Merge branch 'master' of github.com:fabianhauser/nix-conf

2020-03-08 15:00:13 +00:00 · 2020-03-08 15:00:13 +00:00 · b98f7dad5f
commit b98f7dad5f
parent 0d7b37af9a bebb3da27a
5 changed files with 210 additions and 0 deletions
--- a/role/backup.nix
+++ b/role/backup.nix
@ -0,0 +1,66 @@
+{
+ systemdMount,
+ borgArchiveFolder,
+ keepWithin? "14d",
+ keepWeekly? "4",
+ keepMonthly? "6",
+ keepYearly? "-1",
+}:
+
+let pkgs = import<nixpkgs>{};
+in
+{
+
+  systemd =  {
+    services.backup = {
+      description = "Backup of all user data and system configuration with BorgBackup";
+      serviceConfig.Type = "oneshot";
+      path = with pkgs; [ bash borgbackup ];
+      script = ''
+        #!/usr/bin/env bash
+        set -euo pipefail
+        IFS=$'\n\t'
+        
+        systemctl start ${systemdMount}
+
+        export BORG_REPO=${borgArchiveFolder} \
+               BORG_BASE_DIR=${borgArchiveFolder}/borg-base-dir
+        
+        echo "Backup started at `date`"
+        borg create --exclude /var/backup \
+                    --exclude /var/tmp \
+                    --exclude /var/cache \
+                    $BORG_REPO::{hostname}-{now} \
+                    /etc \
+                    /home \
+                    /root \
+                    /var
+        
+        sync
+        echo "Backup finished at `date`"
+        
+        echo "Backup prune started at `date`"
+        borg prune --prefix '{hostname}-' \
+                   --keep-within  ${keepWithin} \
+                   --keep-weekly  ${keepWeekly} \
+                   --keep-monthly ${keepMonthly} \
+                   --keep-yearly  ${keepYearly}
+        sync
+        echo "Backup prune finished at `date`"
+
+        systemctl stop ${systemdMount}
+      '';
+    };
+
+    timers.backup = {
+      description = "Backup Schedule";
+
+      timerConfig = {
+        OnCalendar = "13:37";
+        Persistent = "true";
+      };
+
+      wantedBy = [ "timers.target" ];
+    };
+  };
+}
--- a/role/base.nix
+++ b/role/base.nix
@ -3,6 +3,9 @@

 {
  system.autoUpgrade.enable = true;
+  system.autoUpgrade.allowReboot = true;
+
+  boot.loader.timeout = 2;

  i18n = {
    consoleFont = "Lat2-Terminus16";
@ -12,8 +15,12 @@
  
  environment.systemPackages = with pkgs; [
    wget curl vim tmux git ncat bind
+    fwupd pciutils dmidecode smartmontools parted
  ];

+  services.fwupd.enable = true;
+
+
  # Networking
  networking.firewall = {
    allowPing = true;
--- a/role/dropbear.nix
+++ b/role/dropbear.nix
@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+{
+  # Note: This implementation currently only allows eth0 (first interface) with dhcp.
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      port = 2222;
+      # this includes the ssh keys of all users in the wheel group,
+      # but you can just specify some keys manually
+      #authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
+      hostRSAKey = /boot/dropbear_rsa_host_key;
+      hostECDSAKey = /boot/dropbear_ecdsa_host_key;
+      # Key generation with dropbearkey -t <type> -f <output-keyfile>
+    };
+    postCommands = ''
+      echo 'cryptsetup-askpass' >> /root/.profile
+    '';
+  };
+  boot.kernelParams = ["ip=::::montalin:eth0:dhcp"];
+
+  boot.initrd.postMountCommands = ''
+    ip link set eth0 down
+  '';
+}