diff --git a/flake.nix b/flake.nix index 680c30b..a5b90d9 100644 --- a/flake.nix +++ b/flake.nix @@ -61,7 +61,7 @@ pkgs = import nixpkgs { inherit system; config.allowUnfree = true; - overlays = [ nur.overlays.default agenix.overlays.default ]; + overlays = [ nur.overlays.default ]; }; pkgs-unstable = import nixpkgs-unstable { inherit system; @@ -105,6 +105,12 @@ "tchristensen@beocat" = mkHomeConfiguration { hostname = "beocat"; }; + "millironx@harmony" = mkHomeConfiguration { + hostname = "harmony"; + arch = "aarch64"; + desktop = true; + }; + "millironx@odyssey" = mkHomeConfiguration { hostname = "odyssey"; desktop = true; diff --git a/homes/common.nix b/homes/common.nix index 61ba3f1..2b452dd 100644 --- a/homes/common.nix +++ b/homes/common.nix @@ -31,7 +31,6 @@ in { }; }; packages = with pkgs; [ - agenix btop cowsay figlet @@ -87,6 +86,14 @@ in { }; sessionPath = [ "$HOME/.local/bin" ]; activation = { + recordHmGitHash = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + cd "$HOME/.config/home-manager" || exit 1 + if [ -z "$(${pkgs.git}/bin/git status --porcelain --untracked-files=no)" ]; then + run echo "$(${pkgs.git}/bin/git rev-parse HEAD)" | tee $HOME/.cache/hm-git-hash + else + run echo '*' | tee $HOME/.cache/hm-git-hash + fi + ''; installRunic = lib.hm.dag.entryAfter [ "writeBoundary" ] '' run ${pkgs.julia-bin}/bin/julia --project=@runic --startup-file=no -e 'using Pkg; Pkg.add(name="Runic", version="${runic_version}")' ''; diff --git a/homes/harmony.nix b/homes/harmony.nix new file mode 100644 index 0000000..2e48431 --- /dev/null +++ b/homes/harmony.nix @@ -0,0 +1,95 @@ +{ config, lib, pkgs, pkgs-unstable, ... }: { + # harmony is an Asahi Fedora box + # I don't use NixOS, so there are some programs that don't interact well with + # the base system (or won't even install) when installed from Nix. + # There is no uniform way to trigger dnf package installs from Nix, so I'm + # just going to list my packages here. I hope to create a custom script that + # mimics the ideas of a Brewfile someday + # TODO: Create a Brewfile equivalent for dnf + + # dnf repos: + # https://github.com/terrapkg/packages?tab=readme-ov-file + # https://pkgs.tailscale.com/stable/fedora/tailscale.repo + # https://packagecloud.io/filips/FirefoxPWA + + # copr repos: + # iucar/rstudio + + # dnf packages: + # apptainer + # chromium + # firefoxpwa - The nix version installs an "immutable" runtime, which simply launches extra browser windows on non-NixOS + # inkscape + # kate + # kdiff3 + # krita + # lutris + # musescore + # nextcloud-client + # nextcloud-client-dolphin + # obs-studio + # podman-compose + # podman-docker + # qownnotes + # qt + # rssguard + # rstudio-desktop + # steam + # supertuxkart + # tailscale + # thunderbird + # vlc + # vorta - The vorta package is aarch64 compatible, but you cannot see any icons, and it cannot access local ssh keys, so we have to use the dnf package instead + # yakuake + # zed + # zsh + # R + # https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm + home = { + username = "millironx"; + homeDirectory = "/home/millironx"; + # Signal desktop is not available in any other package repository for aarch64 linux + # Similarly, Bitwarden is non-functional in all other forms using a 16k page size + packages = with pkgs; [ + trayscale + veracrypt + pkgs-unstable.signal-desktop + pkgs.bitwarden-desktop + ]; + }; + programs = { + git = { + signing = { + key = "0x37A3041D1C8C4524!"; + signByDefault = true; + }; + }; + }; + services = { + gpg-agent = { sshKeys = [ "207D13371E19752A67AA2686C16354D9963821DB" ]; }; + }; + xdg = { + configFile = { + "nextflow.config".text = '' + params { + config_profile_description = 'harmony Asahi Linux local profile' + config_profile_contact = 'Thomas A. Christensen II <25492070+MillironX@users.noreply.github.com>' + config_profile_url = null + + max_memory = 12.GB + max_cpus = 12 + max_time = 7.d + } + + apptainer { + enabled = true + autoMounts = true + } + + process { + executor = 'local' + } + ''; + }; + }; +} diff --git a/inventory.yaml b/inventory.yaml index 63f1f3c..ba53698 100644 --- a/inventory.yaml +++ b/inventory.yaml @@ -3,13 +3,20 @@ ungrouped: hosts: localhost: ansible_connection: local + harmony: + ansible_connection: local odyssey: ansible_connection: local +asahi: + hosts: + harmony: + amd64: hosts: odyssey: fedora: hosts: + harmony: odyssey: diff --git a/playbooks/config.yaml b/playbooks/config.yaml index 156dc63..4aa2dd4 100644 --- a/playbooks/config.yaml +++ b/playbooks/config.yaml @@ -11,7 +11,7 @@ mode: "755" - name: Create Firefox DNS policy ansible.builtin.template: - src: "policies.json" + src: "{{ playbook_dir }}/../templates/policies.json" dest: /etc/firefox/policies/policies.json mode: "644" diff --git a/playbooks/nix.yaml b/playbooks/nix.yaml index 50d9952..672725f 100644 --- a/playbooks/nix.yaml +++ b/playbooks/nix.yaml @@ -45,8 +45,7 @@ register: home_manager_exists - name: Init home-manager ansible.builtin.shell: | - /nix/var/nix/profiles/default/bin/nix run home-manager -- switch \ - --flake git+https://code.millironx.com/millironx/nix-dotfiles#{{ ansible_user_id }}@{{ ansible_hostname }} + /nix/var/nix/profiles/default/bin/nix run home-manager -- switch --flake git+https://code.millironx.com/millironx/nix-dotfiles#{{ ansible_user_id }}@{{ ansible_hostname }} when: not home_manager_exists.stat.exists register: home_manager_init changed_when: home_manager_init.rc == 0 diff --git a/playbooks/packages.yaml b/playbooks/packages.yaml index b3d0947..612acde 100644 --- a/playbooks/packages.yaml +++ b/playbooks/packages.yaml @@ -1,9 +1,55 @@ --- -- name: Configure dnf packages +# These are repos and packages that are useless or unavailable on Asahi Linux, +# or have completely separate install procedures. +- name: Configure amd64-specific dnf packages + hosts: amd64 + become: true + tasks: + - name: Install x86-specific dnf packages + ansible.builtin.dnf: + name: + - libdvdcss + - mkvtoolnix + - mpv + - protontricks + - x264 + - x264-libs + state: present + - name: Install VeraCrypt + ansible.builtin.dnf: + name: https://launchpad.net/veracrypt/trunk/1.26.20/+download/veracrypt-1.26.20-Fedora-40-x86_64.rpm + state: present + disable_gpg_check: true + +- name: Configure amd64-specific Flatpaks + hosts: amd64 + become: false + tasks: + - name: Install x86-specific Flatpaks + community.general.flatpak: + name: + - com.bitwarden.desktop + - com.slack.Slack + - dev.deedles.Trayscale + - org.signal.Signal + state: latest + method: user + remote: flathub + +- name: Configure Asahi Linux-specific dnf packages + hosts: asahi + become: true + tasks: + - name: Install aarch64-specific dnf packages + ansible.builtin.dnf: + name: + - veracrypt + +- name: Configure common (all arch) dnf packages hosts: fedora become: true tasks: - - name: Install dnf packages + - name: Install common (all arch) dnf packages ansible.builtin.dnf: name: - chromium @@ -18,19 +64,15 @@ - kdenlive - kdiff3 - krita - - libdvdcss - libjpeg-devel - libpng-devel - libtiff-devel - libwebp-devel - - mkvtoolnix - - mpv - musescore - nextcloud-client - nextcloud-client-dolphin - obs-studio - onedrive - - protontricks - qownnotes - qt - rssguard @@ -40,8 +82,6 @@ - thunderbird - vlc - vorta - - x264 - - x264-libs - yakuake - zed - zsh @@ -52,11 +92,6 @@ name: https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm state: present disable_gpg_check: true - - name: Install VeraCrypt - ansible.builtin.dnf: - name: https://launchpad.net/veracrypt/trunk/1.26.20/+download/veracrypt-1.26.20-Fedora-40-x86_64.rpm - state: present - disable_gpg_check: true - name: Install rig (R installation manager) ansible.builtin.dnf: name: https://github.com/r-lib/rig/releases/download/latest/r-rig-latest-1.{{ ansible_architecture }}.rpm @@ -74,23 +109,19 @@ name: "*" state: latest # noqa: package-latest -- name: Configure Flatpaks +- name: Configure common (all arch) Flatpaks hosts: fedora become: false tasks: - - name: Install Flatpaks + - name: Install common (all arch) Flatpaks community.general.flatpak: name: - - com.bitwarden.desktop - com.github.tchx84.Flatseal - com.logseq.Logseq - - com.slack.Slack - - dev.deedles.Trayscale - io.freetubeapp.FreeTube - io.github.alainm23.planify - io.github.dweymouth.supersonic - io.openrct2.OpenRCT2 - - org.signal.Signal - org.zulip.Zulip - net.ankiweb.Anki state: latest diff --git a/playbooks/repos.yaml b/playbooks/repos.yaml index 36b2eb0..b771518 100644 --- a/playbooks/repos.yaml +++ b/playbooks/repos.yaml @@ -1,6 +1,6 @@ --- -- name: Configure dnf package repositories - hosts: fedora +- name: Configure amd64-specific package repositories + hosts: amd64 become: true tasks: - name: Install RPM Fusion free repository @@ -20,6 +20,31 @@ - name: Install Zotero COPR repository community.general.copr: name: "mozes/zotero7" + +# Asahi Linux comes with its own strange version of RPMFusion installed, so +# RPMFusion is installed only on amd64 systems. In addition, VeraCrypt and +# Zotero *are* available via COPR, but from different repos than their amd64 +# counterparts. +# Also, Asahi has its own version string, so we have to manually specify the +# chroot for COPR repos added via Ansible. This is handled automatically when +# using `dnf copr enable ...`, but not via Ansible. +- name: Configure Asahi Linux-specific package repositories + hosts: asahi + become: true + tasks: + - name: Install Zotero COPR repository + community.general.copr: + name: "isaksamsten/Zotero" + chroot: "fedora-{{ ansible_distribution_major_version }}-aarch64" + - name: Install VeraCrypt COPR repository + community.general.copr: + name: "architektapx/veracrypt" + chroot: "fedora-{{ ansible_distribution_major_version }}-aarch64" + +- name: Configure common (all arch) package repositories + hosts: fedora + become: true + tasks: - name: Install Tailscale repo ansible.builtin.yum_repository: name: tailscale-stable @@ -85,7 +110,7 @@ register: terra_priority changed_when: terra_priority.rc != 0 -- name: Configure Flatpack remotes +- name: Configure Flathub