ctucx.git: nixfiles

ctucx' nixfiles

path: /machines/briefkasten/syncthing.nix 1.46 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
{ config, lib, pkgs, ...}:

let
  backups = {
    audiobooks       = "/nix/persist/home/leah/syncthing/Audiobooks";
    documents        = "/nix/persist/home/leah/syncthing/Documents";
    music-orig       = "/nix/persist/home/leah/syncthing/Music (Originals)";
    music            = "/nix/persist/home/leah/syncthing/Music";
    pictures         = "/nix/persist/home/leah/syncthing/Pictures";
    media            = "/nix/persist/home/leah/syncthing/Media (legacy)";

    bahn-richtlinien = "/nix/persist/home/leah/syncthing/Bahn-Richtlinien";
    blechelse        = "/nix/persist/home/leah/syncthing/Bahn-Blechelse";
    cutieshare       = "/nix/persist/home/leah/syncthing/Cutieshare";
    wiki             = "/nix/persist/home/leah/syncthing/Wiki";
  };

in {

  ctucxConfig.services.syncthing.enable = true;

  age.secrets = lib.mapAttrs' (
    name: path: lib.nameValuePair "restic-syncthing-${name}" {
      file = ./. + "/../../secrets/${config.networking.hostName}/restic/syncthing-${name}.age";
    }
  ) backups;

  systemd.services = lib.mapAttrs' (
    name: path: lib.nameValuePair "restic-backup-syncthing-${name}" {
      serviceConfig.ProtectHome = lib.mkForce false;
    }
  ) backups;


  restic-backups = lib.mapAttrs' (
    name: path: lib.nameValuePair "syncthing-${name}" {
      user         = "leah";
      passwordFile = config.age.secrets."restic-syncthing-${name}".path;
      paths        = [ path ];
      targets      = [ "wanderduene.ctu.cx" ];
    }
  ) backups;

}