Update restic backup paths on marauder

flake.nix

@@ -2,7 +2,7 @@
   description = "Nettika's NixOS Configurations";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
     shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
   };
 

hosts/marauder/backup.nix

@@ -1,11 +1,5 @@
 { pkgs, config, secrets, ... }:
 {
-  environment.systemPackages = with pkgs; [
-    restic
-    libnotify
-    backblaze-b2
-  ];
-
   systemd.services = {
     notify-backup-b2-failed = {
       description = "Notify on failed backup to B2";
@@ -26,8 +20,8 @@
 
   environment.etc = {
     "restic-env".text = ''
-      export B2_ACCOUNT_ID="${secrets.b2.accountId}"
+      B2_ACCOUNT_ID="${secrets.b2.accountId}"
-      export B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
+      B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
     '';
     "restic-password".text = secrets.restic.password;
   };
@@ -39,9 +33,12 @@
       repository = "b2:marauder-backup";
       passwordFile = "/etc/restic-password";
       paths = [
-        "${config.users.users.nettika.home}/Documents"
         "${config.users.users.nettika.home}/Artwork"
+        "${config.users.users.nettika.home}/Documents"
+        "${config.users.users.nettika.home}/Music"
+        "${config.users.users.nettika.home}/Pictures"
         "${config.users.users.nettika.home}/Projects"
+        "${config.users.users.nettika.home}/Videos"
       ];
       pruneOpts = [
         "--keep-daily 7"

hosts/marauder/default.nix

@@ -9,7 +9,10 @@
     ./printing.nix
   ];
 
-  networking.hostName = "marauder";
+  networking = {
+    hostName = "marauder";
+    firewall.enable = false;
+  };
 
   fileSystems = {
     "/" = {
@@ -45,18 +48,21 @@
   hardware = {
     enableRedistributableFirmware = true;
     cpu.amd.updateMicrocode = true;
-    opengl = {
+    graphics = {
       enable = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
       extraPackages = [ pkgs.vaapiVdpau ];
     };
-    nvidia.prime = {
+    nvidia = {
-      offload = {
+      open = true;
-        enable = true;
+      prime = {
-        enableOffloadCmd = true;
+        offload = {
+          enable = true;
+          enableOffloadCmd = true;
+        };
+        amdgpuBusId = "PCI:05:00:0";
+        nvidiaBusId = "PCI:01:00:0";
       };
-      amdgpuBusId = "PCI:05:00:0";
-      nvidiaBusId = "PCI:01:00:0";
     };
   };
 
@@ -80,14 +86,20 @@
       krita
       openscad-unstable
       bambu-studio
+      orca-slicer
 
       # Multimedia
       vlc
       ffmpeg
       (callPackage ./ffcheck.nix { })
 
-      # Productivity
+      # Misc
       obsidian
+      intiface-central
+      prismlauncher
+      blender
+      mullvad-vpn
+      qbittorrent
     ]);
   };
 
@@ -97,6 +109,23 @@
     dedicatedServer.openFirewall = true;
   };
 
+  programs.ssh.extraConfig = ''
+    Host quasar
+      HostName consortium.chat
+      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
+
+    Host monolith
+      HostName 10.243.210.154
+
+    Host fennbox
+      HostName 10.243.109.199
+      User fenn
+  '';
+
+  programs.nix-ld = {
+    enable = true;
+  };
+
   services.xserver = {
     enable = true;
     videoDrivers = [ "nvidia" ];

hosts/monolith/default.nix

@@ -1,4 +1,4 @@
-{ self, ... }:
+{ self, pkgs, ... }:
 {
   imports = [
     self.nixosModules.common
@@ -6,11 +6,13 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./vault.nix
   ];
 
   networking = {
     hostName = "monolith";
     hostId = "44551c32";
+    firewall.allowedTCPPorts = [ 8000 ];
   };
 
   fileSystems = {
@@ -39,6 +41,52 @@
     supportedFilesystems = [ "zfs" ];
   };
 
+  environment.systemPackages = with pkgs; [
+    rclone
+    beets
+    flac
+    screen
+    rustup
+    gcc
+    (callPackage ../marauder/ffcheck.nix { })
+    htop
+    mp3val
+  ];
+
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.navidrome = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      Address = "0.0.0.0";
+      MusicFolder = "/library/music";
+      Scanner.GroupAlbumReleases = "true";
+      ScanSchedule = "0";
+    };
+  };
+
+  systemd = {
+    services.reboot = {
+      description = "Reboot the system";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
+      };
+    };
+    timers.reboot = {
+      description = "Reboot the system every two hours";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "6h";
+        Persistent = true;
+      };
+    };
+  };
+
   promptEmoji = "🏰";
 
   time.timeZone = "America/Los_Angeles";

hosts/monolith/dns.nix

@@ -3,22 +3,16 @@
   systemd.services.update-dns = {
     serviceConfig.Type = "oneshot";
     description = "Update the leaf.ninja DNS records";
-    path = with pkgs; [ curl jq ];
+    path = with pkgs; [ curl ];
     script = ''
       public_ip=$(curl -s https://ifconfig.me/ip)
       endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
-      curl -s \
+      curl \
         -X PUT \
         -H "Authorization: Bearer ${secrets.gandi.token}" \
         -H "Content-Type: application/json" \
         -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        "$ENDPOINT/%2A/A" | jq
+        $endpoint/ostiary/A
-      curl -s \
-        -X PUT \
-        -H "Authorization: Bearer ${secrets.gandi.token}" \
-        -H "Content-Type: application/json" \
-        -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        "$ENDPOINT/%40/A" | jq
     '';
   };
 

hosts/monolith/vault.nix

@@ -0,0 +1,20 @@
+{ secrets, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      domain = "https://vault.leaf.ninja";
+      signupsAllowed = false;
+      rocketAddress = "0.0.0.0";
+      rocketPort = 8222;
+      smtpHost = "smtp.migadu.com";
+      smtpFrom = "vaultwarden@leaf.ninja";
+      smtpPort = 587;
+      smtpSecurity = "starttls";
+      smtpUsername = "vaultwarden@leaf.ninja";
+      smtpPassword = secrets.vaultwarden.smtpPassword;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8222 ];
+}