From 922ab112601f634d62632e8445708cacac6d6291 Mon Sep 17 00:00:00 2001 From: Dennis Date: Thu, 12 Feb 2026 21:07:25 +0100 Subject: [PATCH 01/32] touch id for sudo --- hosts/dnsc-air/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dnsc-air/default.nix b/hosts/dnsc-air/default.nix index f56019a..0f792e5 100644 --- a/hosts/dnsc-air/default.nix +++ b/hosts/dnsc-air/default.nix @@ -24,6 +24,7 @@ description = "Dennis Schoepf"; }; nix.settings.trusted-users = [ "dennis" ]; + security.pam.services.sudo_local.touchIdAuth = true; # Device specific overlays nixpkgs.overlays = [ ]; From 9da7895d697c5f18ee8493058f341e5894fba845 Mon Sep 17 00:00:00 2001 From: Dennis Date: Sun, 15 Feb 2026 16:10:36 +0100 Subject: [PATCH 02/32] helium in dock --- modules/macos/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/macos/default.nix b/modules/macos/default.nix index 0b317ce..070655b 100644 --- a/modules/macos/default.nix +++ b/modules/macos/default.nix @@ -21,7 +21,7 @@ orientation = "right"; show-recents = false; persistent-apps = [ - "/Applications/Zen.app" + "/Applications/Helium.app" "/Applications/Ghostty.app" "/System/Applications/System Settings.app/" ]; From 0f7d18f19990e09c976007b592a8dc038ead0097 Mon Sep 17 00:00:00 2001 From: Dennis Date: Mon, 16 Feb 2026 20:58:44 +0100 Subject: [PATCH 03/32] adds new personal project to tmuxinator --- modules/tmuxinator/personal-layouts/dnsc.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 modules/tmuxinator/personal-layouts/dnsc.yml diff --git a/modules/tmuxinator/personal-layouts/dnsc.yml b/modules/tmuxinator/personal-layouts/dnsc.yml new file mode 100644 index 0000000..5838eba --- /dev/null +++ b/modules/tmuxinator/personal-layouts/dnsc.yml @@ -0,0 +1,11 @@ +name: dnsc +root: ~/dev/dnsc-website +windows: + - dev: + layout: main-horizontal + panes: + - nvim +"lua Snacks.picker.files({ hidden = true })" + - run: + layout: main-vertical + panes: + - "pnpm dev" From 2006462d07838b3f90ff4d0accdd74535ea59489 Mon Sep 17 00:00:00 2001 From: Dennis Date: Mon, 16 Feb 2026 21:25:55 +0100 Subject: [PATCH 04/32] updates template --- modules/tmuxinator/personal-layouts/dnsc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/tmuxinator/personal-layouts/dnsc.yml b/modules/tmuxinator/personal-layouts/dnsc.yml index 5838eba..c182d28 100644 --- a/modules/tmuxinator/personal-layouts/dnsc.yml +++ b/modules/tmuxinator/personal-layouts/dnsc.yml @@ -1,5 +1,5 @@ -name: dnsc -root: ~/dev/dnsc-website +name: dnsc-io +root: ~/dev/dnsc-io windows: - dev: layout: main-horizontal From 677cf34a4b7be33d76ec690002f4df11a8c9998d Mon Sep 17 00:00:00 2001 From: Dennis Date: Mon, 16 Feb 2026 21:30:11 +0100 Subject: [PATCH 05/32] adds astro config --- modules/nixvim/lsp.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixvim/lsp.nix b/modules/nixvim/lsp.nix index 5efa53f..3e2090d 100644 --- a/modules/nixvim/lsp.nix +++ b/modules/nixvim/lsp.nix @@ -41,6 +41,7 @@ enable = true; package = pkgs.astro-language-server; packageFallback = true; + config.init_options.typescript.tsdk = "${pkgs.typescript}/lib/node_modules/typescript/lib"; }; eslint = { enable = true; From cd826bdc04e3adef9fd5657cd46b15a8a760c2e1 Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 18 Feb 2026 09:05:26 +0100 Subject: [PATCH 06/32] enables gopls --- modules/nixvim/lsp.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixvim/lsp.nix b/modules/nixvim/lsp.nix index 7c45f42..52f7a58 100644 --- a/modules/nixvim/lsp.nix +++ b/modules/nixvim/lsp.nix @@ -17,6 +17,11 @@ package = pkgs.nil; packageFallback = true; }; + gopls = { + enable = true; + package = pkgs.gopls; + packageFallback = true; + }; ts_ls = { enable = true; package = pkgs.typescript-language-server; From 831139228a6bd41d99a0a6e53c2e15d8e04e578a Mon Sep 17 00:00:00 2001 From: Dennis Date: Thu, 19 Feb 2026 08:18:24 +0100 Subject: [PATCH 07/32] removes edge.vom and installs vim-cool --- modules/nixvim/editing.