diff --git a/hosts/ymir/configuration.nix b/hosts/ymir/configuration.nix index c984b6d..8933373 100644 --- a/hosts/ymir/configuration.nix +++ b/hosts/ymir/configuration.nix @@ -76,7 +76,12 @@ services.seatd.enable = true; # Enable flatpak - services.flatpak.enable = true; + services.flatpak = { + enable = true; + packages = [ + "com.dec05eba.gpu_screen_recorder" + ]; + }; # Enable ratbagd to customize mouse options services.ratbagd.enable = true; @@ -104,6 +109,9 @@ # Enable light for image control programs.light.enable = true; + # Enable polkit + security.polkit.enable = true; + # programs.river = { # enable = true; # extraPackages = []; diff --git a/modules/servers/general/default.nix b/modules/servers/general/default.nix index 081b2f4..723d212 100644 --- a/modules/servers/general/default.nix +++ b/modules/servers/general/default.nix @@ -9,5 +9,6 @@ ./root.nix ./beszel-agent.nix ./optimise-storage.nix + ./restic.nix ]; } diff --git a/modules/servers/general/restic.nix b/modules/servers/general/restic.nix new file mode 100644 index 0000000..88b435b --- /dev/null +++ b/modules/servers/general/restic.nix @@ -0,0 +1,37 @@ +{config, ...}: let + opts = { + paths = [ + "/var/lib/private" + ]; + pruneOpts = [ + "--keep-last 10" + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + checkOpts = [ + "--read-data-subset=10%" + "--with-cache" + ]; + }; +in { + services.restic.backups = { + local = { + initialize = true; + passwordFile = config.age.secrets.restic-server-local-pass.path; + repository = "/var/lib/backup"; + paths = opts.paths; + pruneOpts = opts.pruneOpts; + checkOpts = opts.checkOpts; + }; + server = { + initialize = true; + passwordFile = config.age.secrets.restic-server-pass.path; + repositoryFile = config.age.secrets.restic-server-pass.path; + environmentFile = config.age.secrets.restic-server-pass.path; + paths = opts.paths; + pruneOpts = opts.pruneOpts; + checkOpts = opts.checkOpts; + }; + }; +} diff --git a/modules/servers/general/secrets.nix b/modules/servers/general/secrets.nix index 935a8bb..ebb8892 100644 --- a/modules/servers/general/secrets.nix +++ b/modules/servers/general/secrets.nix @@ -11,6 +11,18 @@ root-passwd = { file = ../../../secrets/root-passwd.age; }; + restic-server-local-pass = { + file = ../../../secrets/restic-server-local-pass.age; + }; + restic-server-pass = { + file = ../../../secrets/restic-server-pass.age; + }; + restic-server-repo = { + file = ../../../secrets/restic-server-repo.age; + }; + restic-server-env = { + file = ../../../secrets/restic-server-env.age; + }; }; }; } diff --git a/secrets/restic-server-env.age b/secrets/restic-server-env.age new file mode 100644 index 0000000..bec1064 --- /dev/null +++ b/secrets/restic-server-env.