diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 9593963..a331fc7 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -15,7 +15,7 @@ ] ++ (util.toImports ../../modules/nixos/features [ # keep-sorted start - "borgbackup" + "borgmatic" "intel-gpu" # keep-sorted end ]) diff --git a/modules/home-manager/bundles/gui.nix b/modules/home-manager/bundles/gui.nix index 0d4ec42..de6e9a8 100644 --- a/modules/home-manager/bundles/gui.nix +++ b/modules/home-manager/bundles/gui.nix @@ -6,7 +6,7 @@ imports = util.toImports ../features [ # keep-sorted start "alacritty" - "librewolf" + "firefox" "obsidian" # "zen-browser" # keep-sorted end diff --git a/modules/home-manager/features/firefox.nix b/modules/home-manager/features/firefox.nix index b0c16b3..4231d89 100644 --- a/modules/home-manager/features/firefox.nix +++ b/modules/home-manager/features/firefox.nix @@ -12,7 +12,6 @@ "browser.aboutwelcome.enabled" = false; "browser.bookmarks.addedImportButton" = false; "browser.bookmarks.restore_default_bookmarks" = false; - "browser.download.useDownloadDir" = true; "browser.newtabpage.enabled" = false; "browser.safebrowsing.downloads.enabled" = false; "browser.safebrowsing.malware.enabled" = false; @@ -23,8 +22,6 @@ "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; "browser.startup.page" = 3; "browser.tabs.groups.smart.userEnabled" = false; - "browser.tabs.warnOnClose" = true; - "browser.tabs.warnOnOpen" = false; "browser.toolbars.bookmarks.visibility" = "never"; "browser.urlbar.suggest.searches" = false; "datareporting.healthreport.uploadEnabled" = false; @@ -38,20 +35,18 @@ "network.trr.uri" = "https://firefox.dns.nextdns.io/"; "privacy.annotate_channels.strict_list.enabled" = true; "privacy.bounceTrackingProtection.mode" = 1; + "privacy.clearOnShutdown_v2.formdata" = true; "privacy.fingerprintingProtection" = true; "privacy.globalprivacycontrol.enabled" = true; "privacy.globalprivacycontrol.was_ever_enabled" = true; - "privacy.history.custom" = false; "privacy.query_stripping.enabled " = true; "privacy.query_stripping.enabled.pbmode" = true; - "privacy.sanitize.sanitizeOnShutdown" = false; "privacy.trackingprotection.allow_list.baseline.enabled" = true; "privacy.trackingprotection.allow_list.convenience.enabled" = false; "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; "privacy.trackingprotection.emailtracking.enabled" = true; "privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.socialtracking.enabled" = true; - "services.sync.engine.passwords" = false; "sidebar.main.tools" = "syncedtabs,history,bookmarks"; "sidebar.new-sidebar.has-used" = true; "sidebar.position_start" = false; @@ -91,144 +86,144 @@ # keep-sorted start block=yes # sponsorblock "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; + hideSegmentCreationInPopup = false; + autoSkipOnMusicVideosUpdate = true; + changeChapterColor = true; + autoSkipOnMusicVideos = false; + hideVideoPlayerControls = false; + useVirtualTime = true; + categoryPillColors = { }; + payments = { + chaptersAllowed = false; + freeAccess = false; + lastCheck = 0; + lastFreeCheck = 0; + licenseKey = null; + }; + allowExpirements = true; + allowScrollingToEdit = true; + audioNotificationOnSkip = false; + autoHideInfoButton = true; + categoryPillUpdate = true; + chapterCategoryAdded = true; + checkForUnlistedVideos = false; + cleanPopup = false; + darkMode = true; + deArrowInstalled = true; + defaultCategory = "chooseACategory"; + disableSkipping = false; + donateClicked = 0; + dontShowNotice = false; + forceChannelCheck = false; + fullVideoLabelsOnThumbnails = true; + fullVideoSegments = true; + hideDeleteButtonPlayerControls = false; + hideDiscordLaunches = 0; + hideDiscordLink = false; + hideInfoButtonPlayerControls = false; + hideSkipButtonPlayerControls = false; + hideUploadButtonPlayerControls = false; + categorySelections = [ + { + name = "sponsor"; + option = 2; + } + { + name = "poi_highlight"; + option = 1; + } + { + name = "exclusive_access"; + option = 0; + } + { + name = "chapter"; + option = 0; + } + { + name = "selfpromo"; + option = 1; + } + { + name = "interaction"; + option = 1; + } + { + name = "intro"; + option = 1; + } + { + name = "outro"; + option = 1; + } + { + name = "preview"; + option = 1; + } + { + name = "filler"; + option = 1; + } + { + name = "music_offtopic"; + option = 2; + } + { + name = "hook"; + option = 1; + } + ]; + manualSkipOnFullVideo = false; + minDuration = 0; + isVip = false; + muteSegments = false; + noticeVisibilityMode = 3; + renderSegmentsAsChapters = false; + scrollToEditTimeUpdate = false; + serverAddress = "https://sponsor.ajay.app"; + showAutogeneratedChapters = false; + showCategoryGuidelines = true; + showCategoryWithoutPermission = false; + showChapterInfoMessage = true; + showDeArrowInSettings = true; + showDeArrowPromotion = true; + showDonationLink = false; + showNewFeaturePopups = false; + showSegmentFailedToFetchWarning = true; + showSegmentNameInChapterBar = true; + showTimeWithSkips = true; + showUpcomingNotice = false; + showUpsells = false; + minutesSaved = 67.630516; + shownDeArrowPromotion = false; + showZoomToFillError2 = false; + skipNoticeDuration = 4; + sponsorTimesContributed = 0; + testingServer = false; + trackDownvotes = false; + trackDownvotesInPrivate = false; + trackViewCount = false; + trackViewCountInPrivate = false; + ytInfoPermissionGranted = false; + skipNonMusicOnlyOnYoutubeMusic = false; + hookUpdate = false; + permissions = { + sponsor = true; + selfpromo = true; + exclusive_access = true; + interaction = true; + intro = true; + outro = true; + preview = true; + hook = true; + music_offtopic = true; + filler = true; + poi_highlight = true; + chapter = false; + }; + segmentListDefaultTab = 0; + prideTheme = false; }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; - }; # ublock-origin "uBlock0@raymondhill.net".settings = { advancedUserEnabled = true; diff --git a/modules/home-manager/features/lazygit.nix b/modules/home-manager/features/lazygit.nix index 6672936..e4938bf 100644 --- a/modules/home-manager/features/lazygit.nix +++ b/modules/home-manager/features/lazygit.nix @@ -5,7 +5,6 @@ programs.lazygit = { enable = true; settings = { - git.overrideGpg = true; log = { localBranchSortOrder = "recency"; remoteBranchSortOrder = "recency"; diff --git a/modules/home-manager/features/librewolf.nix b/modules/home-manager/features/librewolf.nix deleted file mode 100644 index 31a34b2..0000000 --- a/modules/home-manager/features/librewolf.nix +++ /dev/null @@ -1,255 +0,0 @@ -{ - pkgs, - ... -}: -{ - programs.librewolf = { - enable = true; - languagePacks = [ "en-GB" ]; - profiles.will = { - settings = { - # keep-sorted start - "browser.aboutwelcome.enabled" = false; - "browser.bookmarks.addedImportButton" = false; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.download.useDownloadDir" = true; - "browser.newtabpage.enabled" = false; - "browser.safebrowsing.downloads.enabled" = false; - "browser.safebrowsing.malware.enabled" = false; - "browser.safebrowsing.phishing.enabled" = false; - "browser.safebrowsing.remote.block_potentially_unwanted" = false; - "browser.safebrowsing.remote.block_uncommon" = false; - "browser.search.suggest.enabled" = false; - "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; - "browser.startup.page" = 3; - "browser.tabs.groups.smart.userEnabled" = false; - "browser.tabs.warnOnClose" = true; - "browser.tabs.warnOnOpen" = false; - "browser.toolbars.bookmarks.visibility" = "never"; - "browser.urlbar.suggest.searches" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.usage.uploadEnabled" = false; - "dom.security.https_only_mode" = true; - "dom.security.https_only_mode_ever_enabled" = true; - "extensions.formautofill.creditCards.enabled" = false; - "general.autoScroll" = true; - "identity.fxaccounts.enabled" = true; - "intl.locale.requested" = "en-GB"; - "network.trr.mode" = 