ctucx.git: nixfiles

configurations/common/programs/scripts: rename to nix-cleanup, move backupScript to machine `briefkasten`

diff --git a/configurations/common/common.nix b/configurations/common/common.nix
@@ -20,7 +20,7 @@ in {
     ctucxConfig.programs.shellUtilities
     ctucxConfig.programs.networkUtilities
 
-    ctucxConfig.programs.scripts
+    ctucxConfig.programs.nix-cleanup
   ];
 
   time.timeZone = "Europe/Berlin";

diff --git a/configurations/common/programs/nix-cleanup.nix b/configurations/common/programs/nix-cleanup.nix
@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+
+{
+
+  home-manager.users.katja.home.packages = [ (pkgs.writeShellScriptBin "nix-cleanup" ''
+    set -eu
+
+    # Delete everything from this profile that isn't currently needed
+    nix-env --delete-generations old
+
+    # Delete generations older than a week
+    nix-collect-garbage
+    nix-collect-garbage --delete-older-than 7d
+
+    # Optimize
+    nix-store --gc --print-dead
+    nix-store --optimise
+  '') ];
+
+}

diff --git a/configurations/common/programs/scripts.nix b/configurations/common/programs/scripts.nix
@@ -1,145 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let
-  nix-cleanup = pkgs.writeShellScriptBin "nix-cleanup" ''
-    set -eu
-
-    # Delete everything from this profile that isn't currently needed
-    nix-env --delete-generations old
-
-    # Delete generations older than a week
-    nix-collect-garbage
-    nix-collect-garbage --delete-older-than 7d
-
-    # Optimize
-    nix-store --gc --print-dead
-    nix-store --optimise
-  '';
-
-  backupToSSD = pkgs.writeShellScriptBin "backupToSSD" ''
-    set -euo pipefail
-    IFS=$'\n\t'
-
-    function repeatCharacter {
-      local count="$1";
-      local character="$2";
-
-      for (( i = 0; i < "$count"; ++i ))
-      do
-        echo -n "$character";
-      done
-      echo "";
-    }
-
-    function printEnd {
-      echo "";
-    }
-
-    function printStep {
-      repeatCharacter $(expr ''${#1} + 3) "#";
-      echo -e "$1";
-      repeatCharacter $(expr ''${#1} + 3) "#";
-    }
-
-    function checkRequirements {
-      # check if root
-      if [ "$USER" != "root" ]; then
-        echo "This script needs to be executed by root!";
-        exit;
-      fi
-
-      # check for disk
-      if [ ! -e /dev/disk/by-uuid/f5e319eb-a68b-4b21-9154-73404acb8bd1 ]; then
-        echo "Backup drive is not connected!";
-        exit;
-      fi
-    }
-
-    function mountDrive {
-      printStep "Mount backup-drive!"
-
-      mkdir -p /mnt/backup;
-      ${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-uuid/f5e319eb-a68b-4b21-9154-73404acb8bd1 backup;
-      mount /dev/mapper/backup /mnt/backup;
-
-      printEnd;
-    }
-
-    function unmountDrive {
-      sync;
-      if grep -qs '/dev/mapper/backup ' /proc/mounts; then
-        printStep "Unmount backup-drive!";
-        umount /dev/mapper/backup;
-        ${pkgs.cryptsetup}/bin/cryptsetup luksClose backup;
-        sync;
-      fi
-      echo "done!";
-    }
-
-    function copyResticRepos {
-      printStep "Copying /var/lib/restic to the backup-drive";
-
-      ${pkgs.rsync}/bin/rsync -ah --partial --delete --info=progress2 /nix/persist/var/lib/restic/ /mnt/backup/restic-servers/;
-      sync;
-
-      printEnd;
-    }
-
-    function resticBackupFolder {
-      printStep "Backing up '$2' to the backup-drive";
-
-      mkdir -p /mnt/backup/restic-$HOSTNAME;
-
-      # check if password-file exists, if not create it
-      if [ ! -e /mnt/backup/restic-$HOSTNAME/$1.restic-passwd ]; then
-        echo -e "$(${pkgs.pwgen}/bin/pwgen -N1 -B 32)" > /mnt/backup/restic-$HOSTNAME/$1.restic-passwd;
-        sync;
-      fi
-
-      # check if restic repo is initialized, if not initialize it
-      if ! ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 snapshots &>/dev/null; then
-        ${pkgs.restic}/bin/restic --quiet --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
-          init;
-        sync;
-      fi;
-
-      #do the backup
-      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
-        backup $2;
-      sync;
-
-      #cleanup
-      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
-        forget --keep-within-daily 14d --keep-within-weekly 2m --keep-within-monthly 2y --keep-within-yearly 99y;
-      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
-        prune;
-      sync;
-
-      printEnd;
-    }
-
-    trap unmountDrive EXIT;
-    checkRequirements;
-    mountDrive;
-
-    copyResticRepos;
-
-    #restic backups
-    resticBackupFolder audiobooks /nix/persist/home/katja/syncthing/Audiobooks;
-    resticBackupFolder bahn-richtlinien /nix/persist/home/katja/syncthing/Bahn-Richtlinien;
-    resticBackupFolder documents /nix/persist/home/katja/syncthing/Documents;
-    resticBackupFolder media-legacy /nix/persist/home/katja/syncthing/Media\ \(legacy\);
-    resticBackupFolder music /nix/persist/home/katja/syncthing/Music;
-    resticBackupFolder music-originals /nix/persist/home/katja/syncthing/Music\ \(Originals\);
-    resticBackupFolder pictures /nix/persist/home/katja/syncthing/Pictures;
-    resticBackupFolder videos /nix/persist/home/katja/syncthing/Videos;
-    resticBackupFolder wiki /nix/persist/home/katja/syncthing/Wiki;
-  '';
-
-in {
-
-  home-manager.users.katja.home.packages = [ nix-cleanup ] ++ lib.optionals ( config.nixpkgs.system == "x86_64-linux") [
-    backupToSSD
-  ];
-
-}

