diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 566b250..6955d7b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,30 +10,26 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4.2.1 - - name: Clean up storage - run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL - - sudo docker image prune --all --force - - sudo docker builder prune -a - - ' - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v14 + uses: NixOS/nix-installer-action@main with: - extra-conf: allow-import-from-derivation = true + extra-conf: 'accept-flake-config = true + + max-jobs = auto + + ' - name: Add SSH keys to ssh-agent uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SECRETS_DEPLOY_KEY }} - name: Setup Attic cache - uses: ryanccn/attic-action@v0.3.1 + uses: ryanccn/attic-action@v0 with: cache: e10 endpoint: https://cache.e10.camp token: ${{ secrets.ATTIC_TOKEN }} - name: Use Cachix store - uses: cachix/cachix-action@v15 + uses: cachix/cachix-action@master with: authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} installCommand: nix profile add github:NixOS/nixpkgs/nixpkgs-unstable#cachix @@ -58,34 +54,38 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4.2.1 - - name: Clean up storage - run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL - - sudo docker image prune --all --force - - sudo docker builder prune -a - - ' - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v14 + uses: NixOS/nix-installer-action@main with: - extra-conf: allow-import-from-derivation = true + extra-conf: 'accept-flake-config = true + + max-jobs = auto + + ' - name: Add SSH keys to ssh-agent uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SECRETS_DEPLOY_KEY }} - name: Setup Attic cache - uses: ryanccn/attic-action@v0.3.1 + uses: ryanccn/attic-action@v0 with: cache: e10 endpoint: https://cache.e10.camp token: ${{ secrets.ATTIC_TOKEN }} - name: Use Cachix store - uses: cachix/cachix-action@v15 + uses: cachix/cachix-action@master with: authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} installCommand: nix profile add github:NixOS/nixpkgs/nixpkgs-unstable#cachix name: e10 + - name: Clean up storage + run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL + + sudo docker image prune --all --force + + sudo docker builder prune -a + + ' - run: 'nix build .#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel --accept-flake-config --show-trace diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 7e94cd5..160c5c5 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -5,30 +5,26 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4.2.1 - - name: Clean up storage - run: 'sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL - - sudo docker image prune --all --force - - sudo docker builder prune -a - - ' - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v14 + uses: NixOS/nix-installer-action@main with: - extra-conf: allow-import-from-derivation = true + extra-conf: 'accept-flake-config = true + + max-jobs = auto + + ' - name: Add SSH keys to ssh-agent uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SECRETS_DEPLOY_KEY }} - name: Setup Attic cache - uses: ryanccn/attic-action@v0.3.1 + uses: ryanccn/attic-action@v0 with: cache: e10 endpoint: https://cache.e10.camp token: ${{ secrets.ATTIC_TOKEN }} - name: Use Cachix store - uses: cachix/cachix-action@v15 + uses: cachix/cachix-action@master with: authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} installCommand: nix profile add github:NixOS/nixpkgs/nixpkgs-unstable#cachix diff --git a/deploy/terraform/vms.tf b/deploy/terraform/vms.tf index 4ba1a84..c1b4d10 100644 --- a/deploy/terraform/vms.tf +++ b/deploy/terraform/vms.tf @@ -462,6 +462,12 @@ resource "proxmox_virtual_environment_vm" "controller" { usb3 = true } + # TP-Link bluetooth adapter + usb { + host = "2357:0604" + usb3 = true + } + startup { down_delay = -1 order = 2 diff --git a/flake.lock b/flake.lock index d233d1a..8ae5a28 100644 --- a/flake.lock +++ b/flake.lock @@ -392,11 +392,11 @@ "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -1344,11 +1344,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { diff --git a/hosts/bastion/profiles/caddy/default.nix b/hosts/bastion/profiles/caddy/default.nix index ae0dd3c..021f126 100644 --- a/hosts/bastion/profiles/caddy/default.nix +++ b/hosts/bastion/profiles/caddy/default.nix @@ -93,11 +93,6 @@ inherit (hosts.htpc.config.services.sonarr) port; }; - "huntarr.e10.camp" = { - host = hosts.htpc; - inherit (hosts.htpc.config.services.huntarr) port; - }; - "bazarr.e10.camp" = { host = hosts.htpc; port = hosts.htpc.config.services.bazarr.listenPort; @@ -312,7 +307,12 @@ } ''; extraReverseProxyConfig = '' - header_up X-Real-IP {remote_host} + header_up X-Real-IP {http.request.remote.host} + + transport http { + read_buffer 0 + write_buffer 0 + } ''; }; }; diff --git a/hosts/builder/configuration.nix b/hosts/builder/configuration.nix index 04ad007..d34e784 100644 --- a/hosts/builder/configuration.nix +++ b/hosts/builder/configuration.nix @@ -1,10 +1,10 @@ { suites, profiles, ... }: { imports = with suites; - core ++ local ++ proxmox-vm ++ [ - profiles.services.attic-watch-store.default + core ++ proxmox-vm ++ [ profiles.emulation.aarch64-linux