box zfs

2026-01-19 22:37:30 -08:00
parent 3b33575b2a
commit d0cde973e7
21 changed files with 818 additions and 243 deletions
@@ -1,4 +1,5 @@
-{ self, pkgs, ... }: {
+{ self, pkgs, ... }:
+{
  imports = [
    ./configuration.nix
    ../profiles/core
@@ -6,10 +7,10 @@
    ../profiles/taskd
    ../profiles/shaarli
    ../profiles/dns
-    # ../profiles/monitoring
+    ../profiles/monitoring
    ../profiles/nfs
    ../profiles/gonic
-    ../profiles/headphones 
+    ../profiles/headphones
    ../profiles/radicale
    # ../profiles/seafile # waiting for https://github.com/NixOS/nixpkgs/pull/249523 to be merged
    ../profiles/syncthing
@@ -19,64 +20,69 @@
    ../profiles/finance
    ../profiles/sync/website
    ../profiles/sync/music
-    ../profiles/grasp
-    # ../profiles/archivebox
-    # ../profiles/woodpecker-agent
-    # ../profiles/jellyfin
+    # ../profiles/grasp # private repo - disabled
+    # ../profiles/archivebox # requires insecure django - fix in flake.nix permittedInsecurePackages
+    ../profiles/woodpecker-agent
+    ../profiles/jellyfin
    ../profiles/ulogger-server
    ../profiles/immich
    ../profiles/jacket
    ../profiles/gpodder
    ../profiles/transmission
    ../profiles/raven
-    #../profiles/postgres_upgrade_script
+    # ../profiles/postgres_upgrade_script # one-time use
  ];

  # Backups
  age.secrets.borg-password.file = "${self}/secrets/borg-password.age";
  services.postgresqlBackup = {
    enable = true;
-    databases = [ "wallabag" "immich" "ulogger" ];
-    location = "/var/backup/postgresql";
+    databases = [
+      "wallabag"
+      "immich"
+      "ulogger"
+    ];
+    location = "/tank/backup/postgresql";
  };
  mossnet.backup = {
    enable = true;
    name = "mossnet";
    paths = [
      "/var/lib/taskserver" # taskwarrior
-      "/var/www/shaarli-config" # sharli
-      "/var/backup/postgresql" # wallabag
+      "/var/www/shaarli-config" # shaarli
+      "/tank/backup/postgresql" # postgresql backups
      "/var/lib/radicale" # radicale
-      "/home/anish/usr/drawing" # syncthing
-      "/data/books" # calibre-web
-      # "/home/anish/usr/nonfiction" # syncthing
+      "/tank/syncthing/drawing" # syncthing
+      "/tank/books" # calibre-web
      "/home/anish/usr/finance" # beancount
-      "/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul
-      "/mnt/two/photos"
-      "/mnt/two/music"
+      "/tank/postgres" # postgres data
+      "/tank/media/photos"
+      "/tank/media/music"
    ];
-    # seafile
  };

  # opencode-manager ports
  networking.firewall = {
    allowedTCPPorts = [
-      5003  # opencode-manager backend
-      5173  # opencode-manager frontend
-      5551  # opencode server
+      5003 # opencode-manager backend
+      5173 # opencode-manager frontend
+      5551 # opencode server
    ];
-    allowedTCPPortRanges = [{
-      from = 7000;
-      to = 9000;
-    }]; # ports for testing user changes
+    allowedTCPPortRanges = [
+      {
+        from = 7000;
+        to = 9000;
+      }
+    ]; # ports for testing user changes
  };

  environment.systemPackages = with pkgs; [ lm_sensors ];
-  hardware.fancontrol = {
-    enable = false;
-    config = '''';
-  };
+  # hardware.fancontrol = {
+  #   enable = false;
+  #   config = '''';
+  # };

+  # Secrets
  age.secrets.box-wg.file = "${self}/secrets/box-wg.age";
  age.secrets.box-wg.owner = "anish";
  age.secrets.borg-key.file = "${self}/secrets/borg-key.age";