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw P/5AREO2GLWDGgTnQmcvq4ORUDvZUCDNUfW6gjnXgWQ +Sx+9oL+PqaJ27/reuUmXGcUk+46bOFcDrZHOxMBmRwY +-> ssh-ed25519 6+hQpQ vzLILUkCCObrl9IPqqQc4mPmG6OB6qeu7vOVCOoEM04 +bOcMcMzGEh/5FifL89zMkxG+bN+hISfZoboe4yJmRC0 +-> ssh-ed25519 l/ODWA BPR4ySpMzah8UbyWy98C8xgEvNFLznjGhNTq2sv1xUI +I3mRcRkoOMw86eBLaqqDmsuEl/RLPo1QMXJ6KYk4UMo +-> ssh-ed25519 7+5K3Q +pDaZv47X000tK1W+2j/8EXlakycO5zR7x7AUfJ4LmI +XkwW2uMN7HRRFhuRdrJElVBJFwyiBd4/UInsJ9xoH6g +-> ssh-ed25519 Ow0TGw 1AakJzOyPpNkWpOSq8+TecnSdWFH1sS70Zcl4YwMSyg +4g/e2PAMWtHgD/ejlZio2hd+kRlcBO4Hih7i1973n2s +-> ssh-ed25519 cEINMA yBiCcMRwa6KmAAUJdhPeayKYYqmW2lLrUDP9JH5TVAc +2Ba4lRQ/rbKSSRbQkunq1l9FbuASbYkaSo+hLEyr+R0 +-> ssh-ed25519 qbMKrQ JuE4wL9iuYie2cno9+SRZipNCy/IyjS+6+RXMOFXi10 +jIBwICumFSm10F5t3VFdhzl6/Lv211jAZnp72yNtaG0 +-> ssh-ed25519 GNZYRg 7e+vuacgxTObvGQToLk/n0yVQ8cpL4h/SLTKtY6HTQU +EoExlKOqtE4wJ2hVBCvYLyecZyW5Ck+LWq99iFth+eA +-> ssh-ed25519 fd/ZLQ eICkKc6DBKBqijQXJMlP3zNR7LLmR3JS+eksVACBGU4 +SjEGDhJIMRsEe9EGRW3//zdeyagAVYGls3Nm9Ap9EKc +--- 6p/Szb20erzQyj0bmy2781LdRQHHhG44pylOUlMms40 +F$YRD!Rh +`.~'`B' vi.5cd$Ր=T uV\( FpՄv֍k3&+&e9fgЋJEޔ~cD \ No newline at end of file diff --git a/secrets/restic-server-local-pass.age b/secrets/restic-server-local-pass.age new file mode 100644 index 0000000..ad0cbbe Binary files /dev/null and b/secrets/restic-server-local-pass.age differ diff --git a/secrets/restic-server-pass.age b/secrets/restic-server-pass.age new file mode 100644 index 0000000..79b16f0 --- /dev/null +++ b/secrets/restic-server-pass.age @@ -0,0 +1,22 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw 9bifvOgrYMg2Fhi0sgXa/qrpfRgGuoG4SU9p1BICkEs +1MSxA7Kyu1KCNQ+LanV8xcS6HM9gZFOOM0t9RjHiHzE +-> ssh-ed25519 6+hQpQ NLvp1THtsHMqGMNr2DjGdnPqQXGWvNY6EbbzUASNKws +3wPnJUnw2JfwInlHVOVtbodDm8Vy4bQ22tGJcuF5v18 +-> ssh-ed25519 l/ODWA K0MoTwlMtberAnMoJpQrgY5cLPdOcN07UJiy5glH3Co +Gy+eLnwBk91Sx9LARLgzJljOkGj34eAGOxruCPdHChI +-> ssh-ed25519 7+5K3Q Lj1DYkDIynawk0aOP/BuAHZDSFI3YZif2lZ2/l3y4UI +pwW+MjdBTPlZvUB4J6ATQivbyxjxUtj6R2rxuRYIs0s +-> ssh-ed25519 Ow0TGw odMc/AhI0E9/1ejVf+Vpgqj4e/wadDQ74qB0GLXdugQ +C/SRlcOSWb/MhawMQ3zaCLjlxqKdOhLuqf95GTrhEwI +-> ssh-ed25519 cEINMA cmJECvSXeo/m/GFbgFfDiH4+ywTjIEHFrvjLgUaX+RY +A/zztUB7W0aeVcUkuQkh7RXnPeGaGAgE0PQX3EvAV/8 +-> ssh-ed25519 qbMKrQ ev9qGmwgAI2Jx0GQhYphti0OKcRAv/EGyBt5ojunqHg +zfuh0+WDGB/LjHmAd7SOFY5EjQoeYOgS4Z4JE3ikg6M +-> ssh-ed25519 GNZYRg nR1Mcbq961DtSv5wOjIGuY9uT8VmR4LAWjburH6fMC8 +4adxy7fGFci7KpUGg0zGOgp/IIwATYc58WJDA2Lu2Bs +-> ssh-ed25519 fd/ZLQ jGg06rq7vZMyg9Qvs1zJ/rnF6clYED03j0tMMFn7G0k +Ku0tq3Z+hKKyMZDYX+N0UyTXtJAJXxLohYKgGCDW/kA +--- fXoZEKdfq3xsOniylAnr63qVkS/LvRJfZu/8+Y0t8qw +n1>3²|Y9߫7{!V +ezq"]k(Ec"*]ġk' Isrf0|#^K@ȔVTKW}y>QS'ϼHt:f;y’[ضͯ`H~3|!M[}|?ӆfOcޞ}ѵȥucrdF+#Uz)xZHgnxDG`s.X \ No newline at end of file diff --git a/secrets/restic-server-repo.age b/secrets/restic-server-repo.age new file mode 100644 index 0000000..2047279 --- /dev/null +++ b/secrets/restic-server-repo.age @@ -0,0 +1,22 @@ +age-encryption.org/v1 +-> ssh-ed25519 2P4nKw QySrledbwALjWMNCtmNB9V4fjT05hih8mhJnULRTXkM +PW0Yk/eXqN57NuWQbuE0kUqJHf8XouODHNwQpeRiEe0 +-> ssh-ed25519 6+hQpQ CMIGCb6niVPPKNTVXMjWx0Xrh63X4ucyGXATbPi2JEg +1yUotoIqnzGoX6gJ5/VlWmOXdm1Dt4vqLJrtsg9jlgE +-> ssh-ed25519 l/ODWA X0hBPkxppmofKE1AWUJIKJkDPaclBVbCVGFwVmzWEEQ +fpXHBOfN/B9UDOIJ98r5J4BMYKeEPMXmM+knxkI43kg +-> ssh-ed25519 7+5K3Q QdJv8xbWsQgeQpeVugPyWRS5aNFL+MAKCQsfHutEl3w +FDqXq5t8ElE2tl4WJbcpmJc0YmcrpjYqGX2O8maxHjU +-> ssh-ed25519 Ow0TGw b5LtwpTlb2Hs9dtg8Uth1UIqNdRK+Nj+XsAApfsrbwE +lThcDeUMW49n6crw02xnh2HzZ74icKUdF6bdqxqqY24 +-> ssh-ed25519 cEINMA aLfXjPsQIJby0CZgYDoA4WPL1b0e69SPe72Z4p6f/1A +lyT+Q6C3kPERXMepNmwoy0tAvLk6qdxUuQoV31KMEfo +-> ssh-ed25519 qbMKrQ LehmoKiFc4HPA23gx4V9UJiinnm3Ei91BmB+EKgY0Gg +XIf9trBywVNsoIqAT1XtVqKi0WZzJ8iruGSxjE8zIiU +-> ssh-ed25519 GNZYRg W4t6E8lEGhYTDepNdpQz8pch2Lm48xFUuntWoDGeJys +19OD++WOzru7sR5kkNVKmdnhMc0VXKrP2LLpvsxJxZE +-> ssh-ed25519 fd/ZLQ Dteel22OzKqmx3uwIACayU2Ph+iUoZGbF1bReGW06lk +iaxcz6F607Xm5bG+ax2TRnvjgl6Kv/dE6VWJxEEzeos +--- +2gjtn4rTs6lwr04qBfQQ7vaYaxdk4zF/wdcCYQtmkM + !n8 +G֯'7LJ<x6d]`AdSs?XVJx@\~s y^@2-|:y㮫v/enc=Н}OՀm]Jj^ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index f9e874a..3061d69 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -33,4 +33,8 @@ in { "restic-backblaze-pass.age".publicKeys = systems ++ users; "restic-backblaze-repo.age".publicKeys = systems ++ users; "restic-backblaze-env.age".publicKeys = systems ++ users; + "restic-server-local-pass.age".publicKeys = systems ++ users; + "restic-server-pass.age".publicKeys = systems ++ users; + "restic-server-repo.age".publicKeys = systems ++ users; + "restic-server-env.age".publicKeys = systems ++ users; }