profiles.remote-builder.builder profiles.remote-builder.substituter + profiles.services.attic-watch-store.default ] ++ [ ./hardware-configuration.nix ./disk-config.nix ]; boot.loader.grub.devices = diff --git a/hosts/controller/configuration.nix b/hosts/controller/configuration.nix index 9b56cc8..3f0c19c 100644 --- a/hosts/controller/configuration.nix +++ b/hosts/controller/configuration.nix @@ -1,6 +1,6 @@ { profiles, suites, ... }: { imports = with suites; - core ++ local ++ proxmox-vm ++ [ + core ++ proxmox-vm ++ [ profiles.communications.mosquitto.default profiles.hardware.bluetooth profiles.home-automation.home-assistant.default diff --git a/hosts/htpc/configuration.nix b/hosts/htpc/configuration.nix index 22f5288..53fe8ea 100644 --- a/hosts/htpc/configuration.nix +++ b/hosts/htpc/configuration.nix @@ -1,13 +1,13 @@ { suites, profiles, pkgs, secrets, ... }: { imports = with suites; - core ++ local ++ proxmox-vm ++ [ + core ++ proxmox-vm ++ [ profiles.filesystems.blockbuster profiles.filesystems.files.personal profiles.hardware.nvidia + profiles.home-automation.frigate.default profiles.media-management.bazarr.default profiles.media-management.declutarr.default profiles.media-management.fileflows.server - profiles.media-management.huntarr profiles.media-management.jellyfin profiles.media-management.jellyseerr profiles.media-management.plex @@ -17,9 +17,8 @@ profiles.media-management.sabnzbd.default profiles.media-management.sonarr.default profiles.media-management.tautulli - profiles.media-management.wizarr - profiles.home-automation.frigate.default profiles.media-management.tracearr.default + profiles.media-management.wizarr profiles.services.attic-watch-store.default profiles.sharing.nfs-client profiles.telemetry.prometheus-dcgm-exporter @@ -65,11 +64,19 @@ environment.systemPackages = with pkgs; [ mediainfo ]; - services.borgmatic.configurations.system.exclude_patterns = [ - "/var/lib/sabnzbd/downloads" - "/var/lib/plex/transcodes" - "/var/lib/fileflows/Temp" - ]; + services.restic.backups = { + system-omnibus.exclude = [ + "/var/lib/sabnzbd/downloads" + "/var/lib/plex/transcodes" + "/var/lib/fileflows/Temp" + ]; + + system-rsync-net.exclude = [ + "/var/lib/sabnzbd/downloads" + "/var/lib/plex/transcodes" + "/var/lib/fileflows/Temp" + ]; + }; system.stateVersion = "24.05"; } diff --git a/hosts/matrix/configuration.nix b/hosts/matrix/configuration.nix index c2e7a61..cb2b328 100644 --- a/hosts/matrix/configuration.nix +++ b/hosts/matrix/configuration.nix @@ -1,6 +1,6 @@ { lib, suites, profiles, ... }: { imports = with suites; - core ++ local ++ proxmox-vm ++ [ + core ++ proxmox-vm ++ [ profiles.databases.postgresql profiles.emulation.aarch64-linux profiles.filesystems.blockbuster @@ -63,8 +63,10 @@ }; }; - services.borgmatic.configurations.system.source_directories = - lib.mkAfter [ "/var/www" ]; + services.restic.backups = { + system-omnibus.paths = lib.mkAfter [ "/var/www" ]; + system-rsync-net.exclude = lib.mkAfter [ "/var/www" ]; + }; system.stateVersion = "24.05"; } diff --git a/hosts/monitor/configuration.nix b/hosts/monitor/configuration.nix index a17e769..020fbce 100644 --- a/hosts/monitor/configuration.nix +++ b/hosts/monitor/configuration.nix @@ -3,8 +3,8 @@ core ++ aws ++ web ++ [ profiles.communications.grafana-to-ntfy.default profiles.communications.ntfy - profiles.monitoring.loki.default profiles.monitoring.influxdb2.default + profiles.monitoring.loki.default profiles.monitoring.rsyslogd profiles.monitoring.thanos.default profiles.observability.gatus.default diff --git a/hosts/monitor/profiles/grafana/default.nix b/hosts/monitor/profiles/grafana/default.nix index 2082989..61673ae 100644 --- a/hosts/monitor/profiles/grafana/default.nix +++ b/hosts/monitor/profiles/grafana/default.nix @@ -165,14 +165,6 @@ name = "Nvidia"; options.path = ./provisioning/nvidia.json; } - { - name = "Borgmatic Logs"; - options.path = ./provisioning/borgmatic/logs.json; - } - { - name = "Borgmatic Backups"; - options.path = ./provisioning/borgmatic/backups.json; - } { name = "Caddy"; options.path = ./provisioning/caddy.json; diff --git a/hosts/monitor/profiles/grafana/provisioning/borgmatic/backups.json b/hosts/monitor/profiles/grafana/provisioning/borgmatic/backups.json deleted file mode 100644 index e56887f..0000000 --- a/hosts/monitor/profiles/grafana/provisioning/borgmatic/backups.json +++ /dev/null @@ -1,1564 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 52, - "links": [], - "panels": [ - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 2, - "x": 0, - "y": 0 - }, - "id": 100, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum by () (borg_total_backups{instance=~\"$instance\"})", - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Total Backup Count", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 2, - "y": 0 - }, - "id": 101, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum by () (borg_total_deduplicated_compressed_size{instance=~\"$instance\"})", - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Total Deduplicated Compressed Size", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Last Backup At" - }, - "properties": [ - { - "id": "unit", - "value": "dateTimeAsLocal" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Repo Raw Size" - }, - "properties": [ - { - "id": "unit", - "value": "decbytes" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Repo Actual Size" - }, - "properties": [ - { - "id": "unit", - "value": "decbytes" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Time Since Last Backup" - }, - "properties": [ - { - "id": "unit", - "value": "s" - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 20, - "x": 4, - "y": 0 - }, - "id": 99, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "enablePagination": true, - "fields": "", - "reducer": ["sum"], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "borg_last_backup_timestamp{instance=~\"$instance\", repository=\"$repository\"} * 1000", - "format": "table", - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "LAST_BACKUP_TIMESTAMP" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "borg_total_size{instance=~\"$instance\"}", - "format": "table", - "hide": false, - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "REPO_RAW_SIZE" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "borg_total_deduplicated_compressed_size{instance=~\"$instance\"}", - "format": "table", - "hide": false, - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "REPO_ACTUAL_SIZE" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "time() - borg_last_backup_timestamp{instance=~\"$instance\"}", - "format": "table", - "hide": false, - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "TIME_SINCE_LAST_BACKUP" - } - ], - "title": "Summary", - "transformations": [ - { - "id": "merge", - "options": {} - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "isNotNull", - "options": {} - }, - "fieldName": "repository" - } - ], - "match": "any", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Time": { - "aggregations": [] - }, - "Value #CURRENT_TIMESTAMP": { - "aggregations": [] - }, - "Value #LAST_BACKUP_TIMESTAMP": { - "aggregations": ["max"], - "operation": "aggregate" - }, - "Value #REPO_ACTUAL_SIZE": { - "aggregations": ["lastNotNull"], - "operation": "aggregate" - }, - "Value #REPO_RAW_SIZE": { - "aggregations": ["lastNotNull"], - "operation": "aggregate" - }, - "Value #TIME_SINCE_LAST_BACKUP": { - "aggregations": ["lastNotNull"], - "operation": "aggregate" - }, - "repository": { - "aggregations": [], - "operation": "groupby" - }, - "{__name__=\"borg_total_backups\", instance=\"builder:9996\", job=\"borgmatic_builder\", prometheus=\"monitor\", repository=\"/mnt/files/backup/builder-system\"}": { - "aggregations": ["lastNotNull"], - "operation": "aggregate" - } - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Value #CURRENT_TIMESTAMP": true - }, - "includeByName": {}, - "indexByName": {}, - "renameByName": { - "Value #CURRENT_TIMESTAMP": "", - "Value #CURRENT_TIMESTAMP - Value #LAST_BACKUP_TIMESTAMP (max)": "Since Last Backup", - "Value #LAST_BACKUP_TIMESTAMP (max)": "Last Backup At", - "Value #REPO_ACTUAL_SIZE (lastNotNull)": "Repo Actual Size", - "Value #REPO_RAW_SIZE (lastNotNull)": "Repo Raw Size", - "Value #TIME_SINCE_LAST_BACKUP (lastNotNull)": "Time Since Last Backup", - "repository": "Repository" - } - } - } - ], - "type": "table" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 2, - "x": 2, - "y": 4 - }, - "id": 102, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum by () (borg_total_size{instance=~\"$instance\"})", - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "A" - } - ], - "title": "Total Size", - "type": "stat" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 1, - "panels": [], - "repeat": "repository", - "repeatDirection": "h", - "title": "Details for $repository", - "type": "row" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 2, - "x": 0, - "y": 9 - }, - "id": 2, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "disableTextWrap": false, - "editorMode": "builder", - "expr": "sum by(repository) (borg_total_backups{instance=~\"$instance\", repository=~\"$repository\"})", - "fullMetaSearch": false, - "includeNullMetadata": true, - "instant": false, - "legendFormat": "__auto", - "range": true, - "refId": "A", - "useBackend": false - } - ], - "title": "Total Backups", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 2, - "y": 9 - }, - "id": 5, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_total_size{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Repository Raw Size", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 9, - "y": 9 - }, - "id": 9, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_total_compressed_size{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Repository Total Compressed Size", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 16, - "y": 9 - }, - "id": 10, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_total_deduplicated_compressed_size{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Repository Total Deduplicated and Compressed Size", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "orange", - "value": 86400 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 2, - "x": 0, - "y": 14 - }, - "id": 21, - "options": { - "colorMode": "background_solid", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "time() - max