Merge branch 'main' of ssh://codeberg.org/dnscio/nix-config

Justfile

@@ -1,5 +1,5 @@
 deploy:
-  nixos-rebuild switch --flake .
+  git add . && git commit -am "new revision" && nixos-rebuild switch --flake .
 
 debug:
   nixos-rebuild switch --flake . --show-trace --verbose
@@ -26,7 +26,7 @@ gc:
 
 # dnsc-air
 mre:
-  darwin-rebuild switch --flake .
+  if ! git diff --quiet || ! git diff --staged --quiet; then git add . && git commit -am "new revision"; fi && darwin-rebuild switch --flake .
 
 mup:
   darwin-rebuild switch --recreate-lock-file --flake .

hosts/dnsc-air/default.nix

@@ -24,6 +24,7 @@
     description = "Dennis Schoepf";
   };
   nix.settings.trusted-users = [ "dennis" ];
+  security.pam.services.sudo_local.touchIdAuth = true;
 
   # Device specific overlays
   nixpkgs.overlays = [ ];
@@ -63,6 +64,7 @@
   homebrew.casks = lib.mkAfter ([
     "cyberduck"
     "krita"
+    "darktable"
   ]);
 
   # Shells

hosts/dnsc-server/default.nix

@@ -18,6 +18,7 @@
     ../../modules/actual-server
     ../../modules/immich
     ../../modules/cockpit
+    ../../modules/backrest
   ];
 
   # General
@@ -35,7 +36,9 @@
   # Secrets
   age = {
     identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ];
-    secrets."restic/password".file = ../../secrets/restic/password.age;
+    secrets."restic/password" = {
+      file = ../../secrets/restic/password.age;
+    };
   };
 
   # Nix Settings
@@ -64,10 +67,12 @@
     allowedTCPPorts = [
       22
       443
+      9004
     ];
     allowedUDPPorts = [
       22
       443
+      9004
     ];
   };
 
@@ -147,6 +152,10 @@
       reverse_proxy http://127.0.0.1:9003
       tls internal
     '';
+    virtualHosts."backup.home.lan".extraConfig = ''
+      reverse_proxy http://127.0.0.1:9004
+      tls internal
+    '';
   };
 
   # Environment variables

modules/backrest/default.nix

@@ -0,0 +1,98 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  # Declarative backrest config referencing the existing restic repo.
+  # The password is read at runtime from the agenix secret path via
+  # BACKREST_VAR_RESTIC_PASSWORD, which backrest expands as ${RESTIC_PASSWORD}
+  # inside the repo env block.
+  backrestConfig = builtins.toJSON {
+    version = 4;
+    modno = 1;
+    instance = "dnsc-server";
+    repos = [
+      {
+        id = "dnsc-storage";
+        uri = "sftp:dnsc-storage:restic/dnsc-server";
+        env = [ "RESTIC_PASSWORD_FILE=${config.age.secrets."restic/password".path}" ];
+        flags = [
+          "-o 'sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new'"
+        ];
+        autoInitialize = false;
+        guid = "15448172d015919712f015508d40e28d13db4c9e877bf545454c8289ad621069";
+        prunePolicy = {
+          schedule = {
+            disabled = true;
+          };
+        };
+        checkPolicy = {
+          schedule = {
+            disabled = true;
+          };
+        };
+      }
+    ];
+    plans = [
+      {
+        id = "dnsc-storage-plan";
+        repo = "dnsc-storage";
+        paths = config.services.restic.backups."dnsc-storage".paths;
+        schedule = {
+          disabled = true;
+        };
+        retention = {
+          policyKeepLastN = 3;
+        };
+      }
+    ];
+    auth = {
+      disabled = true;
+    };
+  };
+in
+{
+  environment.systemPackages = lib.mkAfter (
+    with pkgs;
+    [
+      backrest
+    ]
+  );
+
+  # Write the declarative config into the backrest state dir at activation time.
+  # The file must be in a writable location because backrest creates a .bak
+  # alongside it when migrating. /var/lib/backrest is owned by the backrest user.
+  system.activationScripts.backrestConfig = {
+    deps = [ "users" ];
+    text = ''
+      install -d -m 750 /var/lib/backrest
+      install -m 640 \
+        ${pkgs.writeText "backrest-config.json" backrestConfig} \
+        /var/lib/backrest/config.json
+    '';
+  };
+
+  systemd.services.backrest = {
+    enable = true;
+    description = "Restic GUI";
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    environment = {
+      BACKREST_PORT = "9004";
+      BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic";
+      BACKREST_CONFIG = "/var/lib/backrest/config.json";
+      BACKREST_DATA = "/var/lib/backrest/data";
+    };
+
+    serviceConfig = {
+      Type = "simple";
+      User = "root";
+      ExecStart = "${pkgs.backrest}/bin/backrest";
+      Restart = "on-failure";
+      RestartSec = "5s";
+    };
+  };
+}

