From 54447480e5d16fb21881e1e3b7880d3ef3fd21fd Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 6 Jun 2025 15:10:34 +0200 Subject: [PATCH 1/6] feat: allow `violet` to log into user account --- hosts/dandelion/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 98e0a49..93d87f7 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -12,6 +12,10 @@ ./../../modules/services/dandelion.nix ]; + users.users.liv.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOLdcB5JFWx6OK2BAr8J0wPHNhr2VP2/Ci6fv3a+DPfo liv@violet" # allow violet to log in over ssh to do back ups + ]; + networking.hostName = "dandelion"; liv.server.enable = true; From 4da11942eb1a7931802841ac04b146605980424b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 6 Jun 2025 15:12:40 +0200 Subject: [PATCH 2/6] feat: add backup job for home folder on `violet` --- hosts/violet/default.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hosts/violet/default.nix b/hosts/violet/default.nix index f1fd5d8..b0c9dcc 100644 --- a/hosts/violet/default.nix +++ b/hosts/violet/default.nix @@ -11,6 +11,15 @@ ./../../modules/services/violet.nix ]; + services.borgbackup.jobs.liv-violet = { + paths = "/home/liv"; + encryption.mode = "none"; + environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519"; + repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/servers/liv-violet"; + compression = "auto,zstd"; + startAt = "daily"; + }; + networking.hostName = "violet"; nixpkgs.config.permittedInsecurePackages = [ From b953c86a2f20336e604b1354966aa507902d98b9 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 6 Jun 2025 15:29:10 +0200 Subject: [PATCH 3/6] chore: tidy up config a bit; move things around --- hosts/violet/default.nix | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/hosts/violet/default.nix b/hosts/violet/default.nix index b0c9dcc..8aa285d 100644 --- a/hosts/violet/default.nix +++ b/hosts/violet/default.nix @@ -9,17 +9,9 @@ ./hardware-configuration.nix ./../../modules/core/default.server.nix ./../../modules/services/violet.nix + # ./backups.nix # disable for now, test first. ]; - services.borgbackup.jobs.liv-violet = { - paths = "/home/liv"; - encryption.mode = "none"; - environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519"; - repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/servers/liv-violet"; - compression = "auto,zstd"; - startAt = "daily"; - }; - networking.hostName = "violet"; nixpkgs.config.permittedInsecurePackages = [ @@ -33,15 +25,16 @@ pkgs.kitty.terminfo ]; - services.smartd = { - enable = lib.mkForce false; - autodetect = lib.mkForce false; + services = { + smartd = { + enable = lib.mkForce false; + autodetect = lib.mkForce false; + }; + xserver.videoDrivers = [ "nvidia" ]; }; liv.nvidia.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - boot = { loader.grub = { enable = true; From 71a6033d2aa580281ae4b8ebebdbd1fca620090c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 6 Jun 2025 15:29:28 +0200 Subject: [PATCH 4/6] feat: set burst limit a little higher for ntfy --- modules/services/ntfy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/ntfy.nix b/modules/services/ntfy.nix index 19c3fba..bdd592e 100644 --- a/modules/services/ntfy.nix +++ b/modules/services/ntfy.nix @@ -12,7 +12,7 @@ in listen-http = "127.0.0.1:${toString port}"; behind-proxy = true; visitor-attachment-daily-bandwidth-limit = "10M"; - visitor-request-limit-burst = 5; + visitor-request-limit-burst = 15; visitor-request-limit-replenish = "15s"; }; }; From 80094a68275a42550c01bea1b071bb45f8b0cc23 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 6 Jun 2025 15:29:41 +0200 Subject: [PATCH 5/6] feat: enable tailscale on `violet` --- modules/services/violet.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 85b483d..5c43ba1 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -20,6 +20,7 @@ ++ [ (import ./nginx.nix) ] # ++ [(import ./komga.nix)] ++ [ (import ./radicale.nix) ] + ++ [ (import ./tailscale.nix) ] ++ [ (import ./readarr.nix) ]; # ++ [(import ./smart-monitoring.nix)] # ++ [(import ./jitsi-meet.nix)] From 1b514a44c25426d4a08e39c11b4e340f3e42758b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 6 Jun 2025 15:30:31 +0200 Subject: [PATCH 6/6] feat: adds bare `borg-backup` service for `violet` --- hosts/violet/backups.nix | 54 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 hosts/violet/backups.nix diff --git a/hosts/violet/backups.nix b/hosts/violet/backups.nix new file mode 100644 index 0000000..d8183e5 --- /dev/null +++ b/hosts/violet/backups.nix @@ -0,0 +1,54 @@ +let + borgbackupMonitor = + { + config, + pkgs, + lib, + ... + }: + with lib; + { + key = "borgbackupMonitor"; + _file = "borgbackupMonitor"; + config.systemd.services = + { + "notify-problems@" = { + enable = true; + serviceConfig.User = "liv"; + environment.SERVICE = "%i"; + script = '' + ${pkgs.curl}/bin/curl -d "$SERVICE FAILED! - service $SERVICE on host $(hostname) failed, run journalctl -u $SERVICE for details." + ''; + }; + } + // flip mapAttrs' config.services.borgbackup.jobs ( + name: value: + nameValuePair "borgbackup-job-${name}" { + unitConfig.OnFailure = "notify-problems@%i.service"; + } + ); + + # optional, but this actually forces backup after boot in case laptop was powered off during scheduled event + # for example, if you scheduled backups daily, your laptop should be powered on at 00:00 + config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs ( + name: value: + nameValuePair "borgbackup-job-${name}" { + timerConfig.Persistent = true; + } + ); + }; + +in +{ + imports = [ borgbackupMonitor ]; + services = { + borgbackup.jobs.liv-violet = { + paths = "/home/liv"; + encryption.mode = "none"; + environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519"; + repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/hosts/violet"; + compression = "auto,zstd"; + startAt = "daily"; + }; + }; +}