Create backuphost Bragi

flake.lock

@@ -21,11 +21,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1698882062,
-        "narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
+        "lastModified": 1704152458,
+        "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
+        "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
         "type": "github"
       },
       "original": {
@@ -53,11 +53,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1697303681,
-        "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=",
+        "lastModified": 1703656108,
+        "narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5",
+        "rev": "033643a45a4a920660ef91caa391fbffb14da466",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1695910380,
-        "narHash": "sha256-CyzeiXQGm8ceEOSK1dffBCfO7JNp8XhQeNkUiJ5HxgY=",
-        "ref": "master",
-        "rev": "84783b661ecf33927c534b6476beb74ea3308968",
-        "revCount": 572,
+        "lastModified": 1703666786,
+        "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
+        "ref": "refs/heads/master",
+        "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
+        "revCount": 575,
         "type": "git",
         "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git"
       },
@@ -91,11 +91,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1699099776,
-        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
+        "lastModified": 1703961334,
+        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
+        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
         "type": "github"
       },
       "original": {
@@ -138,11 +138,11 @@
     "nixpkgs-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1698611440,
-        "narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
+        "lastModified": 1703961334,
+        "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
+        "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
         "type": "github"
       },
       "original": {
@@ -155,11 +155,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1699110214,
-        "narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=",
+        "lastModified": 1703950681,
+        "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee",
+        "rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
         "type": "github"
       },
       "original": {
@@ -178,11 +178,11 @@
         "nixpkgs-stable": []
       },
       "locked": {
-        "lastModified": 1699271226,
-        "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
+        "lastModified": 1703939133,
+        "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
+        "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
         "type": "github"
       },
       "original": {
@@ -209,11 +209,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1699252567,
-        "narHash": "sha256-WCzEBCu17uXilT9OZ3XSy/c4Gk/j3L7AUxBRHzNlQ4Y=",
+        "lastModified": 1703991717,
+        "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "0a9d5e41f6013a1b8b66573822f9beb827902968",
+        "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
         "type": "github"
       },
       "original": {

nixos/machines/bragi/configuration.nix

@@ -0,0 +1,15 @@
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../../roles
+    ../../roles/hardware.nix
+    ./network.nix
+    ../../modules/borgbackup.nix
+  ];
+
+  services.mathebau-borgbackup.enable = true;
+
+  # System configuration here
+  networking.hostName = "bragi";
+  system.stateVersion = "23.11";
+}

nixos/machines/bragi/hardware-configuration.nix

@@ -0,0 +1,32 @@
+{lib, ...}: {
+  imports = [];
+
+  fileSystems."/" = {
+    device = "gha-root";
+    fsType = "tmpfs";
+    options = ["size=1G" "mode=755"];
+  };
+  fileSystems."/persist" = {
+    device = "/dev/disk/by-uuid/b75e52a1-deee-45d4-b958-086bdaeb4fa4"; #TODO
+    fsType = "btrfs";
+    options = ["subvol=persist"];
+    neededForBoot = true;
+  };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/6b86ec51-b854-4227-9b05-c8e15f7b2e62"; #TODO
+    fsType = "ext4";
+  };
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/b75e52a1-deee-45d4-b958-086bdaeb4fa4"; #TODO
+    fsType = "btrfs";
+    options = ["subvol=nix"];
+  };
+
+  #  swapDevices = [{device = "/dev/disk/by-uuid/";}]; #TODO
+
+  boot.loader.grub.device = "/dev/sda";
+
+  nix.settings.max-jobs = lib.mkDefault 4;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

nixos/machines/bragi/network.nix

@@ -0,0 +1,16 @@
+# We sohuld put that config somewhere in roles and give it a parameter or something,
+# everyone gets the same nameserver and the same prefixLength and address vs defaultGateway alsways
+# depend on the same thing
+{
+  imports = [];
+  networking = {
+    interfaces.enp0s25.ipv4.addresses = [
+      {
+        address = "192.168.1.11";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = "192.168.1.137";
+    nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
+  };
+}

nixos/machines/ghatanothoa/configuration.nix

@@ -3,6 +3,7 @@
     ./hardware-configuration.nix
     ../../modules/jitsi.nix
     ../../roles
+    ../../roles/vm.nix
     ./network.nix
   ];
 

nixos/modules/borgbackup.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit
+    (lib)
+    mkIf
+    mkEnableOption
+    ;
+  cfg = config.services.mathebau-borgbackup;
+in {
+  imports = [];
+
+  options.services.mathebau-borgbackup = {
+    enable = mkEnableOption "mathebau borgbackup service";
+  };
+
+  config = mkIf cfg.enable {
+    services.borgbackup = {
+      repos = {
+        cthulhu = {
+          authorizedKeys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSJl1MvabUADTdOCgufsBzn1tIIpxMq4iDcYZsaW1lV Cthulhu Backup"
+          ];
+          path = "/var/lib/cthulhu";
+        };
+      };
+    };
+  };
+}

nixos/roles/default.nix

@@ -1,16 +1,15 @@
 {
   pkgs,
   lib,
-  modulesPath,
   ...
 }: {
   imports = [
     ./admins.nix
     ./nix_keys.nix
     ./prometheusNodeExporter.nix
-    (modulesPath + "/virtualisation/xen-domU.nix")
     ../modules/impermanence.nix
   ];
+
   nix = {
     extraOptions = ''
       experimental-features = nix-command flakes

nixos/roles/hardware.nix

@@ -0,0 +1,5 @@
+{
+  # Bootloader
+  boot.loader.grub.enable = true;
+  #  boot.loader.efi.canTouchEfiVariables = true;
+}

nixos/roles/vm.nix

@@ -0,0 +1,8 @@
+{
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/virtualisation/xen-domU.nix")
+  ];
+}