3; - "network.trr.uri" = "https://firefox.dns.nextdns.io/"; - "privacy.annotate_channels.strict_list.enabled" = true; - "privacy.bounceTrackingProtection.mode" = 1; - "privacy.fingerprintingProtection" = true; - "privacy.globalprivacycontrol.enabled" = true; - "privacy.globalprivacycontrol.was_ever_enabled" = true; - "privacy.history.custom" = false; - "privacy.query_stripping.enabled " = true; - "privacy.query_stripping.enabled.pbmode" = true; - "privacy.sanitize.sanitizeOnShutdown" = false; - "privacy.trackingprotection.allow_list.baseline.enabled" = true; - "privacy.trackingprotection.allow_list.convenience.enabled" = false; - "privacy.trackingprotection.consentmanager.skip.pbmode.enabled" = false; - "privacy.trackingprotection.emailtracking.enabled" = true; - "privacy.trackingprotection.enabled" = true; - "privacy.trackingprotection.socialtracking.enabled" = true; - "services.sync.engine.passwords" = false; - "sidebar.main.tools" = "syncedtabs,history,bookmarks"; - "sidebar.new-sidebar.has-used" = true; - "sidebar.position_start" = false; - "sidebar.revamp" = true; - "sidebar.verticalTabs" = true; - "sidebar.verticalTabs.dragToPinPromo.dismissed" = true; - "signon.autofillForms" = false; - "signon.firefoxRelay.feature" = "disabled"; - "signon.generation.enabled" = false; - "signon.management.page.breach-alerts.enabled" = false; - "signon.rememberSignons" = false; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - # keep-sorted end - }; - search = { - default = "ddg"; - privateDefault = "ddg"; - engines = { }; - order = [ ]; - force = true; - }; - extensions = { - force = true; - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - # keep-sorted start sticky_comments=no - # detect-cloudflare - bitwarden - dearrow - nixpkgs-pr-tracker - react-devtools - return-youtube-dislikes - sponsorblock - ublock-origin - # keep-sorted end - ]; - settings = { - # keep-sorted start block=yes - # sponsorblock - "sponsorBlocker@ajay.app".settings = { - hideSegmentCreationInPopup = false; - autoSkipOnMusicVideosUpdate = true; - changeChapterColor = true; - autoSkipOnMusicVideos = false; - hideVideoPlayerControls = false; - useVirtualTime = true; - categoryPillColors = { }; - payments = { - chaptersAllowed = false; - freeAccess = false; - lastCheck = 0; - lastFreeCheck = 0; - licenseKey = null; - }; - allowExpirements = true; - allowScrollingToEdit = true; - audioNotificationOnSkip = false; - autoHideInfoButton = true; - categoryPillUpdate = true; - chapterCategoryAdded = true; - checkForUnlistedVideos = false; - cleanPopup = false; - darkMode = true; - deArrowInstalled = true; - defaultCategory = "chooseACategory"; - disableSkipping = false; - donateClicked = 0; - dontShowNotice = false; - forceChannelCheck = false; - fullVideoLabelsOnThumbnails = true; - fullVideoSegments = true; - hideDeleteButtonPlayerControls = false; - hideDiscordLaunches = 0; - hideDiscordLink = false; - hideInfoButtonPlayerControls = false; - hideSkipButtonPlayerControls = false; - hideUploadButtonPlayerControls = false; - categorySelections = [ - { - name = "sponsor"; - option = 2; - } - { - name = "poi_highlight"; - option = 1; - } - { - name = "exclusive_access"; - option = 0; - } - { - name = "chapter"; - option = 0; - } - { - name = "selfpromo"; - option = 1; - } - { - name = "interaction"; - option = 1; - } - { - name = "intro"; - option = 1; - } - { - name = "outro"; - option = 1; - } - { - name = "preview"; - option = 1; - } - { - name = "filler"; - option = 