remote hosts: fedora become: false tasks: diff --git a/secrets.nix b/secrets.nix index 15c2329..c0d5047 100644 --- a/secrets.nix +++ b/secrets.nix @@ -6,30 +6,28 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxTfeg+GZsfmG8TuEV1xW1gXknAIKzZ3UjZ3guRY+EW root@nixos"; bosephus-millironx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKaDPqRJHoqgY2pseh/mnhjaGWXprHk2s5I52LhHpHcF millironx@bosephus"; + odyssey-millironx = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9Aj7BtQp1Roa0tgopDrUo7g2am5WJ43lO1d1fDUz45 millironx@odyssey"; corianne-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHKKkucebeb1GcerOZAAs5GQsgTS8kXw5W41b9Fy9+hp root@corianne.local"; corianne-millironx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgL2lO9RJBdQYANoxGyWXcNKi5/NZkRHHo/rNqaYMc/ millironx@corianne"; - mcentire-host = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINT51tQgsKzTIQc9WSQj01h/gPRvAD3k9jRhXppY7xmd root@nixos"; - odyssey-millironx = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9Aj7BtQp1Roa0tgopDrUo7g2am5WJ43lO1d1fDUz45 millironx@odyssey"; + harmony-millironx = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFBYxsCkw+ObDzIvU8z/rSlYcQx0JIt1bCVxKcDxeNNZ millironx@harmony"; + system-administrators = [ anderson-millironx bosephus-millironx odyssey-millironx corianne-millironx + harmony-millironx ]; in { - "secrets/ansible-vault-password.age".publicKeys = system-administrators; - "secrets/borgmatic-passphrase.age".publicKeys = system-administrators - ++ [ mcentire-host ]; - "secrets/borgmatic-ssh-config.age".publicKeys = system-administrators - ++ [ mcentire-host ]; - "secrets/darwin-policies-json.age".publicKeys = system-administrators - ++ [ corianne-host ]; "secrets/network-information.age".publicKeys = system-administrators ++ [ bosephus-host ]; "secrets/pihole.age".publicKeys = system-administrators ++ [ bosephus-host ]; + "secrets/ansible-vault-password.age".publicKeys = system-administrators; + "secrets/darwin-policies-json.age".publicKeys = system-administrators + ++ [ corianne-host ]; } diff --git a/secrets/ansible-vault-password.age b/secrets/ansible-vault-password.age index 9234dd3..d833716 100644 --- a/secrets/ansible-vault-password.age +++ b/secrets/ansible-vault-password.age @@ -1,11 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 il3lzQ WthM+rK9ntTt0GkP6Z7kuFeOCMkYdY5OkoxtIY8xnk8 -howoRiqpwVW+K4ybhHngRfqobGOqSlye6da6+QJg2xU --> ssh-ed25519 1g/xww 7iNs/T1MXDvZTtbz3s9Dx8CERfL4TBpn4fwhSv8j+yQ -cHXWpo3FEmkD2867IhdCpG4Pkq+LRkvi54OvTeSQA8s --> ssh-ed25519 +kBihw HXgixNdqoB102vJDQ74UhC2wUIpYNv21ZvfFRgPmyX4 -09wYp8mUSl0ixLbtbK3E+u/7KVx8bYXTAwbzWN9TX/k --> ssh-ed25519 dbKeHw PhePJgvp9fRMEJdtYwq3MV+CfNbEs1xJrQefJPQtl3Y -muMZYzYC8aHJBq96Z12pvxA32Cs4KFcG/0YHVT6tX8o ---- lunvYfBDg4+g00hMQJc6ZHQiBQ9k/qubJBYQ+p6aXhc -Ϛ:VnߛTFW=r TvM_=!՟Ǧ~N0 IPem̮.3/T[ \ No newline at end of file +-> ssh-ed25519 il3lzQ 8BY+QUEGqILKLs6ROw7llEOhx0GgrfFeKDcEgHePUFw +SPiG48tkp5ewFc6/uNj+541B6YJODGmDFEbET2BfoZ0 +-> ssh-ed25519 1g/xww HyUG/jNJgHCceV/9vaaoSHc681x6Gg/uY+RIfQxIBxU +6XVufQ4A9r8HPU9QLZ/idx3NjDf+UeKVMhtk9+Awy4E +-> ssh-ed25519 +kBihw XjhEk6TF6M5OalqVQNpAemlmgMIJnfuH6M600DnJql0 +3zQPJZcsfnbUqRf5XWTJNbyqMb/rsSBIkS7YlYsyMcs +-> ssh-ed25519 dbKeHw nIG5Z+XdJ3dyMxFOxyFMHw5sUkRJ2dsooJbIScNwlxM +brJoiOSQcwgs3vNSk8eK6dzH3zfQGFNdEWj3jjMM5e0 +-> ssh-ed25519 Svnssw +VFbKj457mYT3GXQSacQ13J8MSkYe6A26ssNbqh8LAQ +rJzIG170BcRlsLERhnfaqgRFeAL4Yw7zvtb1gGvUkCU +--- ebIxmIBuNqNgfVWvOJc/0OpFBf3Q7pmApGgHYjrtJI8 +AeO:(7_x0׷ jfV /D.8⿀1ߠ[qf!7ht0Y \ No newline at end of file diff --git a/secrets/borgmatic-passphrase.age b/secrets/borgmatic-passphrase.age deleted file mode 100644 index 31b7e97..0000000 --- a/secrets/borgmatic-passphrase.