diff --git a/Justfile b/Justfile index 05e7029..a6ab3df 100644 --- a/Justfile +++ b/Justfile @@ -1,5 +1,5 @@ deploy: - nixos-rebuild switch --flake . + git add . && git commit -am "new revision" && nixos-rebuild switch --flake . debug: nixos-rebuild switch --flake . --show-trace --verbose @@ -26,7 +26,7 @@ gc: # dnsc-air mre: - darwin-rebuild switch --flake . + if ! git diff --quiet || ! git diff --staged --quiet; then git add . && git commit -am "new revision"; fi && darwin-rebuild switch --flake . mup: darwin-rebuild switch --recreate-lock-file --flake . diff --git a/hosts/dnsc-air/default.nix b/hosts/dnsc-air/default.nix index f56019a..a65306d 100644 --- a/hosts/dnsc-air/default.nix +++ b/hosts/dnsc-air/default.nix @@ -24,6 +24,7 @@ description = "Dennis Schoepf"; }; nix.settings.trusted-users = [ "dennis" ]; + security.pam.services.sudo_local.touchIdAuth = true; # Device specific overlays nixpkgs.overlays = [ ]; @@ -63,6 +64,7 @@ homebrew.casks = lib.mkAfter ([ "cyberduck" "krita" + "darktable" ]); # Shells diff --git a/hosts/dnsc-server/default.nix b/hosts/dnsc-server/default.nix index c41a194..07e5bee 100644 --- a/hosts/dnsc-server/default.nix +++ b/hosts/dnsc-server/default.nix @@ -18,6 +18,7 @@ ../../modules/actual-server ../../modules/immich ../../modules/cockpit + ../../modules/backrest ]; # General @@ -35,7 +36,9 @@ # Secrets age = { identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; - secrets."restic/password".file = ../../secrets/restic/password.age; + secrets."restic/password" = { + file = ../../secrets/restic/password.age; + }; }; # Nix Settings @@ -64,10 +67,12 @@ allowedTCPPorts = [ 22 443 + 9004 ]; allowedUDPPorts = [ 22 443 + 9004 ]; }; @@ -147,6 +152,10 @@ reverse_proxy http://127.0.0.1:9003 tls internal ''; + virtualHosts."backup.home.lan".extraConfig = '' + reverse_proxy http://127.0.0.1:9004 + tls internal + ''; }; # Environment variables diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix new file mode 100644 index 0000000..c4da165 --- /dev/null +++ b/modules/backrest/default.nix @@ -0,0 +1,98 @@ +{ + config, + pkgs, + lib, + ... +}: +let + # Declarative backrest config referencing the existing restic repo. + # The password is read at runtime from the agenix secret path via + # BACKREST_VAR_RESTIC_PASSWORD, which backrest expands as ${RESTIC_PASSWORD} + # inside the repo env block. + backrestConfig = builtins.toJSON { + version = 4; + modno = 1; + instance = "dnsc-server"; + repos = [ + { + id = "dnsc-storage"; + uri = "sftp:dnsc-storage:restic/dnsc-server"; + env = [ "RESTIC_PASSWORD_FILE=${config.age.secrets."restic/password".path}" ]; + flags = [ + "-o 'sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new'" + ]; + autoInitialize = false; + guid = "15448172d015919712f015508d40e28d13db4c9e877bf545454c8289ad621069"; + prunePolicy = { + schedule = { + disabled = true; + }; + }; + checkPolicy = { + schedule = { + disabled = true; + }; + }; + } + ]; + plans = [ + { + id = "dnsc-storage-plan"; + repo = "dnsc-storage"; + paths = config.services.restic.backups."dnsc-storage".paths; + schedule = { + disabled = true; + }; + retention = { + policyKeepLastN = 3; + }; + } + ]; + auth = { + disabled = true; + }; + }; +in +{ + environment.systemPackages = lib.mkAfter ( + with pkgs; + [ + backrest + ] + ); + + # Write the declarative config into the backrest state dir at activation time. + # The file must be in a writable location because backrest creates a .bak + # alongside it when migrating. /var/lib/backrest is owned by the backrest user. + system.activationScripts.backrestConfig = { + deps = [ "users" ]; + text = '' + install -d -m 750 /var/lib/backrest + install -m 640 \ + ${pkgs.writeText "backrest-config.json" backrestConfig} \ + /var/lib/backrest/config.json + ''; + }; + + systemd.services.backrest = { + enable = true; + description = "Restic GUI"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + BACKREST_PORT = "9004"; + BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic"; + BACKREST_CONFIG = "/var/lib/backrest/config.json"; + BACKREST_DATA = "/var/lib/backrest/data"; + }; + + serviceConfig = { + Type = "simple"; + User = "root"; + ExecStart = "${pkgs.backrest}/bin/backrest"; + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; +} diff --git a/modules/macos/default.nix b/modules/macos/default.nix index 0b317ce..070655b 100644 --- a/modules/macos/default.nix +++ b/modules/macos/default.nix @@ -21,7 +21,7 @@ orientation = "right"; show-recents = false; persistent-apps = [ - "/Applications/Zen.app" + "/Applications/Helium.app" "/Applications/Ghostty.app" "/System/Applications/System Settings.app/" ]; diff --git a/modules/nixvim/editing.nix b/modules/nixvim/editing.nix index 35bae90..e86452f 100644 --- a/modules/nixvim/editing.nix +++ b/modules/nixvim/editing.nix @@ -56,15 +56,7 @@ }; extraPlugins = [ - (pkgs.vimUtils.buildVimPlugin { - name = "edge.vim"; - src = pkgs.fetchFromGitHub { - "owner" = "Yohannfra"; - "repo" = "edge.vim"; - "rev" = "c5a165269d2643c12e62841776e8ba55e0f05e28"; - "hash" = "sha256-nXXcg2ggYN75ZSOgB8isxCbN8YigldO05Ja0/WigjAs="; - }; - }) + pkgs.vimPlugins.vim-cool ]; autoCmd = [ diff --git a/modules/nixvim/lsp.nix b/modules/nixvim/lsp.nix index 5efa53f..5129969 100644 --- a/modules/nixvim/lsp.nix +++ b/modules/nixvim/lsp.nix @@ -17,6 +17,11 @@ package = pkgs.nil; packageFallback = true; }; + gopls = { + enable = true; + package = pkgs.gopls; + packageFallback = true; + }; ts_ls = { enable = true; package = pkgs.typescript-language-server; @@ -41,6 +46,7 @@ enable = true; package = pkgs.astro-language-server; packageFallback = true; + config.init_options.typescript.tsdk = "${pkgs.typescript}/lib/node_modules/typescript/lib"; }; eslint = { enable = true; diff --git a/modules/nixvim/statusline.nix b/modules/nixvim/statusline.nix index b430787..9fa7c72 100644 --- a/modules/nixvim/statusline.nix +++ b/modules/nixvim/statusline.nix @@ -26,34 +26,31 @@ }; } ]; + lualine_b = [ + { + __unkeyed-1 = "filename"; + file_status = true; + newfile_status = false; + path = 4; + shorting_target = 120; + symbols = { + modified = "[+]"; + readonly = "[-]"; + unnamed = "[No Name]"; + newfile = "[New]"; + }; + } + "encoding" + ]; + lualine_y = [ + "branch" + "diff" + "diagnostics" + ]; + lualine_z = [ + "location" + ]; }; - lualine_b = [ - { - __unkeyed-1 = "filename"; - file_status = true; - newfile_status = false; - path = 1; - shorting_target = 120; - symbols = { - modified = "[+]"; - readonly = "[-]"; - unnamed = "[No Name]"; - newfile = "[New]"; - }; - } - "encoding" - ]; - lualine_c = [ ]; - lualine_x = [ ]; - lualine_y = [ - "branch" - "diff" - "diagnostics" - ]; - lualine_z = [ - "location" - "progress" - ]; }; # Sets up my custom colorscheme diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 1578ca1..ffe2efe 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -24,7 +24,6 @@ repository = "sftp:dnsc-storage:restic/dnsc-server"; createWrapper = true; paths = [ - "/home/dennis/notes" "/main/share" "/data/actual-server" ]; @@ -32,7 +31,7 @@ "--keep-last 3" ]; timerConfig = { - onCalendar = "daily"; + OnCalendar = "daily"; Persistent = true; RandomizedDelaySec = "5h"; }; diff --git a/modules/tmuxinator/personal-layouts/dnsc.yml b/modules/tmuxinator/personal-layouts/dnsc.yml new file mode 100644 index 0000000..c182d28 --- /dev/null +++ b/modules/tmuxinator/personal-layouts/dnsc.yml @@ -0,0 +1,11 @@ +name: dnsc-io +root: ~/dev/dnsc-io +windows: + - dev: + layout: main-horizontal + panes: + - nvim +"lua Snacks.picker.files({ hidden = true })" + - run: + layout: main-vertical + panes: + - "pnpm dev"