by(repository) (borg_last_backup_timestamp{instance=~\"$instance\", repository=~\"$repository\"})", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Time Since Last Backup", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 2, - "y": 14 - }, - "id": 49, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_last_backup_size{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Last Backup Raw Size", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 9, - "y": 14 - }, - "id": 50, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_last_backup_compressed_size{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Last Backup Compressed Size", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 16, - "y": 14 - }, - "id": 60, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_last_backup_deduplicated_compressed_size{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Repository Last Backup Deduplicated and Compressed Size", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "dateTimeAsSystem" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 2, - "x": 0, - "y": 19 - }, - "id": 34, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "text": {}, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "max by(repository) (borg_last_backup_timestamp{instance=~\"$instance\", repository=~\"$repository\"} * 1000)", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Last Backup Timestamp", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 2, - "y": 19 - }, - "id": 61, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_last_backup_files{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Last Backup Number of Files", - "type": "timeseries" - }, - { - "datasource": { - "default": false, - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 5, - "w": 7, - "x": 9, - "y": 19 - }, - "id": 62, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "P5DCFC7561CCDE821" - }, - "editorMode": "code", - "exemplar": false, - "expr": "borg_last_backup_duration{instance=~\"$instance\", repository=~\"$repository\"}", - "instant": false, - "legendFormat": "{{repository}}", - "range": true, - "refId": "A" - } - ], - "title": "Last Backup Duration", - "type": "timeseries" - } - ], - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Thanos", - "value": "P5DCFC7561CCDE821" - }, - "hide": 0, - "includeAll": false, - "label": "Data source", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "builder:9996", - "value": "builder:9996" - }, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(borg_total_backups,instance)", - "hide": 0, - "includeAll": false, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [], - "query": { - "qryType": 1, - "query": "label_values(borg_total_backups,instance)", - "refId": "PrometheusVariableQueryEditor-VariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - }, - { - "current": { - "selected": false, - "text": "/mnt/files/backup/builder-system", - "value": "/mnt/files/backup/builder-system" - }, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(borg_total_backups{instance=~\"$instance\"},repository)", - "hide": 0, - "includeAll": true, - "label": "Repository", - "multi": true, - "name": "repository", - "options": [], - "query": { - "qryType": 1, - "query": "label_values(borg_total_backups{instance=~\"$instance\"},repository)", - "refId": "PrometheusVariableQueryEditor-VariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": {}, - "timezone": "browser", - "title": "Borgmatic Backups", - "uid": "de31iu9c481z4c", - "version": 15, - "weekStart": "" -} diff --git a/hosts/monitor/profiles/grafana/provisioning/borgmatic/logs.json b/hosts/monitor/profiles/grafana/provisioning/borgmatic/logs.json deleted file mode 100644 index 9f25af6..0000000 --- a/hosts/monitor/profiles/grafana/provisioning/borgmatic/logs.json +++ /dev/null @@ -1,406 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 48, - "links": [], - "panels": [ - { - "datasource": { - "default": false, - "type": "loki", - "uid": "${DS_LOKI}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "null": { - "index": 0, - "text": "0" - } - }, - "type": "value" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "text": {}, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${DS_LOKI}" - }, - "editorMode": "code", - "expr": "sum by(host) (count_over_time({application=\"borgmatic\", host=~\"$host\"} |~ \"Started backup\" [$__interval]))", - "legendFormat": "{{host}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Started Backups", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "null": { - "index": 0, - "text": "0" - } - }, - "type": "value" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 2, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "text": {}, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "sum by(host) (count_over_time({application=\"borgmatic\", host=~\"$host\"} |~ \"Finished backup\" [$__interval]))", - "legendFormat": "{{host}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Successful Backups", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "loki", - "uid": "${DS_LOKI}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 12, - "y": 0 - }, - "id": 3, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${DS_LOKI}" - }, - "editorMode": "code", - "expr": "(count_over_time({application=\"borgmatic\", host=~\"$host\"} |~ \"Failed backup\" | __error__=\"\" [$__interval]))", - "legendFormat": "{{host}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Failed backups", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "loki", - "uid": "${DS_LOKI}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "dateTimeAsLocalNoDateIfToday" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 6, - "x": 18, - "y": 0 - }, - "id": 5, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "percentChangeColorMode": "standard", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "/^Time$/", - "values": false - }, - "showPercentChange": false, - "textMode": "auto", - "wideLayout": true - }, - "pluginVersion": "11.2.2+security-01", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${DS_LOKI}" - }, - "editorMode": "code", - "expr": "sum by(instance) (count_over_time({application=\"borgmatic\", host=~\"$host\"} |~ \"Finished backup\" | __error__=\"\" [$__interval]))", - "queryType": "range", - "refId": "A" - } - ], - "title": "Time of Last Backup", - "type": "stat" - }, - { - "datasource": { - "default": false, - "type": "loki", - "uid": "${DS_LOKI}" - }, - "gridPos": { - "h": 14, - "w": 24, - "x": 0, - "y": 8 - }, - "id": 4, - "options": { - "dedupStrategy": "signature", - "enableLogDetails": true, - "prettifyLogMessage": false, - "showCommonLabels": false, - "showLabels": false, - "showTime": true, - "sortOrder": "Descending", - "wrapLogMessage": false - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "P8E80F9AEF21F6940" - }, - "editorMode": "code", - "expr": "{application=\"borgmatic\", host=~\"$host\"}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Most Recent Logs", - "type": "logs" - } - ], - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Loki", - "value": "P8E80F9AEF21F6940" - }, - "hide": 0, - "includeAll": false, - "label": "Data source", - "multi": false, - "name": "DS_LOKI", - "options": [], - "query": "loki", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "builder", - "value": "builder" - }, - "datasource": { - "type": "loki", - "uid": "${DS_LOKI}" - }, - "definition": "", - "hide": 0, - "includeAll": false, - "label": "Host", - "multi": false, - "name": "host", - "options": [], - "query": { - "label": "host", - "refId": "LokiVariableQueryEditor-VariableQuery", - "stream": "{application=\"borgmatic\"}", - "type": 1 - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": {}, - "timezone": "browser", - "title": "Borgmatic Logs", - "uid": "ce2jqvm2kq6m8a", - "version": 5, - "weekStart": "" -} diff --git a/hosts/monitor/profiles/prometheus.nix b/hosts/monitor/profiles/prometheus.nix index 0ef608d..4f971ad 100644 --- a/hosts/monitor/profiles/prometheus.nix +++ b/hosts/monitor/profiles/prometheus.nix @@ -1,4 +1,4 @@ -{ profiles, hosts, ... }: { +{ profiles, hosts, lib, ... }: { imports = [ profiles.monitoring.prometheus ]; services.prometheus.scrapeConfigs = [ @@ -336,79 +336,6 @@ ]; }]; } - { - job_name = "borgmatic_builder"; - static_configs = [{ - targets = [ - "${hosts.builder.config.networking.hostName}:${ - toString - hosts.builder.config.services.prometheus.exporters.borgmatic.port - }" - ]; - }]; - scrape_interval = "1m"; - } - { - job_name = "borgmatic_matrix"; - static_configs = [{ - targets = [ - "${hosts.matrix.config.networking.hostName}:${ - toString - hosts.matrix.config.services.prometheus.exporters.borgmatic.port - }" - ]; - }]; - scrape_interval = "1m"; - } - { - job_name = "borgmatic_bastion"; - static_configs = [{ - targets = [ - "${hosts.bastion.config.networking.hostName}:${ - toString - hosts.bastion.config.services.prometheus.exporters.borgmatic.port - }" - ]; - }]; - scrape_interval = "1m"; - } - { - job_name = "borgmatic_htpc"; - static_configs = [{ - targets = [ - "${hosts.htpc.config.networking.hostName}:${ - toString - hosts.htpc.config.services.prometheus.exporters.borgmatic.port - }" - ]; - }]; - scrape_interval = "1m"; - } - { - job_name = "borgmatic_omnibus"; - scrape_timeout = "30s"; - static_configs = [{ - targets = [ - "${hosts.omnibus.config.networking.hostName}:${ - toString - hosts.omnibus.config.services.prometheus.exporters.borgmatic.port - }" - ]; - }]; - scrape_interval = "1m"; - } - { - job_name = "borgmatic_controller"; - static_configs = [{ - targets = [ - "${hosts.controller.config.networking.hostName}:${ - toString - hosts.controller.config.services.prometheus.exporters.borgmatic.port - }" - ]; - }]; - scrape_interval = "1m"; - } { job_name = "gatus"; static_configs = [{ @@ -426,5 +353,20 @@ static_configs = [{ targets = [ "htpc:5000" ]; }]; scrape_interval = "15s"; } - ]; + ] ++ lib.flatten (lib.mapAttrsToList (_: host: + lib.mapAttrsToList (name: backup: + lib.optional backup.exporter.enable { + job_name = "restic_${host.config.networking.hostName}_${ + builtins.replaceStrings [ "-" ] [ "_" ] name + }"; + metrics_path = "/"; + scrape_interval = "30s"; + static_configs = [{ + targets = [ + "${host.config.networking.hostName}:${ + toString backup.exporter.port + }" + ]; + }]; + }) host.config.services.restic.backups) hosts); } diff --git a/hosts/omnibus/configuration.nix b/hosts/omnibus/configuration.nix index c2d361e..6c26782 100644 --- a/hosts/omnibus/configuration.nix +++ b/hosts/omnibus/configuration.nix @@ -1,6 +1,7 @@ { config, pkgs, suites, profiles, ... }: { imports = with suites; - core ++ local ++ proxmox-vm ++ [ + core ++ proxmox-vm ++ [ + profiles.backups.restic-rest.default profiles.communications.postfix.default profiles.databases.postgresql profiles.hardware.nvme @@ -90,16 +91,6 @@ "valid users" = config.users.users.ethan.name; }; - backup = { - path = "/data/files/backup"; - browseable = "no"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = config.users.users.ethan.name; - }; - nicole = { path = "/data/files/nicole"; browseable = "yes"; @@ -114,20 +105,25 @@ environment.systemPackages = with pkgs; [ yt-dlp ]; - # programs.fish.shellAliases.iotop = '' - # bash -c "sudo sysctl kernel.task_delayacct=1 && sudo ${pkgs.iotop}/bin/iotop ; sudo sysctl kernel.task_delayacct=0" - # ''; - - services.borgmatic.configurations.files = { - source_directories = [ "/data/files" ]; - exclude_patterns = [ "/data/files/backup" "/data/files/**/Creators" ]; - repositories = [{ - label = "rsync.net"; - path = "ssh://de2228@de2228.rsync.net/./omnibus-files"; - }]; - keep_daily = 1; - keep_weekly = 2; - keep_monthly = 2; + services.restic.backups.files-rsync-net = { + initialize = true; + repository = + "sftp://de2228@de2228.rsync.net/${config.networking.hostName}/files"; + extraOptions = + [ "sftp.args='-i ${config.sops.secrets.rsync_net_ssh_key.path}'" ]; + passwordFile = config.sops.secrets.restic_backup_password.path; + paths = [ "/data/files" ]; + exclude = [ + "/data/files/services/restic" + "/data/files/backup" + "/data/files/personal/**/Creators" + ]; + timerConfig = { + OnCalendar = "01:30"; + Persistent = true; + RandomizedDelaySec = "1h"; + }; + pruneOpts = [ "--keep-daily 1" "--keep-weekly 1" "--keep-monthly 1" ]; }; system.stateVersion = "24.05"; diff --git a/modules/development/ci.nix b/modules/development/ci.nix index 718b955..af809bf 100644 --- a/modules/development/ci.nix +++ b/modules/development/ci.nix @@ -8,18 +8,15 @@ in { name = "Checkout code"; uses = "actions/checkout@v4.2.1"; } - { - name = "Clean up storage"; - run = '' - sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL - sudo docker image prune --all --force - sudo docker builder prune -a - ''; - } { name = "Install Nix"; - uses = "DeterminateSystems/nix-installer-action@v14"; - "with" = { extra-conf = "allow-import-from-derivation = true"; }; + uses = "NixOS/nix-installer-action@main"; + "with" = { + extra-conf = '' + accept-flake-config = true + max-jobs = auto + ''; + }; } { name = "Add SSH keys to ssh-agent"; @@ -28,7 +25,7 @@ in { } { name = "Setup Attic cache"; - uses = "ryanccn/attic-action@v0.3.1"; + uses = "ryanccn/attic-action@v0"; "with" = { endpoint = "https://cache.e10.camp"; cache = "e10"; @@ -37,7 +34,7 @@ in { } { name = "Use Cachix store"; - uses = "cachix/cachix-action@v15"; + uses = "cachix/cachix-action@master"; "with" = { authToken = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; name = "e10"; @@ -77,11 +74,21 @@ in { strategy.matrix.host = l.attrNames (l.filterAttrs (_: host: host.config.nixpkgs.system == "x86_64-linux") self.nixosConfigurations); - steps = setup ++ [{ - run = '' - nix build .#nixosConfigurations.''${{ matrix.host }}.config.system.build.toplevel --accept-flake-config --show-trace - ''; - }]; + steps = setup ++ [ + { + name = "Clean up storage"; + run = '' + sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc /opt/hostedtoolcache/CodeQL + sudo docker image prune --all --force + sudo docker builder prune -a + ''; + } + { + run = '' + nix build .#nixosConfigurations.''${{ matrix.host }}.config.system.build.toplevel --accept-flake-config --show-trace + ''; + } + ]; }; buildARMSystem = { name = "Build system (ARM)"; diff --git a/modules/development/treefmt.nix b/modules/development/treefmt.nix index 147ee6d..d50816d 100644 --- a/modules/development/treefmt.nix +++ b/modules/development/treefmt.nix @@ -6,6 +6,7 @@ settings = { projectRootFile = "flake.nix"; programs = { + actionlint.enable = true; deadnix.enable = true; terraform.enable = true; nixfmt = { diff --git a/modules/nixos/services/borgmatic/default.nix b/modules/nixos/services/borgmatic/default.nix deleted file mode 100644 index e953a5d..0000000 --- a/modules/nixos/services/borgmatic/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.borgmatic; - settingsFormat = pkgs.formats.yaml { }; -in { - disabledModules = [ "services/backup/borgmatic.nix" ]; - - options.services.borgmatic = { - enable = mkEnableOption "Enable borgmatic"; - - package = mkOption { - type = types.package; - default = pkgs.borgmatic; - }; - - configuration = mkOption { - type = types.attrs; - default = { }; - }; - - configurations = mkOption { - type = - types.attrsOf (types.submodule { freeformType = settingsFormat.type; }); - }; - - timer = mkOption { - type = types.submodule { - options = { - enable = mkEnableOption "Enable Borgmatic timer"; - - calendar = mkOption { type = types.str; }; - }; - }; - default = { }; - }; - - enableConfigCheck = mkOption { - type = types.bool; - default = true; - }; - }; - - config = let - recursiveMerge = attrList: - let - f = attrPath: - zipAttrsWith (n: values: - if tail values == [ ] then - head values - else if all isList values then - unique (concatLists values) - else if all isAttrs values then - f (attrPath ++ [ n ]) values - else - last values); - in f [ ] attrList; - configFiles = mapAttrs' (name: value: - nameValuePair "borgmatic.d/${name}.yaml" { - source = settingsFormat.generate "${name}.yaml" - (recursiveMerge [ cfg.configuration value ]); - }) cfg.configurations; - borgmaticCheck = name: f: - pkgs.runCommandCC "${name} validation" { } '' - ${pkgs.borgmatic}/bin/borgmatic -c ${f.source} config validate - touch $out - ''; - in mkIf cfg.enable { - environment.systemPackages = [ cfg.package ]; - - environment.etc = configFiles; - - systemd.packages = [ cfg.package ]; - - systemd.timers.borgmatic = mkIf cfg.timer.enable { - enable = true; - description = "borgmatic automatic backup"; - wantedBy = [ "timers.target" ]; - timerConfig = { - Unit = "borgmatic.service"; - OnCalendar = cfg.timer.calendar; - Persistent = true; - WakeSystem = true; - }; - }; - - system.checks = - mkIf cfg.enableConfigCheck (mapAttrsToList borgmaticCheck configFiles); - }; -} diff --git a/modules/nixos/services/huntarr/default.nix b/modules/nixos/services/huntarr/default.nix deleted file mode 100644 index 6962bda..0000000 --- a/modules/nixos/services/huntarr/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, ... }: - -with lib; - -let cfg = config.services.huntarr; -in { - options.services.huntarr = { - enable = mkEnableOption "Enable Huntarr"; - - dataDir = mkOption { - type = types.path; - description = "Path to store Huntarr files in"; - default = "/var/lib/huntarr"; - }; - - port = mkOption { - type = types.port; - default = 9705; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - }; - }; - - config = mkIf cfg.enable { - systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}' 0777 ${config.virtualisation.oci-containers.backend} ${config.virtualisation.oci-containers.backend} - -" - ]; - - virtualisation.oci-containers.containers.huntarr = { - image = "huntarr/huntarr:latest"; - environment = { TZ = config.time.timeZone; }; - ports = [ "${toString cfg.port}:9705" ]; - volumes = [ "${cfg.dataDir}:/config" ]; - }; - - networking.firewall = - mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; - }; -} diff --git a/modules/nixos/services/restic/default.nix b/modules/nixos/services/restic/default.nix new file mode 100644 index 0000000..bc62b14 --- /dev/null +++ b/modules/nixos/services/restic/default.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + options.services.restic.backups = mkOption { + type = types.attrsOf (types.submodule (_: { + options.exporter = mkOption { + type = types.submodule { + options = { + enable = mkEnableOption "Enable Prometheus exporter"; + port = mkOption { + type = types.port; + default = 9754; + }; + }; + }; + default = { }; + }; + })); + }; + + config = { + systemd.services = mkMerge (mapAttrsToList (name: backup: + optionalAttrs backup.exporter.enable { + "prometheus-restic-exporter-${name}" = { + enable = true; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + script = '' + export RESTIC_PASSWORD_FILE=$CREDENTIALS_DIRECTORY/RESTIC_PASSWORD_FILE + ${pkgs.prometheus-restic-exporter}/bin/restic-exporter.py + ''; + environment = { + LISTEN_ADDRESS = "0.0.0.0"; + LISTEN_PORT = toString backup.exporter.port; + REFRESH_INTERVAL = "60"; + RESTIC_CACHE_DIR = "$CACHE_DIRECTORY"; + RESTIC_REPOSITORY = backup.repository; + }; + serviceConfig = { + CacheDirectory = "restic-exporter"; + EnvironmentFile = backup.environmentFile; + LoadCredential = [ "RESTIC_PASSWORD_FILE:${backup.passwordFile}" ]; + }; + }; + }) config.services.restic.backups); + }; +} diff --git a/modules/packages/tracearr/default.nix b/modules/packages/tracearr/default.nix index 2999c55..c15899c 100644 --- a/modules/packages/tracearr/default.nix +++ b/modules/packages/tracearr/default.nix @@ -2,7 +2,7 @@ , fetchFromGitHub, turbo, }: stdenv.mkDerivation (finalAttrs: { pname = "tracearr"; - version = "1.4.17"; + version = "1.4.21"; src = fetchFromGitHub { owner = "connorgallopo"; @@ -36,7 +36,9 @@ stdenv.mkDerivation (finalAttrs: { checkPhase = '' runHook preCheck + pnpm test + runHook postCheck ''; @@ -56,6 +58,8 @@ stdenv.mkDerivation (finalAttrs: { makeWrapper ${lib.getExe nodejs} $out/bin/tracearr \ --add-flags $out/lib/tracearr/apps/server/dist/index.js \ --set NODE_PATH "$out/lib/tracearr/node_modules:$out/lib/tracearr/apps/server/node_modules:$out/lib/tracearr/apps/web/node_modules" \ + --set-default APP_VERSION ${finalAttrs.version} \ + --set-default APP_TAG v${finalAttrs.version} \ --set-default NODE_ENV production runHook postInstall diff --git a/modules/profiles/backups/borgmatic/common.nix b/modules/profiles/backups/borgmatic/common.nix deleted file mode 100644 index 0364183..0000000 --- a/modules/profiles/backups/borgmatic/common.