changing to real restic service

2026-03-15 23:08:24 -05:00
parent 621dda40eb
commit 3f743280ee
4 changed files with 150 additions and 20 deletions
--- a/modules/hosts/john-pc-ubuntu.nix
+++ b/modules/hosts/john-pc-ubuntu.nix
@@ -22,6 +22,7 @@ in
      desktop
      step-ssh-user
      mtls
+      restic
    ];
    targets.genericLinux.enable = true;

@@ -33,7 +34,7 @@ in
    home.packages = with pkgs; [
      nixos-rebuild
      (writeShellScriptBin "test-push" ''
-        nixos-rebuild switch --flake ${flakeDir}#janus --target-host root@${testTarget}
+        nixos-rebuild switch --flake ${flakeDir}#soteria --target-host root@${testTarget}
      '')
    ];

@@ -76,26 +77,35 @@ in
      };
    };
    sops.secrets."restic_password/john_ubuntu" = {
-      path = "${config.xdg.configHome}/resticprofile/password.txt";
+      path = "${config.xdg.configHome}/restic/password.txt";
+      mode = "0400";
    };
-    programs.resticprofile = {
-      enable= true;
-      profiles = {
-        default = {
-          "inherit" = "base";
-          repository = "rest:https://soteria.john-stream.com/john-ubuntu";
-          cacert = "${CACert}";
-          tls-client-cert = "${mtlsBundle}";
-          backup = {
-            source = [
-              "${config.xdg.userDirs.documents}"
-              "/conf"
-            ];
-            schedule = "*-*-* *:15,30,45:00";
-          };
-        };
-      };
+    restic = {
+      passwordFile = "${config.xdg.configHome}/restic/password.txt";
+      paths = [
+        "${config.xdg.userDirs.documents}"
+        "/conf"
+      ];
    };
+
+    # programs.resticprofile = {
+    #   enable= true;
+    #   profiles = {
+    #     default = {
+    #       "inherit" = "base";
+    #       repository = "rest:https://soteria.john-stream.com/john-ubuntu";
+    #       cacert = "${CACert}";
+    #       tls-client-cert = "${mtlsBundle}";
+    #       backup = {
+    #         source = [
+    #           "${config.xdg.userDirs.documents}"
+    #           "/conf"
+    #         ];
+    #         schedule = "*-*-* *:15,30,45:00";
+    #       };
+    #     };
+    #   };
+    # };
  };

  flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {
--- a/modules/hosts/soteria.nix
+++ b/modules/hosts/soteria.nix
@@ -0,0 +1,44 @@
+{ inputs, ... }:
+let
+  username = "john";
+  hostname = "soteria";
+  caURL = "https://janus.john-stream.com/";
+in
+{
+  flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
+    modules = with inputs.self.modules; [
+      nixos.lxc
+      nixos.sops
+      nixos.step-ssh-host
+      inputs.home-manager.nixosModules.home-manager
+      nixos."${username}"
+      nixos.zsh
+      nixos.login-text
+      nixos.mtls
+      {
+        networking.hostName = hostname;
+        step-ssh-host = {
+          hostname = hostname;
+          caURL = caURL;
+        };
+        mtls = {
+          enable = true;
+          subject = hostname;
+          caURL = caURL;
+          san = [
+            "${hostname}.john-stream.com"
+            # "192.168.1.244"
+          ];
+        };
+
+        home-manager.users."${username}" = {
+          imports = with inputs.self.modules.homeManager; [
+            sops
+            step-ssh-user
+          ];
+          shell.program = "zsh";
+        };
+      }
+    ];
+  };
+}