diff --git a/hosts/x86_64-linux/beleth/borg.nix b/hosts/x86_64-linux/beleth/borg.nix new file mode 100644 index 0000000..a8e7230 --- /dev/null +++ b/hosts/x86_64-linux/beleth/borg.nix @@ -0,0 +1,89 @@ +{ config, lib, pkgs, ... }: { + + # + # BACKUP + # Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups" + # 0. Add subaccount on storagebox + # 1. ssh-keygen -t ed25519 -f ~/.ssh/storagebox_nextcloud_data + # 2. pwgen 128 + # 3. Add private key as secret + # 4. add passphrase as secret + # 5. add ssh public key to subaccount on storagebox! + # ssh -p 23 u409248-sub1@u409248-sub1.your-storagebox.de + # 6. set permissions + # .ssh 0700 + # .ssh/authorized_keys 0600 + # + + # Retrieve via 'ssh-keyscan -p 23 u409248-sub1.your-storagebox.de' + programs.ssh.knownHosts = { + "storagebox" = { + hostNames = [ + "[u409248-sub1.your-storagebox.de]:23" + "[u409248-sub2.your-storagebox.de]:23" + ]; + publicKey = '' + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw== + ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw== + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs + ''; + }; + }; + + services.borgbackup.jobs = { + nextcloud_data = { + user = "nextcloud"; + group = "nextcloud"; + paths = [ "${config.services.nextcloud.datadir}" ]; + preHook = '' + ${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --on + ''; + postHook = '' + ${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off + ''; + repo = "u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.age.secrets.backup_nextcloud_data_passphrase.path}"; + }; + environment = { + BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_data_ssh.path}"; + }; + compression = "auto,lzma"; + startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00 + }; + nextcloud_database = { + user = "nextcloud"; + group = "nextcloud"; + dumpCommand = pkgs.writeShellScript "builder.sh" '' + ${config.services.postgresql.package}/bin/pg_dump nextcloud -U nextcloud --no-password + ''; + preHook = '' + ${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --on + ''; + postHook = '' + ${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off + ''; + repo = "u409248-sub2@u409248-sub2.your-storagebox.de:nextcloud_database_backups"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.age.secrets.backup_nextcloud_database_passphrase.path}"; + }; + environment = { + BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_database_ssh.path}"; + }; + compression = "auto,lzma"; + startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00 + }; + }; + + systemd.services."borgbackup-job-nextcloud_data" = { + onFailure = [ "notify-email@%i.service" ]; + onSuccess = [ "notify-email@%i.service" ]; + }; + + systemd.services."borgbackup-job-nextcloud_database" = { + onFailure = [ "notify-email@%i.service" ]; + onSuccess = [ "notify-email@%i.service" ]; + }; +} diff --git a/hosts/x86_64-linux/lilith/default.nix b/hosts/x86_64-linux/lilith/default.nix index 11a1782..56a932e 100644 --- a/hosts/x86_64-linux/lilith/default.nix +++ b/hosts/x86_64-linux/lilith/default.nix @@ -123,10 +123,11 @@ # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; + programs.adb.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.xqtc = { isNormalUser = true; - extraGroups = ["wheel" "docker" "libvirtd"]; # Enable ‘sudo’ for the user. + extraGroups = ["wheel" "docker" "libvirtd" "adbusers" ]; # Enable ‘sudo’ for the user. packages = with pkgs; [nushell clamtk]; shell = pkgs.nushell; };