From 373bd88e1bf84e44c485969b68b7e8873ffe9099 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 18:12:44 +0000 Subject: [PATCH 1/4] backup: hoist variable definitions, add source to target's knownHosts --- flake/backup.nix | 64 ++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/flake/backup.nix b/flake/backup.nix index 30bc5bc..dddda69 100644 --- a/flake/backup.nix +++ b/flake/backup.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.fountain.backup; + keys = import ../keys.nix; syncOptions = { dataset = lib.mkOption { @@ -91,36 +92,47 @@ in # TODO: add some assertions to verify the options config.flake.colmena = lib.mkMerge (lib.mapAttrsToList - (name: sync: { - ${sync.sourceHost} = { pkgs, ... }: { - randomcat.services.zfs.datasets."${sync.source}/${sync.dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; - users.users.backup = { - group = "backup"; - isSystemUser = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = cfg.keys.${sync.targetHost}; - packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically - }; - users.groups.backup = { }; - }; + (name: sync: + let + inherit (sync) dataset sourceHost targetHost source target; + # TODO: don't want to have to dig into the node config for the fqdn + sourceFqdn = config.flake.nixosConfigurations.${sourceHost}.config.networking.fqdn; + in + { + ${sourceHost} = { pkgs, ... }: { + randomcat.services.zfs.datasets."${source}/${dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; - ${sync.targetHost} = { - randomcat.services.zfs.datasets."${sync.target}".zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; - services.syncoid = { - enable = true; - interval = "*-*-* *:15:00"; - commonArgs = [ "--no-sync-snap" ]; - commands = { - ${name} = { - source = "backup@${config.flake.nixosConfigurations.${sync.sourceHost}.config.networking.fqdn}:${sync.source}/${sync.dataset}"; - target = "${sync.target}/${sync.dataset}"; - recursive = true; - recvOptions = "ux recordsize o compression=lz4"; + users.users.backup = { + group = "backup"; + isSystemUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = cfg.keys.${targetHost}; + packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically + }; + users.groups.backup = { }; + }; + + ${targetHost} = { + randomcat.services.zfs.datasets.${target}.zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; + + services.syncoid = { + enable = true; + interval = "*-*-* *:15:00"; + commonArgs = [ "--no-sync-snap" ]; + commands = { + ${name} = { + source = "backup@${sourceFqdn}:${source}/${dataset}"; + target = "${target}/${dataset}"; + recursive = true; + recvOptions = "ux recordsize o compression=lz4"; + }; }; }; + + # TODO: this should be handled by a networking module + programs.ssh.knownHosts.${sourceFqdn}.publicKey = keys.machines.${sourceHost}; }; - }; - }) + }) cfg.sync ); } From d36c87220ba4399eaa3bb3514f7570c0cdcdd8d0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 19:44:50 +0000 Subject: [PATCH 2/4] orm: don't snapshot the empty root dataset for /var/lib --- hosts/orm/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 0db3632..f4daa02 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -30,6 +30,7 @@ services.sanoid.datasets."rpool_orm/state" = { useTemplate = [ "production" ]; recursive = "zfs"; + process_children_only = true; }; qenya.services.actual = { From 86f77d2564c2ffbe9bf3978ad043f7d7979b9286 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 19:45:03 +0000 Subject: [PATCH 3/4] kalessin: add new state dataset --- flake.nix | 7 +++++++ hosts/kalessin/default.nix | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/flake.nix b/flake.nix index 5562b16..4b3c089 100644 --- a/flake.nix +++ b/flake.nix @@ -114,6 +114,13 @@ source = "rpool_orm"; target = "rpool_elucredassa/backup/orm"; }; + "kalessin-state" = { + dataset = "state"; + sourceHost = "kalessin"; + targetHost = "elucredassa"; + source = "rpool_kalessin"; + target = "rpool_elucredassa/backup/kalessin"; + }; }; }; diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index a26ad8b..473f587 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -26,5 +26,15 @@ in authorizedKeys.keys = [ ]; }; + randomcat.services.zfs.datasets = { + "rpool_kalessin/state" = { mountpoint = "none"; }; + }; + + services.sanoid.datasets."rpool_kalessin/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + process_children_only = true; + }; + system.stateVersion = "23.11"; } From 9760d4d3bc40ec83956844ba127696f22151a5a3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 19:46:37 +0000 Subject: [PATCH 4/4] actual: hardcode domain --- hosts/orm/default.nix | 5 +---- services/actual.nix | 8 +++----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index f4daa02..5ee04f6 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -33,10 +33,7 @@ process_children_only = true; }; - qenya.services.actual = { - enable = true; - domain = "actual.qenya.tel"; - }; + qenya.services.actual.enable = true; system.stateVersion = "23.11"; } diff --git a/services/actual.nix b/services/actual.nix index c78e2ff..d5a1599 100644 --- a/services/actual.nix +++ b/services/actual.nix @@ -3,20 +3,18 @@ with lib; let cfg = config.qenya.services.actual; + domain = "actual.qenya.tel"; in { options.qenya.services.actual = { - enable = mkEnableOption "Actual"; - domain = mkOption { - type = types.str; - }; + enable = mkEnableOption "Actual Budget"; }; config = mkIf cfg.enable { services.nginx = { enable = true; virtualHosts = { - ${cfg.domain} = { + ${domain} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://127.0.0.1:5006/";