diff --git a/machines/briefkasten/backupScript.nix b/machines/briefkasten/backupScript.nix
@@ -0,0 +1,125 @@
+{ pkgs, ... }:
+
+{
+
+  environment.systemPackages = [ (pkgs.writeShellScriptBin "backupToSSD" ''
+    set -euo pipefail
+    IFS=$'\n\t'
+
+    function repeatCharacter {
+      local count="$1";
+      local character="$2";
+
+      for (( i = 0; i < "$count"; ++i ))
+      do
+        echo -n "$character";
+      done
+      echo "";
+    }
+
+    function printEnd {
+      echo "";
+    }
+
+    function printStep {
+      repeatCharacter $(expr ''${#1} + 3) "#";
+      echo -e "$1";
+      repeatCharacter $(expr ''${#1} + 3) "#";
+    }
+
+    function checkRequirements {
+      # check if root
+      if [ "$USER" != "root" ]; then
+        echo "This script needs to be executed by root!";
+        exit;
+      fi
+
+      # check for disk
+      if [ ! -e /dev/disk/by-uuid/f5e319eb-a68b-4b21-9154-73404acb8bd1 ]; then
+        echo "Backup drive is not connected!";
+        exit;
+      fi
+    }
+
+    function mountDrive {
+      printStep "Mount backup-drive!"
+
+      mkdir -p /mnt/backup;
+      ${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-uuid/f5e319eb-a68b-4b21-9154-73404acb8bd1 backup;
+      mount /dev/mapper/backup /mnt/backup;
+
+      printEnd;
+    }
+
+    function unmountDrive {
+      sync;
+      if grep -qs '/dev/mapper/backup ' /proc/mounts; then
+        printStep "Unmount backup-drive!";
+        umount /dev/mapper/backup;
+        ${pkgs.cryptsetup}/bin/cryptsetup luksClose backup;
+        sync;
+      fi
+      echo "done!";
+    }
+
+    function copyResticRepos {
+      printStep "Copying /var/lib/restic to the backup-drive";
+
+      ${pkgs.rsync}/bin/rsync -ah --partial --delete --info=progress2 /nix/persist/var/lib/restic/ /mnt/backup/restic-servers/;
+      sync;
+
+      printEnd;
+    }
+
+    function resticBackupFolder {
+      printStep "Backing up '$2' to the backup-drive";
+
+      mkdir -p /mnt/backup/restic-$HOSTNAME;
+
+      # check if password-file exists, if not create it
+      if [ ! -e /mnt/backup/restic-$HOSTNAME/$1.restic-passwd ]; then
+        echo -e "$(${pkgs.pwgen}/bin/pwgen -N1 -B 32)" > /mnt/backup/restic-$HOSTNAME/$1.restic-passwd;
+        sync;
+      fi
+
+      # check if restic repo is initialized, if not initialize it
+      if ! ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 snapshots &>/dev/null; then
+        ${pkgs.restic}/bin/restic --quiet --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
+          init;
+        sync;
+      fi;
+
+      #do the backup
+      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
+        backup $2;
+      sync;
+
+      #cleanup
+      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
+        forget --keep-within-daily 14d --keep-within-weekly 2m --keep-within-monthly 2y --keep-within-yearly 99y;
+      ${pkgs.restic}/bin/restic --cleanup-cache --password-file  /mnt/backup/restic-$HOSTNAME/$1.restic-passwd --repo /mnt/backup/restic-$HOSTNAME/$1 \
+        prune;
+      sync;
+
+      printEnd;
+    }
+
+    trap unmountDrive EXIT;
+    checkRequirements;
+    mountDrive;
+
+    copyResticRepos;
+
+    #restic backups
+    resticBackupFolder audiobooks /nix/persist/home/katja/syncthing/Audiobooks;
+    resticBackupFolder bahn-richtlinien /nix/persist/home/katja/syncthing/Bahn-Richtlinien;
+    resticBackupFolder documents /nix/persist/home/katja/syncthing/Documents;
+    resticBackupFolder media-legacy /nix/persist/home/katja/syncthing/Media\ \(legacy\);
+    resticBackupFolder music /nix/persist/home/katja/syncthing/Music;
+    resticBackupFolder music-originals /nix/persist/home/katja/syncthing/Music\ \(Originals\);
+    resticBackupFolder pictures /nix/persist/home/katja/syncthing/Pictures;
+    resticBackupFolder videos /nix/persist/home/katja/syncthing/Videos;
+    resticBackupFolder wiki /nix/persist/home/katja/syncthing/Wiki;
+  '') ];
+  
+}+
\ No newline at end of file