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/nixvim/editing.nix b/modules/nixvim/editing.nix index 35bae90..e86452f 100644 --- a/modules/nixvim/editing.nix +++ b/modules/nixvim/editing.nix @@ -56,15 +56,7 @@ }; extraPlugins = [ - (pkgs.vimUtils.buildVimPlugin { - name = "edge.vim"; - src = pkgs.fetchFromGitHub { - "owner" = "Yohannfra"; - "repo" = "edge.vim"; - "rev" = "c5a165269d2643c12e62841776e8ba55e0f05e28"; - "hash" = "sha256-nXXcg2ggYN75ZSOgB8isxCbN8YigldO05Ja0/WigjAs="; - }; - }) + pkgs.vimPlugins.vim-cool ]; autoCmd = [ From 623e2372a0f7ff062d93a88ccdd5941554155720 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 10:05:28 +0100 Subject: [PATCH 08/32] fixes statusline --- modules/nixvim/statusline.nix | 54 +++++++++++++++++------------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/modules/nixvim/statusline.nix b/modules/nixvim/statusline.nix index b430787..2abef71 100644 --- a/modules/nixvim/statusline.nix +++ b/modules/nixvim/statusline.nix @@ -26,34 +26,34 @@ }; } ]; + lualine_b = [ + { + __unkeyed-1 = "filename"; + file_status = true; + newfile_status = false; + path = 1; + shorting_target = 120; + symbols = { + modified = "[+]"; + readonly = "[-]"; + unnamed = "[No Name]"; + newfile = "[New]"; + }; + } + "encoding" + ]; + lualine_c = [ ]; + lualine_x = [ ]; + lualine_y = [ + "branch" + "diff" + "diagnostics" + ]; + lualine_z = [ + "location" + "progress" + ]; }; - lualine_b = [ - { - __unkeyed-1 = "filename"; - file_status = true; - newfile_status = false; - path = 1; - shorting_target = 120; - symbols = { - modified = "[+]"; - readonly = "[-]"; - unnamed = "[No Name]"; - newfile = "[New]"; - }; - } - "encoding" - ]; - lualine_c = [ ]; - lualine_x = [ ]; - lualine_y = [ - "branch" - "diff" - "diagnostics" - ]; - lualine_z = [ - "location" - "progress" - ]; }; # Sets up my custom colorscheme From 5ff17e3a90569add6aa180fbd336ff6902abfcbd Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 10:08:51 +0100 Subject: [PATCH 09/32] configures backrest --- hosts/dnsc-server/default.nix | 1 + modules/backrest/default.nix | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 modules/backrest/default.nix diff --git a/hosts/dnsc-server/default.nix b/hosts/dnsc-server/default.nix index c41a194..c8a7706 100644 --- a/hosts/dnsc-server/default.nix +++ b/hosts/dnsc-server/default.nix @@ -18,6 +18,7 @@ ../../modules/actual-server ../../modules/immich ../../modules/cockpit + ../../modules/backrest ]; # General diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix new file mode 100644 index 0000000..7f3f580 --- /dev/null +++ b/modules/backrest/default.nix @@ -0,0 +1,33 @@ +{ + pkgs, + config, + lib, + ... +}: +{ + environment.systemPackages = lib.mkAfter ( + with pkgs; + [ + backrest + ] + ); + + systemd.user.services.backrest = { + Unit = { + Description = "Restic GUI"; + }; + + Service = { + Environment = [ + "BACKREST_PORT=127.0.0.1:9004" + "BACKREST_RESTIC_COMMAND=${pkgs.restic}/bin/restic" + "BACKREST_CONFIG=${config.home.homeDirectory}/.backrest/config" + "BACKREST_DATA=${config.home.homeDirectory}/.backrest/data" + ]; + ExecStart = "${pkgs.backrest}/bin/backrest"; + Restart = "on-failure"; + RestartSec = "5s"; + wantedBy = [ "multi-user.target" ]; + }; + }; +} From 2274429b2535bbdbc33a6518cbffb3b285defa7f Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 10:11:39 +0100 Subject: [PATCH 10/32] restic --- hosts/dnsc-server/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/dnsc-server/default.nix b/hosts/dnsc-server/default.nix index c8a7706..8036311 100644 --- a/hosts/dnsc-server/default.nix +++ b/hosts/dnsc-server/default.nix @@ -65,10 +65,12 @@ allowedTCPPorts = [ 22 443 + 9004 ]; allowedUDPPorts = [ 22 443 + 9004 ]; }; @@ -148,6 +150,10 @@ reverse_proxy http://127.0.0.1:9003 tls internal ''; + virtualHosts."backup.home.lan".extraConfig = '' + reverse_proxy http://127.0.0.1:9004 + tls internal + ''; }; # Environment variables From 1a2661d0c916153fb399c309b934b88911841c39 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 10:25:21 +0100 Subject: [PATCH 11/32] configures backrest --- modules/backrest/default.nix | 36 ++++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 7f3f580..2296889 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -1,6 +1,5 @@ { pkgs, - config, lib, ... }: @@ -12,22 +11,35 @@ ] ); - systemd.user.services.backrest = { - Unit = { - Description = "Restic GUI"; + users.groups.backrest = { }; + users.users.backrest = { + isSystemUser = true; + group = "backrest"; + home = "/var/lib/backrest"; + createHome = true; + description = "Backrest service user"; + }; + + systemd.services.backrest = { + enable = true; + description = "Restic GUI"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + BACKREST_PORT = "127.0.0.1:9004"; + BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic"; + BACKREST_CONFIG = "/var/lib/backrest/config"; + BACKREST_DATA = "/var/lib/backrest/data"; }; - Service = { - Environment = [ - "BACKREST_PORT=127.0.0.1:9004" - "BACKREST_RESTIC_COMMAND=${pkgs.restic}/bin/restic" - "BACKREST_CONFIG=${config.home.homeDirectory}/.backrest/config" - "BACKREST_DATA=${config.home.homeDirectory}/.backrest/data" - ]; + serviceConfig = { + Type = "simple"; + User = "backrest"; + Group = "backrest"; ExecStart = "${pkgs.backrest}/bin/backrest"; Restart = "on-failure"; RestartSec = "5s"; - wantedBy = [ "multi-user.target" ]; }; }; } From 8fa6fdbc5dfa214bbb7a6891755845ea84f37911 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 10:28:50 +0100 Subject: [PATCH 12/32] only sets port for backrest --- modules/backrest/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 2296889..f3d39bf 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -27,7 +27,7 @@ wantedBy = [ "multi-user.target" ]; environment = { - BACKREST_PORT = "127.0.0.1:9004"; + BACKREST_PORT = "9004"; BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic"; BACKREST_CONFIG = "/var/lib/backrest/config"; BACKREST_DATA = "/var/lib/backrest/data"; From 1873c4c92b70a5acac85a5a86d3594b391d30937 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 10:44:36 +0100 Subject: [PATCH 13/32] fixes restic config --- modules/restic/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 1578ca1..3213d2d 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -32,7 +32,7 @@ "--keep-last 3" ]; timerConfig = { - onCalendar = "daily"; + OnCalendar = "daily"; Persistent = true; RandomizedDelaySec = "5h"; }; From 34c736423f8b24e1082766bfe6747fe9326b7a13 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:15:38 +0100 Subject: [PATCH 14/32] adds declarative json config for backrest --- hosts/dnsc-server/default.nix | 7 +++- modules/backrest/default.nix | 66 ++++++++++++++++++++++++++++++++++- 2 files changed, 71 insertions(+), 2 deletions(-) diff --git a/hosts/dnsc-server/default.nix b/hosts/dnsc-server/default.nix index 8036311..e219bde 100644 --- a/hosts/dnsc-server/default.nix +++ b/hosts/dnsc-server/default.nix @@ -36,7 +36,12 @@ # Secrets age = { identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; - secrets."restic/password".file = ../../secrets/restic/password.age; + secrets."restic/password" = { + file = ../../secrets/restic/password.age; + # backrest reads the password via "file:" in its repo config + group = "backrest"; + mode = "0440"; + }; }; # Nix Settings diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index f3d39bf..a7f1da2 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -1,8 +1,60 @@ { + config, pkgs, lib, ... }: +let + # Declarative backrest config referencing the existing restic repo. + # The password is read at runtime from the agenix secret path via + # BACKREST_VAR_RESTIC_PASSWORD, which backrest expands as ${RESTIC_PASSWORD} + # inside the repo env block. + backrestConfig = builtins.toJSON { + modno = 1; + instance = "dnsc-server"; + repos = [ + { + id = "dnsc-storage"; + uri = "sftp:dnsc-storage:restic/dnsc-server"; + password = "file:${config.age.secrets."restic/password".path}"; + flags = [ + "-o" + "sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new" + ]; + prunePolicy = { + schedule = { + disabled = { }; + }; + }; + checkPolicy = { + schedule = { + disabled = { }; + }; + }; + } + ]; + plans = [ + { + id = "dnsc-storage-plan"; + repo = "dnsc-storage"; + paths = [ + "/home/dennis/notes" + "/main/share" + "/data/actual-server" + ]; + schedule = { + disabled = { }; + }; + retention = { + policyKeepLastN = 3; + }; + } + ]; + auth = { + disabled = true; + }; + }; +in { environment.systemPackages = lib.mkAfter ( with pkgs; @@ -20,6 +72,15 @@ description = "Backrest service user"; }; + # Write the declarative config at activation time. + # The file is owned by root (readable by backrest via group or world-read) + # but we set it 640 and add backrest to read it via the service's User=. + environment.etc."backrest/config.json" = { + text = backrestConfig; + mode = "0440"; + group = "backrest"; + }; + systemd.services.backrest = { enable = true; description = "Restic GUI"; @@ -29,7 +90,7 @@ environment = { BACKREST_PORT = "9004"; BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic"; - BACKREST_CONFIG = "/var/lib/backrest/config"; + BACKREST_CONFIG = "/etc/backrest/config.json"; BACKREST_DATA = "/var/lib/backrest/data"; }; @@ -40,6 +101,9 @@ ExecStart = "${pkgs.backrest}/bin/backrest"; Restart = "on-failure"; RestartSec = "5s"; + # Allow backrest to read root's SSH key for SFTP access + ReadOnlyPaths = [ "/root/.ssh/id_ed25519" ]; + SupplementaryGroups = [ "shadow" ]; }; }; } From f0c2c9d943054a4ac8b4bd039c61b37f84f9a06c Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:17:52 +0100 Subject: [PATCH 15/32] fixes backrest --- modules/backrest/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index a7f1da2..de99b04 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -23,12 +23,12 @@ let ]; prunePolicy = { schedule = { - disabled = { }; + disabled = true; }; }; checkPolicy = { schedule = { - disabled = { }; + disabled = true; }; }; } @@ -43,7 +43,7 @@ let "/data/actual-server" ]; schedule = { - disabled = { }; + disabled = true; }; retention = { policyKeepLastN = 3; From c3645a18bb97ada390c588765035e2df793d3389 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:19:28 +0100 Subject: [PATCH 16/32] fixes backrest --- modules/backrest/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index de99b04..04d5463 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -10,6 +10,7 @@ let # BACKREST_VAR_RESTIC_PASSWORD, which backrest expands as ${RESTIC_PASSWORD} # inside the repo env block. backrestConfig = builtins.toJSON { + version = 4; modno = 1; instance = "dnsc-server"; repos = [ From