1; - } - { - name = "music_offtopic"; - option = 2; - } - { - name = "hook"; - option = 1; - } - ]; - manualSkipOnFullVideo = false; - minDuration = 0; - isVip = false; - muteSegments = false; - noticeVisibilityMode = 3; - renderSegmentsAsChapters = false; - scrollToEditTimeUpdate = false; - serverAddress = "https://sponsor.ajay.app"; - showAutogeneratedChapters = false; - showCategoryGuidelines = true; - showCategoryWithoutPermission = false; - showChapterInfoMessage = true; - showDeArrowInSettings = true; - showDeArrowPromotion = true; - showDonationLink = false; - showNewFeaturePopups = false; - showSegmentFailedToFetchWarning = true; - showSegmentNameInChapterBar = true; - showTimeWithSkips = true; - showUpcomingNotice = false; - showUpsells = false; - minutesSaved = 67.630516; - shownDeArrowPromotion = false; - showZoomToFillError2 = false; - skipNoticeDuration = 4; - sponsorTimesContributed = 0; - testingServer = false; - trackDownvotes = false; - trackDownvotesInPrivate = false; - trackViewCount = false; - trackViewCountInPrivate = false; - ytInfoPermissionGranted = false; - skipNonMusicOnlyOnYoutubeMusic = false; - hookUpdate = false; - permissions = { - sponsor = true; - selfpromo = true; - exclusive_access = true; - interaction = true; - intro = true; - outro = true; - preview = true; - hook = true; - music_offtopic = true; - filler = true; - poi_highlight = true; - chapter = false; - }; - segmentListDefaultTab = 0; - prideTheme = false; - }; - # ublock-origin - "uBlock0@raymondhill.net".settings = { - advancedUserEnabled = true; - selectedFilterLists = [ - "user-filters" - "ublock-filters" - "ublock-badware" - "ublock-privacy" - "ublock-quick-fixes" - "ublock-unbreak" - "easylist" - "easyprivacy" - "adguard-spyware-url" - "urlhaus-1" - "plowe-0" - ]; - }; - # keep-sorted end - }; - }; - }; - }; -} diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 7a9f017..1aa12e4 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -34,8 +34,5 @@ # keep-sorted end ]; - services.borgbackup.jobs = { - onsite.paths = [ "/srv" ]; - offsite.paths = [ "/srv" ]; - }; + services.borgmatic.settings.source_directories = [ "/srv" ]; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index bba0af7..c1243e6 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -16,6 +16,7 @@ "nixvim" "syncthing" "systemd-boot" + "tailscale" # keep-sorted end ]; @@ -60,7 +61,7 @@ ticker # stock ticker tldr # cheat sheets tmpmail # temporary email address - # topydo # todo.txt helper tool + topydo # todo.txt helper tool tt # typing test wtfutil # terminal homepage xh # curl diff --git a/modules/nixos/features/borgbackup.nix b/modules/nixos/features/borgbackup.nix deleted file mode 100644 index c30799a..0000000 --- a/modules/nixos/features/borgbackup.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - jobConfig = { - compression = "auto,zlib"; - doInit = false; - preHook = '' - /run/wrappers/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dumpall > /srv/backup/database/postgres/dump.sql - ''; - postHook = '' - rm /srv/backup/database/postgres/dump.sql - ''; - prune.keep = { - daily = 7; - weekly = 4; - monthly = 6; - yearly = 1; - }; - readWritePaths = [ - "/srv/backup" - ]; - startAt = "*-*-* 03:00:00"; - extraCreateArgs = [ "-v" ]; - }; -in -{ - services.borgbackup = { - jobs = { - onsite = { - encryption = { - passCommand = "cat ${config.age.secrets.borgbackup-onsite.path}"; - mode = "repokey-blake2"; - }; - removableDevice = true; - repo = "/mnt/external/backup/take2"; - } - // jobConfig; - offsite = { - encryption = { - passCommand = "cat ${config.age.secrets.borgbackup-offsite.path}"; - mode = "repokey-blake2"; - }; - environment.BORG_RSH = "ssh -i /home/srv/.ssh/id_ed25519"; - repo = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; - } - // jobConfig; - }; - }; - - age.secrets = { - borgbackup-onsite.file = ../../../secrets/borgbackup-onsite.age; - borgbackup-offsite.file = ../../../secrets/borgbackup-offsite.age; - }; -} diff --git a/modules/nixos/features/borgmatic.nix b/modules/nixos/features/borgmatic.nix index 112eeda..6628f8e 100644 --- a/modules/nixos/features/borgmatic.nix +++ b/modules/nixos/features/borgmatic.nix @@ -42,10 +42,12 @@ { path = "/mnt/external/backup/repo"; label = "onsite"; + # encryption = "repokey-blake2"; } { path = "ssh://vuc5c3xq@vuc5c3xq.repo.borgbase.com/./repo"; label = "offsite"; + # encryption = "repokey-blake2"; } ]; retries = 3; @@ -73,6 +75,8 @@ "borgmatic-pg:${config.age.secrets.borgmatic-pg.path}" ]; + # onsite drive + # secrets age.secrets = { "borgmatic".file = ../../../secrets/borgmatic.age; diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix index c32df14..92ee22d 100644 --- a/modules/nixos/features/firefly.nix +++ b/modules/nixos/features/firefly.nix @@ -24,6 +24,13 @@ in }; }; + borgmatic.settings.sqlite_databases = [ + { + name = "firefly"; + path = "/srv/firefly/storage/database/database.sqlite"; + } + ]; + caddy.virtualHosts."firefly.fi33.buzz".extraConfig = '' root * ${config.services.firefly-iii.package}/public php_fastcgi unix//${config.services.phpfpm.pools.firefly-iii.socket} diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index ce89f21..0908fd1 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -27,6 +27,15 @@ in } ]; + borgmatic.settings.postgresql_databases = [ + { + name = "immich"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/mealie.nix b/modules/nixos/features/mealie.nix index 324c241..368ee09 100644 --- a/modules/nixos/features/mealie.nix +++ b/modules/nixos/features/mealie.nix @@ -1,5 +1,5 @@ { - pkgs, + config, ... }: let @@ -34,14 +34,17 @@ in } ]; - borgbackup.jobs = { - onsite = { - paths = [ "/var/lib/mealie" ]; - }; - offsite = { - paths = [ "/var/lib/mealie" ]; - }; - }; + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "mealie"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 094bdc2..fcd6526 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -34,6 +34,15 @@ in } ]; + borgmatic.settings.postgresql_databases = [ + { + name = "miniflux"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 0d101eb..de396ff 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -20,9 +20,11 @@ in auth-default-access = "deny-all"; auth-users = [ "Debit3885:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:admin" + "borgmatic:$2a$12$ZeFimzdifNFSmf0W2oi.vuZfsqae75md9nhC/Q2BcKMyvDO8T.uEK:user" "gatus:$2a$12$OswG3sB8oDaB.KpawKM3P.78dID.Tj/0y5qeVD5BE6EH5bpGKe.na:user" ]; auth-access = [ + "borgmatic:backups:wo" "gatus:services:wo" ]; }; @@ -42,9 +44,10 @@ in } ]; - borgbackup.jobs = { - onsite.paths = [ "/var/lib/ntfy-sh" ]; - offsite.paths = [ "/var/lib/ntfy-sh" ]; + borgmatic.settings = { + source_directories = [ + "/var/lib/ntfy-sh/user.db" + ]; }; caddy.virtualHosts.${hostname}.extraConfig = '' diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 5be0efb..13cdd59 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -36,6 +36,17 @@ in } ]; + borgmatic.settings = { + postgresql_databases = [ + { + name = "paperless"; + hostname = "localhost"; + username = "root"; + password = "{credential systemd borgmatic-pg}"; + } + ]; + }; + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 050cc56..a6126c9 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,7 +1,3 @@ -{ - pkgs, - ... -}: let port = 5009; certloc = "/var/lib/acme/fi33.buzz"; @@ -32,14 +28,7 @@ in } ]; - borgbackup.jobs = { - onsite = { - paths = [ "/var/lib/prowlarr" ]; - }; - offsite = { - paths = [ "/var/lib/prowlarr" ]; - }; - }; + borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ]; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index 