diff --git a/maskiner/node/configuration.nix b/maskiner/node/configuration.nix index 77b63d7..09723f2 100644 --- a/maskiner/node/configuration.nix +++ b/maskiner/node/configuration.nix @@ -10,6 +10,39 @@ }: let modulesDirectory = ../../moduler; + backupScript = pkgs.writeShellScript "rclone-backups" '' + set -euo pipefail + + declare -A SOURCES=( + [vaultwarden]="/var/lib/vaultwarden/" + [tailscale]="/var/lib/tailscale/" + [kitchenowl]="/var/lib/kitchenowl/" + ) + + REMOTE_BASE="gdrive:backups" + NOW="$(date +%Y-%m-%d_%H%M)" + + for name in "''${!SOURCES[@]}"; do + SRC="''${SOURCES[$name]}" + DEST="''${REMOTE_BASE}/''${name}/''${NOW}" + + rclone copy "''${SRC}" "''${DEST}" --create-empty-src-dirs \ + --config /root/.config/rclone/rclone.conf + + mapfile -t dirs < <( + rclone lsf "''${REMOTE_BASE}/''${name}" --dirs-only --format p \ + --config /root/.config/rclone/rclone.conf | sort + ) + + if [ "''${#dirs[@]}" -gt 7 ]; then + remove_count=$(( ''${#dirs[@]} - 7 )) + for d in "''${dirs[@]:0:''${remove_count}}"; do + rclone purge "''${REMOTE_BASE}/''${name}/''${d%/}" \ + --config /root/.config/rclone/rclone.conf + done + fi + done + ''; in { # You can import other NixOS modules here @@ -36,6 +69,7 @@ in (modulesDirectory + /services/immich) (modulesDirectory + /services/paperless) (modulesDirectory + /services/filebrowser) + (modulesDirectory + /services/mediamtx) ]; sops.defaultSopsFile = ../../secrets/sops.yaml; @@ -48,8 +82,63 @@ in environment.systemPackages = with pkgs; [ git vim + rsync + rclone + fuse ]; + programs.fuse.userAllowOther = true; + + systemd.tmpfiles.rules = [ + "d /mnt/gdrive 0755 root root - -" + "d /mnt/gdrive/backups 0755 root root - -" + ]; + + systemd.services.rclone-gdrive = { + description = "Rclone mount for Google Drive"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = '' + ${pkgs.rclone}/bin/rclone mount \ + gdrive: /mnt/gdrive \ + --config /root/.config/rclone/rclone.conf \ + --allow-other \ + --dir-cache-time 12h \ + --vfs-cache-mode writes + ''; + ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/gdrive"; + Restart = "on-failure"; + RestartSec = "10s"; + }; + wantedBy = [ "multi-user.target" ]; + }; + + systemd.services.rsync-backups = { + description = "Rclone snapshot backups to Google Drive"; + serviceConfig = { + Type = "oneshot"; + ExecStart = backupScript; + User = "root"; + }; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.rclone + ]; + }; + + systemd.timers.rsync-backups = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-* 00,06,12,18:00:00"; + Persistent = true; + }; + }; + home-manager.users.fw = { # imports = [ # (modulesDirectory + /programs/beets) @@ -101,6 +190,11 @@ in port = 8126; domain = "files.wastring.com"; }; + mediamtx = { + enable = true; + host = "0.0.0.0"; + rtspPort = 8554; + }; glance = { enable = false; host = "127.0.0.1"; @@ -112,6 +206,10 @@ in domain = "wish.wastring.com"; }; + wedding = { + enable = true; + }; + forgejo = { enable = false; }; diff --git a/moduler/programs.nix b/moduler/programs.nix index 878e649..0cc8b58 100644 --- a/moduler/programs.nix +++ b/moduler/programs.nix @@ -81,6 +81,7 @@ bitwarden-cli lagrange jujutsu + rclone dbeaver-bin