modules/macos/default.nix

@@ -21,7 +21,7 @@
         orientation = "right";
         show-recents = false;
         persistent-apps = [
-          "/Applications/Zen.app"
+          "/Applications/Helium.app"
           "/Applications/Ghostty.app"
           "/System/Applications/System Settings.app/"
         ];

modules/nixvim/editing.nix

@@ -56,15 +56,7 @@
   };
 
   extraPlugins = [
-    (pkgs.vimUtils.buildVimPlugin {
-      name = "edge.vim";
-      src = pkgs.fetchFromGitHub {
-        "owner" = "Yohannfra";
-        "repo" = "edge.vim";
-        "rev" = "c5a165269d2643c12e62841776e8ba55e0f05e28";
-        "hash" = "sha256-nXXcg2ggYN75ZSOgB8isxCbN8YigldO05Ja0/WigjAs=";
-      };
-    })
+    pkgs.vimPlugins.vim-cool
   ];
 
   autoCmd = [

modules/nixvim/lsp.nix

@@ -17,6 +17,11 @@
         package = pkgs.nil;
         packageFallback = true;
       };
+      gopls = {
+        enable = true;
+        package = pkgs.gopls;
+        packageFallback = true;
+      };
       ts_ls = {
         enable = true;
         package = pkgs.typescript-language-server;
@@ -41,6 +46,7 @@
         enable = true;
         package = pkgs.astro-language-server;
         packageFallback = true;
+        config.init_options.typescript.tsdk = "${pkgs.typescript}/lib/node_modules/typescript/lib";
       };
       eslint = {
         enable = true;

modules/nixvim/statusline.nix

@@ -26,34 +26,31 @@
             };
           }
         ];
+        lualine_b = [
+          {
+            __unkeyed-1 = "filename";
+            file_status = true;
+            newfile_status = false;
+            path = 4;
+            shorting_target = 120;
+            symbols = {
+              modified = "[+]";
+              readonly = "[-]";
+              unnamed = "[No Name]";
+              newfile = "[New]";
+            };
+          }
+          "encoding"
+        ];
+        lualine_y = [
+          "branch"
+          "diff"
+          "diagnostics"
+        ];
+        lualine_z = [
+          "location"
+        ];
       };
-      lualine_b = [
-        {
-          __unkeyed-1 = "filename";
-          file_status = true;
-          newfile_status = false;
-          path = 1;
-          shorting_target = 120;
-          symbols = {
-            modified = "[+]";
-            readonly = "[-]";
-            unnamed = "[No Name]";
-            newfile = "[New]";
-          };
-        }
-        "encoding"
-      ];
-      lualine_c = [ ];
-      lualine_x = [ ];
-      lualine_y = [
-        "branch"
-        "diff"
-        "diagnostics"
-      ];
-      lualine_z = [
-        "location"
-        "progress"
-      ];
     };
 
     # Sets up my custom colorscheme

modules/restic/default.nix

@@ -24,7 +24,6 @@
       repository = "sftp:dnsc-storage:restic/dnsc-server";
       createWrapper = true;
       paths = [
-        "/home/dennis/notes"
         "/main/share"
         "/data/actual-server"
       ];
@@ -32,7 +31,7 @@
         "--keep-last 3"
       ];
       timerConfig = {
-        onCalendar = "daily";
+        OnCalendar = "daily";
         Persistent = true;
         RandomizedDelaySec = "5h";
       };

modules/tmuxinator/personal-layouts/dnsc.yml

@@ -0,0 +1,11 @@
+name: dnsc-io
+root: ~/dev/dnsc-io
+windows:
+  - dev:
+      layout: main-horizontal
+      panes:
+        - nvim +"lua Snacks.picker.files({ hidden = true })"
+  - run:
+      layout: main-vertical
+      panes:
+        - "pnpm dev"