0b141f7..07976f2 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -73,20 +73,16 @@ in } ]; - borgbackup.jobs = + borgmatic.settings = if userName == "srv" then { - onsite.paths = [ + source_directories = [ "/home/srv/.config/syncthing" - "/home/srv/Sync/" - ]; - offsite.paths = [ - "/home/srv/.config/syncthing" - "/home/srv/Sync/" + "/home/srv/Sync" ]; } else - { }; + null; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy http://localhost:${toString port} diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 29f389c..8e8978c 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -25,10 +25,17 @@ in } ]; - borgbackup.jobs = { - onsite.paths = [ "" ]; - offsite.paths = [ "" ]; - }; + # borgmatic.settings = { + # source_directories = [ ]; + # postgresql_databases = [ + # { + # name = "feature"; + # hostname = "localhost"; + # username = "root"; + # password = "{credential systemd borgmatic-pg}"; + # } + # ]; + # }; caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} diff --git a/secrets/borgbackup-offsite.age b/secrets/borgbackup-offsite.age deleted file mode 100644 index e1809a9..0000000 --- a/secrets/borgbackup-offsite.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ NuEGxxieL0H7mUFKft+fuH1jd0XFDf3xESLrVcb9GAg -KxJcj9P/+cr63TmqEIPwfykz07luqe9VLRLzs3CWx9Y --> ssh-ed25519 NanIwQ HRHMV4jFn7vJVHd6gFqcOTA14VI6+QaITXMpZbeGoDg -aANuHXv4O1KKwPCClatphXgWDFnsCy/AoQJT0+D560o --> ssh-ed25519 LtK9yQ NHLTdStEdoXSGKxoz4/gR+oT9bLq8wwz4XRHS2rd9Xo -lndB74KBkWrfNuZyuQufl35lQIPNqbppLfSZRerIDaA ---- dro8ECdWcFtleQv5nffX/Wh97w/FGXQZwSIjPE9WIX8 -8R#;rpEhȾW8-. `OW']kJdC .T)N_kq_=ϰ \ No newline at end of file diff --git a/secrets/borgbackup-onsite.age b/secrets/borgbackup-onsite.age deleted file mode 100644 index 86c240f..0000000 --- a/secrets/borgbackup-onsite.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 qLT+DQ 3UW3CErZDv6UkjXJZldymqYmmJoQcbSjVX4IUX7KRn8 -pnbegKpKiNW8QY9rD7pD1mrhOSdD+cxUxcNKtLM5uOQ --> ssh-ed25519 NanIwQ qAl2RheS1lTOU60xeodc4/WvyzYRGiWR+55QvsVE5H0 -j/UoLITpRpMF2t0J/Y0zL0kAgz5nJ02I/nwUp+pEowg --> ssh-ed25519 LtK9yQ sbldK/F2u6MMgIR8F6c5ZFkMesq+GHKRmlqt3n6L2yw -GTSzhGfj+Shg+MQ3hde12pKi6zfeGNw6RXwSAoGyaak ---- 6WmdTjpwgwb6/1o06i5xtvnOQcvNztwpBmvH/9wYbmo -K^ѭUb|:m@*ޱg1>)qs,n{ DdvɜEuH ssh-ed25519 qLT+DQ C3A3TKOyIWzbW8JupvhTmLKetnr+0uzkPq985NA0DCs +ahrHVR7WadjOfOXBWOqBAf9L0UdCNeD0Ynk6sKDF7WM +-> ssh-ed25519 7+xRyQ evZ6zSS3olbORnqiCnEAL68D1FNPgg2oBoJSaquLAAA +BYoo9AVOHsRsTbXkRQdS/7WN25vBuJOAb0YfnSY+hGQ +-> ssh-ed25519 LtK9yQ jLIdKPvVhPsRIJevWLmads3P2hM29c0B143OWoINzlY +ziCUQ1TtB6BUgbNZ/zFXoaOtpxyrbKobsTvXo/dSpSA +--- Q6JHS+5vuYLIqyIb6x3qCbIJvsjk2++ovL1zkVGs69o +쇽NM1WByM.-|Gl]8Z,(5豲P!pmpEa;(tq!KU4m \ No newline at end of file diff --git a/secrets/borgmatic.age b/secrets/borgmatic.age new file mode 100644 index 0000000..fca1c53 --- /dev/null +++ b/secrets/borgmatic.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ zfLZc8A30KjoMrhUSl4OgTp+Yg11fmVjDioxtIYMqDU +URhJwUCElaJcSd+k5wBQAXvdC/68ZcCA5WbHGAJTYfY +-> ssh-ed25519 7+xRyQ mrGrjW0fQIRNMDdw4Hoc9N/xAEm1P0IFukShfeVdKE8 +yLUmj7LBfHQ/i4buBB57ktNUOnHpoC8NYTQUnK5e5y4 +-> ssh-ed25519 LtK9yQ THjOsSIr/DQTulFlwd4r5DYb73VQ0vWgyDHkfJV3NR0 +Dl8FwK1WciiEMs5MdrFcUIOFGmlbZf3APOWzLN6rkOE +--- 3mjYPT9APy0F5NNbbCIQhzZ0XjKBtB9YGGS3t37eoRU +T^vU{>[dhPC6Z|K|~lݝbDt΄]1P$10 A$ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2bd9a15..ac60688 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -15,8 +15,9 @@ let in { # keep-sorted start - "borgbackup-offsite.age".publicKeys = users; - "borgbackup-onsite.age".publicKeys = users; + "borgmatic-ntfy.age".publicKeys = users; + "borgmatic-pg.age".publicKeys = users; + "borgmatic.age".publicKeys = users; "copyparty.age".publicKeys = users; "gatus.age".publicKeys = users; "git_signing_key.age".publicKeys = users;