f158e2c5c6377f5befdf6e8b53252e6e34bfb78c Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:23:36 +0100 Subject: [PATCH 17/32] fixes backrest --- modules/backrest/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 04d5463..9fe3540 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -22,6 +22,7 @@ let "-o" "sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new" ]; + autoInitialize = true; prunePolicy = { schedule = { disabled = true; From ba4d09e0ec81b9b3f1e19e7b01ba0d3d99ecc32e Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:25:04 +0100 Subject: [PATCH 18/32] fixes backrest --- modules/backrest/default.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 9fe3540..758e7dd 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -74,13 +74,17 @@ in description = "Backrest service user"; }; - # Write the declarative config at activation time. - # The file is owned by root (readable by backrest via group or world-read) - # but we set it 640 and add backrest to read it via the service's User=. - environment.etc."backrest/config.json" = { - text = backrestConfig; - mode = "0440"; - group = "backrest"; + # Write the declarative config into the backrest state dir at activation time. + # The file must be in a writable location because backrest creates a .bak + # alongside it when migrating. /var/lib/backrest is owned by the backrest user. + system.activationScripts.backrestConfig = { + deps = [ "users" ]; + text = '' + install -d -m 750 -o backrest -g backrest /var/lib/backrest + install -m 640 -o backrest -g backrest \ + ${pkgs.writeText "backrest-config.json" backrestConfig} \ + /var/lib/backrest/config.json + ''; }; systemd.services.backrest = { @@ -92,7 +96,7 @@ in environment = { BACKREST_PORT = "9004"; BACKREST_RESTIC_COMMAND = "${pkgs.restic}/bin/restic"; - BACKREST_CONFIG = "/etc/backrest/config.json"; + BACKREST_CONFIG = "/var/lib/backrest/config.json"; BACKREST_DATA = "/var/lib/backrest/data"; }; From 6deba662d5a9046b1f1569739a84f209ec3f327a Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:27:08 +0100 Subject: [PATCH 19/32] fixes backrest --- modules/backrest/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 758e7dd..e024557 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -19,8 +19,7 @@ let uri = "sftp:dnsc-storage:restic/dnsc-server"; password = "file:${config.age.secrets."restic/password".path}"; flags = [ - "-o" - "sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new" + "-o sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new" ]; autoInitialize = true; prunePolicy = { From 62fb954b4964f8281c7e8c1c6fc040a2d60639c9 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:30:34 +0100 Subject: [PATCH 20/32] fixes backrest --- modules/backrest/default.nix | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index e024557..9a54c82 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -64,23 +64,14 @@ in ] ); - users.groups.backrest = { }; - users.users.backrest = { - isSystemUser = true; - group = "backrest"; - home = "/var/lib/backrest"; - createHome = true; - description = "Backrest service user"; - }; - # Write the declarative config into the backrest state dir at activation time. # The file must be in a writable location because backrest creates a .bak # alongside it when migrating. /var/lib/backrest is owned by the backrest user. system.activationScripts.backrestConfig = { deps = [ "users" ]; text = '' - install -d -m 750 -o backrest -g backrest /var/lib/backrest - install -m 640 -o backrest -g backrest \ + install -d -m 750 /var/lib/backrest + install -m 640 \ ${pkgs.writeText "backrest-config.json" backrestConfig} \ /var/lib/backrest/config.json ''; @@ -101,14 +92,10 @@ in serviceConfig = { Type = "simple"; - User = "backrest"; - Group = "backrest"; + User = "root"; ExecStart = "${pkgs.backrest}/bin/backrest"; Restart = "on-failure"; RestartSec = "5s"; - # Allow backrest to read root's SSH key for SFTP access - ReadOnlyPaths = [ "/root/.ssh/id_ed25519" ]; - SupplementaryGroups = [ "shadow" ]; }; }; } From eabd5d2bfc6cfd76530d9645cd293c15cac95b24 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:33:44 +0100 Subject: [PATCH 21/32] fixes backrest --- modules/backrest/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 9a54c82..71894f2 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -19,7 +19,7 @@ let uri = "sftp:dnsc-storage:restic/dnsc-server"; password = "file:${config.age.secrets."restic/password".path}"; flags = [ - "-o sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new" + "-o 'sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new'" ]; autoInitialize = true; prunePolicy = { From 6cb7b05336cebb849ed0f39b4fe0bff1598b21f6 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:40:40 +0100 Subject: [PATCH 22/32] fixes backrest --- modules/backrest/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 71894f2..0a2953e 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -21,7 +21,7 @@ let flags = [ "-o 'sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new'" ]; - autoInitialize = true; + autoInitialize = false; prunePolicy = { schedule = { disabled = true; From c46f3a96bd9ef25b7abd3e38064e561b5f19bcc4 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:43:49 +0100 Subject: [PATCH 23/32] fixes backrest --- modules/backrest/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 0a2953e..8651fbe 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -22,6 +22,7 @@ let "-o 'sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new'" ]; autoInitialize = false; + guid = "15448172d015919712f015508d40e28d13db4c9e877bf545454c8289ad621069"; prunePolicy = { schedule = { disabled = true; From 14cd301bcd2d1fcec411e04230ff09bd699c7f22 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:50:54 +0100 Subject: [PATCH 24/32] fixes backrest --- modules/backrest/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 8651fbe..86a080c 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -17,7 +17,7 @@ let { id = "dnsc-storage"; uri = "sftp:dnsc-storage:restic/dnsc-server"; - password = "file:${config.age.secrets."restic/password".path}"; + env = [ "RESTIC_PASSWORD_FILE=${config.age.secrets."restic/password".path}" ]; flags = [ "-o 'sftp.args=-i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new'" ]; From bc8d1140f7021f4e4fd5a58889910124ebaefdb3 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:55:09 +0100 Subject: [PATCH 25/32] fixes backrest --- modules/restic/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 3213d2d..ffe2efe 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -24,7 +24,6 @@ repository = "sftp:dnsc-storage:restic/dnsc-server"; createWrapper = true; paths = [ - "/home/dennis/notes" "/main/share" "/data/actual-server" ]; From c4de5b17367262900b44585aefb97b03b9b934e1 Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 11:58:27 +0100 Subject: [PATCH 26/32] fixes backrest --- modules/backrest/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/backrest/default.nix b/modules/backrest/default.nix index 86a080c..c4da165 100644 --- a/modules/backrest/default.nix +++ b/modules/backrest/default.nix @@ -39,11 +39,7 @@ let { id = "dnsc-storage-plan"; repo = "dnsc-storage"; - paths = [ - "/home/dennis/notes" - "/main/share" - "/data/actual-server" - ]; + paths = config.services.restic.backups."dnsc-storage".paths; schedule = { disabled = true; }; From bfb8353093c1aedb843dbaab55e84a67d6845a1c Mon Sep 17 00:00:00 2001 From: Dennis Date: Fri, 20 Feb 2026 12:12:10 +0100 Subject: [PATCH 27/32] fixes backrest --- hosts/dnsc-server/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/dnsc-server/default.nix b/hosts/dnsc-server/default.nix index e219bde..07e5bee 100644 --- a/hosts/dnsc-server/default.nix +++ b/hosts/dnsc-server/default.nix @@ -38,9 +38,6 @@ identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; secrets."restic/password" = { file = ../../secrets/restic/password.age; - # backrest reads the password via "file:" in its repo config - group = "backrest"; - mode = "0440"; }; }; From 65dd97ce2a9ab3a59def95b9c6280500bd7bcd77 Mon Sep 17 00:00:00 2001 From: Dennis Date: Sat, 21 Feb 2026 20:01:47 +0100 Subject: [PATCH 28/32] adds darktable --- hosts/dnsc-air/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dnsc-air/default.nix b/hosts/dnsc-air/default.nix index 0f792e5..a65306d 100644 --- a/hosts/dnsc-air/default.nix +++ b/hosts/dnsc-air/default.nix @@ -64,6 +64,7 @@ homebrew.casks = lib.mkAfter ([ "cyberduck" "krita" + "darktable" ]); # Shells From e8f0520bd5978fd2c9450ee71cd31501697a5e4a Mon Sep 17 00:00:00 2001 From: Dennis Date: Sun, 22 Feb 2026 23:05:15 +0100 Subject: [PATCH 29/32] adapts commands --- Justfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Justfile b/Justfile index 05e7029..45e0222 100644 --- a/Justfile +++ b/Justfile @@ -1,5 +1,5 @@ deploy: - nixos-rebuild switch --flake . + git add . && git commit -am "new revision" && nixos-rebuild switch --flake . debug: nixos-rebuild switch --flake . --show-trace --verbose @@ -26,7 +26,7 @@ gc: # dnsc-air mre: - darwin-rebuild switch --flake . + git add . && git commit -am "new revision" && darwin-rebuild switch --flake . mup: darwin-rebuild switch --recreate-lock-file --flake . From 31089f9cfeeb862bf788c9a9e8f006091b4ec99d Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 24 Feb 2026 10:24:53 +0100 Subject: [PATCH 30/32] updates statusline --- modules/nixvim/statusline.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nixvim/statusline.nix b/modules/nixvim/statusline.nix index 2abef71..3d04278 100644 --- a/modules/nixvim/statusline.nix +++ b/modules/nixvim/statusline.nix @@ -42,8 +42,6 @@ } "encoding" ]; - lualine_c = [ ]; - lualine_x = [ ]; lualine_y = [ "branch" "diff" @@ -51,7 +49,6 @@ ]; lualine_z = [ "location" - "progress" ]; }; }; From 2d6fd819fef208eca7a5162ff7ffa78d3977f8eb Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 24 Feb 2026 10:25:45 +0100 Subject: [PATCH 31/32] updates statusline --- modules/nixvim/statusline.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixvim/statusline.nix b/modules/nixvim/statusline.nix index 3d04278..9fa7c72 100644 --- a/modules/nixvim/statusline.nix +++ b/modules/nixvim/statusline.nix @@ -31,7 +31,7 @@ __unkeyed-1 = "filename"; file_status = true; newfile_status = false; - path = 1; + path = 4; shorting_target = 120; symbols = { modified = "[+]"; From f51d9a610f061e4cad9871cad3a548d86d2aa322 Mon Sep 17 00:00:00 2001 From: Dennis Date: Tue, 24 Feb 2026 10:28:08 +0100 Subject: [PATCH 32/32] fixes command --- Justfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Justfile b/Justfile index 45e0222..a6ab3df 100644 --- a/Justfile +++ b/Justfile @@ -26,7 +26,7 @@ gc: # dnsc-air mre: - git add . && git commit -am "new revision" && darwin-rebuild switch --flake . + if ! git diff --quiet || ! git diff --staged --quiet; then git add . && git commit -am "new revision"; fi && darwin-rebuild switch --flake . mup: darwin-rebuild switch --recreate-lock-file --flake .