel"
-      "networkmanager"
-    ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnmuxDkpDIku5t1Tykz21u78xoQ7LJR8JEcfth32LGu dennis@dnsc-work"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8LXdDU3C4PcCHb/BEm1xQIZyo2KTR5Dcuw6ni+SxmH dennis@dnsc-machine"
-    ];
-  };
-
-  # Home Manager Setup
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    backupFileExtension = "backup";
-    users = {
-      dennis = import ../../home/server.nix;
-    };
-  };
-
-  # Enable new Nix CLI and flakes
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  # Install system wide packages
-  environment.systemPackages = with pkgs; [
-    git
-    btop
-    neovim
-    wget
-    docker-compose
-    actual-server
-    restic
-    glance
-    ncdu
-  ];
-
-  # Programs
-  # GnuPG
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
-  # Services
-  # Caddy
-  services.caddy = {
-    enable = true;
-    virtualHosts."www.dnsc.io".extraConfig = ''
-      redir https://dnsc.io{uri}
-    '';
-    virtualHosts."dnsc.io".extraConfig = ''
-      encode gzip
-      file_server
-
-      root * /var/www/homepage
-    '';
-    virtualHosts."slides.dnsc.io".extraConfig = ''
-      encode gzip
-      file_server
-
-      root * /var/www/slides
-    '';
-    virtualHosts."vault.dnsc.io".extraConfig = ''
-      reverse_proxy localhost:8000
-    '';
-    virtualHosts."uptime.dnsc.io".extraConfig = ''
-      reverse_proxy localhost:9000
-    '';
-    virtualHosts."home.dnsc.io".extraConfig = ''
-      reverse_proxy localhost:9001
-    '';
-    virtualHosts."finance.dnsc.io".extraConfig = ''
-      reverse_proxy localhost:9002
-    '';
-  };
-
-  # Restic
-  services.restic.backups.dnsc-vps-sm-backup = {
-    initialize = true;
-    passwordFile = config.age.secrets."restic/password".path;
-    repository = "sftp:u295965@u295965.your-storagebox.de:restic/dnsc-vps-sm";
-    paths = [
-      "/var/backup/vaultwarden"
-    ];
-    pruneOpts = [
-      "--keep-daily 1"
-      "--keep-weekly 3"
-      "--keep-monthly 5"
-      "--keep-yearly 10"
-    ];
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
-    };
-  };
-
-  # Environment variables
-  environment.variables.EDITOR = "nvim";
-
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
-
-  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
-  # and migrated your data accordingly.
-  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "23.11";
-}

hosts/dnsc-vps-sm/hardware-configuration.nix

@@ -1,8 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  boot.loader.grub.device = "/dev/sda";
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
-  boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
-}

hosts/dnsc-vps-sm/networking.nix

@@ -1,33 +0,0 @@
-{ lib, ... }: {
-  # This file was populated at runtime with the networking
-  # details gathered from the active system.
-  networking = {
-    nameservers = [ "8.8.8.8"
- ];
-    defaultGateway = "172.31.1.1";
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "eth0";
-    };
-    dhcpcd.enable = false;
-    usePredictableInterfaceNames = lib.mkForce false;
-    interfaces = {
-      eth0 = {
-        ipv4.addresses = [
-          { address="91.99.21.186"; prefixLength=32; }
-        ];
-        ipv6.addresses = [
-          { address="2a01:4f8:1c1a:cdfb::1"; prefixLength=64; }
-{ address="fe80::9400:4ff:fe27:8245"; prefixLength=64; }
-        ];
-        ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
-        ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
-      };
-
-    };
-  };
-  services.udev.extraRules = ''
-    ATTR{address}=="96:00:04:27:82:45", NAME="eth0"
-
-  '';
-}

hosts/dnsc-work/default.nix

@@ -1,104 +0,0 @@
-{
-  inputs,
-  outputs,
-  pkgs,
-  ...
-}:
-{
-  imports = [
-    inputs.home-manager.darwinModules.home-manager
-    outputs.nixosModules.base
-    outputs.nixosModules.macos
-    outputs.nixosModules.homebrew
-    outputs.nixosModules.aerospace
-    outputs.nixosModules.direnv
-  ];
-
-  # Device & user-specific settings
-  networking.hostName = "dnsc-work";
-  networking.computerName = "dnsc-work";
-  users.users."dennis" = {
-    home = "/Users/dennis";
-    description = "Dennis Schoepf";
-  };
-  nix.settings.trusted-users = [ "dennis" ];
-
-  nixpkgs.overlays = [ ];
-
-  # System Packages
-  environment.systemPackages = with pkgs; [
-    circumflex
-    gh
-    fnm
-    stylua
-    typescript-language-server
-    vscode-langservers-extracted
-    astro-language-server
-    tailwindcss-language-server
-    lua-language-server
-    prettierd
-    eslint_d
-    nil
-    tree-sitter
-    tmux
-    tmuxinator
-    uv
-    # rsync
-  ];
-
-  homebrew.masApps = {
-    Bitwarden = 1352778147;
-    Wireguard = 1451685025;
-    # XCode = 497799835;
-  };
-
-  homebrew.taps = [ "huseyinbabal/tap" ];
-
-  homebrew.brews = [
-    "watchman"
-    "pnpm"
-    "pkg-config"
-    "cairo"
-    "pango"
-    "libpng"
-    "jpeg"
-    "giflib"
-    "librsvg"
-    "pixman"
-    "python-setuptools"
-    "gmp"
-    "rbenv"
-    "mysql@8.0"
-    "huseyinbabal/tap/tredis"
-    "yt-dlp"
-    "minikube"
-  ];
-
-  homebrew.casks = [
-    "microsoft-teams"
-    "1password"
-    "1password-cli"
-    "android-studio"
-    "zulu@17"
-    "postman"
-    "docker-desktop"
-    "google-chrome"
-  ];
-
-  # Shells
-  environment.shells = [ pkgs.fish ];
-
-  # Home Manager Setup
-  home-manager = {
-    extraSpecialArgs = { inherit inputs outputs; };
-    useGlobalPkgs = true;
-    backupFileExtension = "backup";
-    users = {
-      dennis = import ../../home/darwin-work.nix;
-    };
-  };
-
-  # Nix settings
-  # Use determinate systems
-  nix.enable = false;
-}