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 il3lzQ NZt+Qn166/k1xA8H+0i40Nf0QUcNoo/mPB4xEsbc52g -WDnvHlN0EAM3kcH4P0w9Fl6LaPYFLK9uhbL2C/asXkQ --> ssh-ed25519 1g/xww 607VONmCuvQWVfbXOwtW36OrLDSmC1b3FJfcXG8coVk -aKmWBrjrk3cUfGJuEwmuzgiMfeqaDM4sFA9lSEyXb2A --> ssh-ed25519 +kBihw mUCQloe1iMe4TupQmQRV/SsvDl7GYAy9qNgd/9QuRVs -pl5NvOjZpOmslTm34qhyIY8ihbGfvi5TUMNIN+KftQA --> ssh-ed25519 dbKeHw mDRPmYMHU/U39xGm+cPt/DDX1VFwJR9q7Ej393eygjc -sneArlOp/HU1N9aXQjGunmcL2lSJ+uUfnLUKJrfuwWY --> ssh-ed25519 +C0WRg +swZ49g3n/MdCXcaVVN+oJppbhVOeYyVhJBA/0O+zFI -PleOEzaPcOWCQKSULfZ1V8MIcuzS7W0J6KoqSQWuM44 ---- RtNvvt/RSfurXkC29xKp02PWD5+8Ikrdh3JJHzcUECM -r -ǔj &(F-WlEϮ3~K@BO,hJ-^ ,#yڦBn#qִr39PjsgdiÆв?o><^+E4< )K7;/xߎؔ -bh \ No newline at end of file diff --git a/secrets/borgmatic-ssh-config.age b/secrets/borgmatic-ssh-config.age deleted file mode 100644 index cae035c..0000000 --- a/secrets/borgmatic-ssh-config.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 il3lzQ +g4/yAloij23EO70Lwv3NHdzUlI3yM17V+GZVet+DB4 -KoJqTEeF5ol4q+ZwcO+bWsP+hKszCMAUrok0yU+L6WU --> ssh-ed25519 1g/xww aGc6VKpwoGQyjsPxc4hFPqc5sTzpOx/p7AJL2otF3QE -u5gZXqSUKLMxKsekgixy5h57GZVmIXChnxOTq5iFv9o --> ssh-ed25519 +kBihw FESLL/bEja1rrQm4V2VIFM9pEuP8ydNSiHgatiEqWDk -Y5D1RoMCKuX3HxUpebwNUgJFQJnJR0GILNeg2DOPaDs --> ssh-ed25519 dbKeHw EiccNUjhFewzAI+OWDrZnGNZbY1uoP99EJhvDn3AKyw -QQohrq0jZJIwXGkycvn7Q4JFJmkhUwxXZEB5HN217Tg --> ssh-ed25519 +C0WRg rbfEQSHbKDIvm6p2o9CiJIMNRFWlKaQE7TALCdgauzs -6NWlDEKfWnYHFwleqOF6fSOzjxNkjdBFeFRl1Cj1L9A ---- E6T4y6crIEiWxE3G9OOQDrRky4919i7FM0zDnPiqUH4 -d bt=p(Wwx9r }&l -g`ep~kP$vUH"-,4&Nh#%8]@(I BJY 4eQs"wNr-Cmqx -!q \ No newline at end of file diff --git a/secrets/darwin-policies-json.age b/secrets/darwin-policies-json.age index 258d0b2..eabc269 100644 Binary files a/secrets/darwin-policies-json.age and b/secrets/darwin-policies-json.age differ diff --git a/secrets/network-information.age b/secrets/network-information.age index a1394fe..bccc467 100644 --- a/secrets/network-information.age +++ b/secrets/network-information.age @@ -1,15 +1,15 @@ age-encryption.org/v1 --> ssh-ed25519 il3lzQ DhOVslXJ/kZmHvfCLw3rPiRrR1NxTC6zV6Di9WOUY1o -i+OTfk7LWc3rT+T8yFGlPabsgVkddPAr3D6oc5hpe/Y --> ssh-ed25519 1g/xww xiWVbXWJXtgPLnPWC5bRCvdgceKuY/7wrAbWGlBmZWA -C7rwIOD0xGzTpGRgAycHlspsGaLLwFG6j+6/vPkVtkI --> ssh-ed25519 +kBihw E2rOacH/0J3YWuplB01z51r/MW3jF36l1C+QeqY6zls -162dh2KpWV71727zPZ2fpS7btQsQ/IL43kuViypZwWc --> ssh-ed25519 dbKeHw k4ZekrotAzMlC6+RifphXj108iEra0AH4DrCxOSI/gg -+9eibvHzF88lm9Qi/FCfW87D9BW25+zkzQbnhe/F3Rw --> ssh-ed25519 jb0ALQ Z8WYL7/D990/IWBHGKZInn3Rffol0jnraGQyQbqCdWE -LQa3mmMrA6Qx8wChzlWmB3M2OAtjVep5ryOZH3oZOMA ---- avI87pf1OwXk3BW8w9jW95NK4U/vfUg0pJoqjQ6eCS4 -75l7gϹNU%*-^$z1,4G԰@:~,Se@7p -= >H0㭅m7mUW -W-y EÎ8+gM/- z 펈5%l0l صΙ|JEz y=a1jpIQfܝ3 \ No newline at end of file +-> ssh-ed25519 il3lzQ X/F7G7EJbo6QTCGBSp2irApe2qkFUmj2OytrpOVVQ2w +yjitkwkxhNJLxSK4zF25o2lhZO6drBkjwHYykcPnoIw +-> ssh-ed25519 1g/xww HriK0yZF3EEh2mB8RpVWBGzuPiK1DB80BeXZAt5Runo +8ke05EDxykN/tu5wEzL3RvRnleBeWKpblm/iXb0pJ8U +-> ssh-ed25519 +kBihw bG3XH77yhvMR+HsJMwi1WsXo4aSm5ez80gRlgkTosSo +/WhUI2gKt94naWkeDrXvxnc2fsJvqmcARJnnhrU9sjw +-> ssh-ed25519 dbKeHw Bugbp/ovWaODwR6msKnGB3D/dT/ZMmFyr6Za0VAJqBQ ++FfFa1w5/Ok8rIhp+NOBxfqoGFFlGwt8hPhxzibAVf8 +-> ssh-ed25519 Svnssw xpuVCV4OJi8G8R5vuSMio9hoRWmufOsCaEyhLMKarh0 +/82i3ZFwQtMonTj4wfa9KPig9qUIJomVYk3QlpB4rJk +-> ssh-ed25519 jb0ALQ cbnyjqANs0f/CsiD/peCuJuMJfuaNKIIzbd/87OEV2Y +iQmJxEOQuharrlkiaOdQXnTSUcsq+b7BzSo+G35QJIw +--- eDJuMw4WC33Ihy5OBr2gkeewAFBpCa3gO3CYehr5bOo +VR@X[6gȣl ʑm.P4MiYt̾~ x\Y㒊UMGd܏{'mB,@[e]{NbN] a!*ͬ`YQn95 'q5]-6:FYL$} \ No newline at end of file diff --git a/secrets/pihole.age b/secrets/pihole.age index 3e0bcc9..dfe146e 100644 Binary files a/secrets/pihole.age and b/secrets/pihole.age differ diff --git a/secrets_harmony.enc b/secrets_harmony.enc new file mode 100644 index 0000000..e91177d --- /dev/null +++ b/secrets_harmony.enc @@ -0,0 +1,6 @@ +$ANSIBLE_VAULT;1.1;AES256 +38383539613238613864336630316433666436623334313334393762396536663530336264306661 +3338616565316138616666343862366638643134343931320a633366363539326461346636373738 +66393138653463663536313065623332383166386332303564323939336630333163623637386434 +6538393966633731660a616437356233643234363562366433663437383439326161353330356331 +63346432663036353332303266343361346266396437396131376531303265356233 diff --git a/services/borgmatic.nix b/services/borgmatic.nix deleted file mode 100644 index 28b1b45..0000000 --- a/services/borgmatic.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs, config, ... }: { - - # We don't want to expose the location where borg backups are going, so we - # will setup an encrypted ssh config that references the host/username - # combo as simply 'borgserver' - age.secrets = { - borgmatic-ssh-config = { file = ./../secrets/borgmatic-ssh-config.age; }; - borgmatic-passphrase = { file = ./../secrets/borgmatic-passphrase.age; }; - }; - - services.borgmatic = { - enable = true; - - # This is the bare-bones way to get Borgmatic up and running. Other services - # are expected to declare their stateful directories by adding to - # `services.borgmatic.configurations."${config.networking.hostName}".source_directories` - # and to add their databases to - # `services.borgmatic.configurations."${config.networking.hostName}".[mariadb|postgresql|etc]_databases` - - configurations."${config.networking.hostName}" = { - source_directories = [ "/home" "/root" ]; - repositories = [{ - label = "${config.networking.hostName}-default"; - path = "ssh://borgserver/./repo"; - }]; - ssh_command = - "${pkgs.openssh}/bin/ssh -F ${config.age.secrets.borgmatic-ssh-config.path}"; - encryption_passcommand = - "${pkgs.coreutils}/bin/cat ${config.age.secrets.borgmatic-passphrase.path}"; - retention = { - keep_daily = 7; - keep_weekly = 4; - keep_monthly = 6; - }; - }; - }; -} diff --git a/systems/linux/mcentire.nix b/systems/linux/mcentire.nix index 60fd158..07135d1 100644 --- a/systems/linux/mcentire.nix +++ b/systems/linux/mcentire.nix @@ -4,7 +4,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration/mcentire.nix ./../../services/nixos-update.nix - ./../../services/borgmatic.nix ./../../services/crowdsec.nix ]; diff --git a/playbooks/templates/policies.json b/templates/policies.json similarity index 100% rename from playbooks/templates/policies.json rename to templates/policies.json