diff --git a/machines/briefkasten/default.nix b/machines/briefkasten/default.nix
@@ -23,6 +23,7 @@
 
       # syncthing (and it's backup)
       ./syncthing.nix
+      ./backupScript.nix
 
       ./scanner-sftp.nix
     ];

@@ -44,25 +45,14 @@
       # seems to make realtek ethernet faster?
       kernelParams = [ "pcie_aspm=off" ];
 
-      initrd.network = {
-        enable = true;
-        ssh    = {
-          enable         = true;
-          port           = 22;
-          hostKeys       = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
-          authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
-        };
-
-        postCommands = ''
-          echo 'cryptsetup-askpass' >> /root/.profile
-
-          sysctl -w net.ipv6.conf.enp1s0.autoconf=0
-          sysctl -w net.ipv6.conf.enp1s0.accept_ra=0
-
-          ip link set dev enp1s0 up
-          ip addr add 10.0.0.1/8 dev enp1s0
-          ip addr add 2a03:4000:4d:5e:acab::1/112 dev enp1s0
-        '';
+      initrd.systemd.enable = true;
+      initrd.systemd.strip  = false;
+
+      initrd.network.ssh    = {
+        enable         = true;
+        port           = 22;
+        hostKeys       = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
+        authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
       };
 
     };