From 550ce08e41f16820e0d3a107a15e7598505e09ee Mon Sep 17 00:00:00 2001
From: Lukas Wurzinger <lukas@wrz.one>
Date: Mon, 26 Feb 2024 19:27:27 +0100
Subject: [PATCH] backups

---
 flake.nix                  |   5 ++++-
 hosts/abacus/nextcloud.nix |  14 --------------
 hosts/glacier/default.nix  |   1 +
 hosts/vessel/backup.nix    |  29 ++++++++++++++++++++++++++---
 hosts/vessel/default.nix   |  14 ++++----------
 secrets/restic-vessel.age  | Bin 0 -> 557 bytes
 secrets/secrets.nix        |   1 +
 7 files changed, 36 insertions(+), 28 deletions(-)
 create mode 100644 secrets/restic-vessel.age

diff --git a/flake.nix b/flake.nix
index 5933369..46c96ed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,7 +17,10 @@
 
     mkSystem = name: class:
       nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs;};
+        specialArgs = {
+          inherit inputs;
+          attrName = name;
+        };
         modules = [
           inputs.impermanence.nixosModules.impermanence
           inputs.agenix.nixosModules.default
diff --git a/hosts/abacus/nextcloud.nix b/hosts/abacus/nextcloud.nix
index 069c5d0..6f66f8e 100644
--- a/hosts/abacus/nextcloud.nix
+++ b/hosts/abacus/nextcloud.nix
@@ -9,20 +9,6 @@
     group = "nextcloud";
   };
 
-  system.fsPackages = [pkgs.sshfs];
-  fileSystems."${config.services.nextcloud.home}/data/${config.services.nextcloud.config.adminuser}/files/remote" = {
-    device = "u385962@u385962.your-storagebox.de:/";
-    fsType = "sshfs";
-    options = [
-      "allow_other"
-      "IdentityFile=/persist/etc/ssh/ssh_host_ed25519_key"
-      "_netdev"
-      "reconnect"
-      "ServerAliveInterval=15"
-      "x-systemd.automount"
-    ];
-  };
-
   services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud28;
diff --git a/hosts/glacier/default.nix b/hosts/glacier/default.nix
index adeb5d3..2bd6dc8 100644
--- a/hosts/glacier/default.nix
+++ b/hosts/glacier/default.nix
@@ -1,4 +1,5 @@
 {
+  attrName,
   inputs,
   modulesPath,
   ...
diff --git a/hosts/vessel/backup.nix b/hosts/vessel/backup.nix
index 9575618..4da3ef6 100644
--- a/hosts/vessel/backup.nix
+++ b/hosts/vessel/backup.nix
@@ -1,8 +1,12 @@
 {
-  pkgs,
+  attrName,
+  config,
   lib,
+  pkgs,
   ...
-}: {
+}: let
+  safePath = "/srv/storage/safe";
+in {
   systemd.timers.local-backup = {
     description = "Local rsync Backup";
     wantedBy = ["timers.target"];
@@ -17,7 +21,7 @@
     description = "Local rsync Backup";
     serviceConfig = {
       Type = "oneshot";
-      ExecStart = ''${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/'';
+      ExecStart = "${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/";
       User = "root";
       Group = "root";
     };
@@ -28,4 +32,23 @@
     fsType = "btrfs";
     options = ["subvol=main" "compress=zstd" "noatime"];
   };
+
+  age.secrets."restic-${attrName}".file = ../../secrets/restic-lukas.age;
+
+  services.restic.backups.${attrName} = {
+    repostiory = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
+    initialize = true;
+    paths = [safePath];
+    passwordFile = config.age.secrets."restic-${attrName}".path;
+    pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
+    extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key'"];
+  };
+
+  systemd.tmpfiles.settings = {
+    "10-storage-safe".${safePath}.d = {
+      user = "root";
+      group = "root";
+      mode = "0755";
+    };
+  };
 }
diff --git a/hosts/vessel/default.nix b/hosts/vessel/default.nix
index bdb2d04..2912ebc 100644
--- a/hosts/vessel/default.nix
+++ b/hosts/vessel/default.nix
@@ -10,24 +10,18 @@
     inputs.hardware.nixosModules.common-gpu-intel
     inputs.hardware.nixosModules.common-pc-ssd
 
-    ./backup.nix
-    ./blocky.nix
+    # ./backup.nix
+    # ./blocky.nix
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
   boot = {
-    initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
     kernelModules = ["kvm-intel"];
   };
 
   system.stateVersion = "24.05";
 
-  powerManagement.cpuFreqGovernor = "performance";
-
-  fileSystems."/srv/storage" = {
-    device = "/dev/disk/by-label/storage";
-    fsType = "btrfs";
-    options = ["subvol=main" "compress=zstd" "noatime"];
-  };
+  powerManagement.cpuFreqGovernor = "powersave";
 }
diff --git a/secrets/restic-vessel.age b/secrets/restic-vessel.age
new file mode 100644
index 0000000000000000000000000000000000000000..d1a469e93154d1ebd9219632e36e50cdfa558786
GIT binary patch
literal 557
zcmZY2yRwr&002;H#viatA7jD|5NMpqLP(ZeAY?-V=@QtmyuxF7gg93Ab~YA%fsL)D
zmE$;Lsf{0CW2N17M(gYOfpZA(0H3|G%d0RuKgr5q*s#ptX^&De!2S)-vr-SKi*4EV
z)O};kQ|xSz7xQbRu^2jf4A7xk5wYwWAlYJ|b~%YMhA)~{lGjo&CN_WL=vq?+eOHb`
zBPtV{<jZS)>J|YdF!*ol`>kd50+cGJdM^1WRL$|sfL6xQmM<q}Yl;m#NJ51#WBq8U
zkl{Q!=Y%StUTA{xNEmf!H<Q=mEhNGr5T=44qpg{hEX&>BcxVd$Hl@4PnpUvN2swQ-
z@$4kjDzZMUPT3Z^n{=pSI?*->m_Y_})&}OlO|F~${G4J7oCrSpFal$_sHhx96>)3l
zvdgpk8%jrsIqk)qx^Ss=J)0OPUb6R)=2r?W7JD87X_&SSF=KC+PZEy7bEVkEw%0Z?
zZ}AH-y(m_CtQPLlAI%RlU5H{Ntc=>uDKi)hdfhUIvTC%V7Ah-Jfjx+$^q2@<VNfmW
z&uaEWuM<(#MVEQ`2d&oR*ZT)A^w@?!%x?5s_vwdkKb^0yKi<84cK7D{m*=0~%~p@?
JN3R}!`U~8lz0Uvu

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 406f733..263fb3d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -17,4 +17,5 @@ in {
   "mail-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
   "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
   "nextcloud-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
+  "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
 }