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, pkgs, hosts, ... }: { - sops.secrets = { - borg_backup_passphrase = { - format = "yaml"; - sopsFile = ./secrets.yml; - mode = "0400"; - owner = "borgmatic"; - }; - - rsync_net_ssh_key = { - format = "yaml"; - sopsFile = ./secrets.yml; - mode = "0400"; - owner = "borgmatic"; - }; - - apprise_url_ses = { - format = "yaml"; - sopsFile = ./secrets.yml; - mode = "0777"; - owner = "borgmatic"; - }; - }; - - users = { - users.borgmatic = { - isSystemUser = true; - group = config.users.groups.borgmatic.name; - home = "/var/lib/borgmatic"; - createHome = true; - }; - - groups.borgmatic = { }; - }; - - programs.ssh.knownHosts."de2228.rsync.net".publicKeyFile = ./key.pub; - - services.borgmatic = { - enable = true; - timer = { - enable = true; - calendar = "*-*-* 03:00:00"; - }; - configuration = let cat = lib.getExe' pkgs.coreutils "cat"; - in { - encryption_passcommand = - "${cat} ${config.sops.secrets.borg_backup_passphrase.path}"; - - compression = "auto,lzma"; - - ssh_command = "ssh -i ${config.sops.secrets.rsync_net_ssh_key.path}"; - - remote_path = "/usr/local/bin/borg1/borg1"; - - loki = { - url = "http://${hosts.monitor.config.networking.hostName}:${ - toString - hosts.monitor.config.services.loki.configuration.server.http_listen_port - }/loki/api/v1/push"; - labels = { - application = "borgmatic"; - host = "__hostname"; - config = "__config"; - }; - }; - - commands = let - apprise = lib.getExe pkgs.apprise; - borgmatic = lib.getExe' pkgs.borgmatic "borgmatic"; - in [ - { - before = "repository"; - when = [ "create" ]; - run = [ "${borgmatic} rcreate --encryption repokey-blake2" ]; - } - { - after = "error"; - when = [ "create" ]; - run = ['' - ${apprise} \ - --title "[E10] Backup failed for ${config.networking.hostName}" \ - --body "Backup failed for ${config.networking.hostName} on {repository}" \ - $(${cat} ${config.sops.secrets.apprise_url_ses.path}) - '']; - } - { - after = "error"; - when = [ "prune" "compact" ]; - run = ['' - ${apprise} \ - --title "[E10] Pruning/compaction of backups for ${config.networking.hostName}" \ - --body "Pruning/compaction of backups failed for ${config.networking.hostName} on {repository}" \ - $(${cat} ${config.sops.secrets.apprise_url_ses.path}) - '']; - } - ]; - }; - }; -} diff --git a/modules/profiles/backups/borgmatic/secrets.yml b/modules/profiles/backups/borgmatic/secrets.yml deleted file mode 100644 index 41b4863..0000000 --- a/modules/profiles/backups/borgmatic/secrets.yml +++ /dev/null @@ -1,82 +0,0 @@ -rsync_net_ssh_key: ENC[AES256_GCM,data:3SP210tvWiodATv9WFqo6t3qyCpt+6pYXZ7EKtUa4LKgPiFdTg10uijaIfblVZ4YXjgp+QeafAznTxgF3bvuFXrhp9ikWrJPPe9FhAPYTsC6nUuloHvvku3sGuDGqI6XOJaP8L1yaXbsIF7qhH429l4BpJLj6NZp2misBG+e6TSWWtGbq1kUe8jjkaNvd/VmCkIX80ECLKzmaN7igJEInkxzgXPKKaNMfUSw0FQtSm3qTdvNiRnmQaOQIKDeJxI8nHhHB9FYCPPSdjIo8xqUhWyyDjo9M4KTWLhtNUIlzAJ+jHX6WYLTVPINAZwAnuBSZQc6FadWqf+MiKzUuA5dnzzcs57OOYyWvlI3Fq5R1zQ59Ihwv1LpW3xUGa4D2Dj+5idj7dWiJjQQ9pGkY7IJ4a/JSjoirLFObxVNCzerT6dWaMPIYHuGvZp5AY8OWA0Ts3I5XQ+EfNt5QVollvqo33LldtrrV15GeMXU/dJTFUa4dNDzMupD5W1LikE2bCLyaMrzesBtvtREz5llhtshiJkgcLuocEaVvryomYOsklLavatKmdEw78rWujXbS0Zwd9lnHei2kegE4WTu//0zweQywkBrUKUHnQ7jMDhDkMenzxdLoHFFsFWaK24fTllGg5AdvwBvQeCIYmtPJUN7kCb722+maaXrE5LPZGq7hJZQA3lp391qmWe0lOCFiN5RufKsD1CLMLHDK8HyCFT++aUvpaIWLmshzgYaTkMegCSEC5lyGBoNfzPzp8gAoxIdPhUHModroOR4ZFi2+TzqVZMT6qg9KvOUGuaXL5yezCjQJMrLjZZtI2tFXKy/K9PPFo4zNq7GCYVL2Qw/Ig4vPfbBf8gLeoNAwseAmBQX4BusDIYchhtOgJSS04OMutRjAvGeR032UlMsGqo8dTMFyoxlOKH+MI15rKtNk+waTDlnWXoNur9Cj2iMZWL0muaHxz3LEsxYS3DLCXCYrVlDYEHengZqcoa+baGMn242Dk+jtygUF5NN+F62ZYjqSOrxuEGqZ6MFWLKRRmD/LssMHBsC68hZn6okFoNWyQm4Oo/HzeMZ06/y+Q4xmyZTkqXXJZdLIhzDyuqilZvlK1l2uXcCZwiBQv0t8qG9n+1FoH6hwZS996ej09grQYFCxQ4SsPaOwlVczxOYKuziGHBxAevcLjnIsd99Rl4cbXbqEfO4pogh6tiLFSQbVY+yhgGRF8uJi9kq31we4GoEmr+km32cWObKjW/A0wIG/QzuIWBDhr1U4fzxdslJOmhygk+CAaS/vp1b7dC2eTmRy4B7+DJDA1UkB5bn76CWOoclVJmp0FbKsXRjVTtS/3CshHGVqJAV1wUQouLLMt8IoV1RhbmNU1PS7h0cfor09/DCe0+TU/efo1Hmwcriex4fLQGEIvSvRE4lbjpKACX+97q21AwnwMayVKfUGz9vylMPBmLTm2lQobHopkPFwOui+va/hHqIK4bO4PKyPQv6kHaFGbCQf/RzwpU+R8g8APKPpDmZA3IxWZWbw6ieV3aMRHXiQ26WEN80HjdUoWIAjK398WJSulsFmTkK9QGOQR5BHCYWSNQ5JAO2xYS/H6wZcNXt9yeqrFcc1NgCsOaHmfSPNyN097w5MBPNzYvScxKEdzrh2PRNCdRJ3WZprE6WAeW2kmXahrkp4eZRYFhBfC4nHjOfRTLAnps/gfMH/rjh41ZL6sBvDJtllSqYpoTmN6trf4XZx1RE2sh0tIL3mrIFfre8lxok0hfu6QyZGMBb7zSV8l4BJoob9L30WFIVoDxmVxKfPhWqW5TLrKDi8qcK4zVaMoMMVl7OsL9aAhM1LUsRyZ9/ZEkL7eHFpd6y4gDVHONBlJ/zbX1RBBEZ14vN36Syzl02SEQqSr0xABBTvLMn1y1E7Oz07LWM0KVzCsRRrCYIgjuiX9aWTjeSR4d+/sb7CxvGX2FqTDvtbJ/K1QzNgyTjOXEpJtwlZ4rRyu97zp2vCw7h1F81AwALLTKQ7s97z1EgzKC5nJfbJJFWWFTy4u578YIwn4zSCyFUovq7sCInOqpvl/uKd9VKLQ7GulMsCnRoHLY92lJ3aTYHNrKuoUXwYN+WUtkITq5jp3tNbr1neRNqYMEvV95Z14gNfZl8C/nDZHsEVdAWq1U9LcnA0m/987y2XBxSRsstCsRMweizYme+TXEeWFoYORCRtSLBbQOBpbyp9A6by0O4xtpzQeab6VaDEKlLZV/BTh4=,iv:WQDeDc0BZOkVcx9LXn/3c8ALcZcl/2gR7S5D9xRjuxU=,tag:uf+CMkfO+hLakeT570f/kA==,type:str] -borg_backup_passphrase: ENC[AES256_GCM,data:ThbvpHdWsTR4BbvrSxxlZCSiWFc=,iv:WfQfv5PXoZblh/BqJzoNmlQAAO6Ko6ldEK1LezS1TPQ=,tag:EBeLrU2O2koFGwdbGQGNPw==,type:str] -apprise_url_pushover: ENC[AES256_GCM,data:PpHKTTEm6EPjPELh6v9zc+4t3yLPgV9eh2ZvflHgN/rA+tibI563o08IV65YXMPhAVjP+W9DnqbgOIhYCTUUWswEgfSR,iv:ErKdkaRyi3O85OkTdf8JQPoWQSWVZ1hN7tYp1xjH+ag=,tag:dAeecHfwQZ9VhqZjR6/KSQ==,type:str] -apprise_url_ses: ENC[AES256_GCM,data:XUhNENF8ffVzQtqMJYZLOPxnX9/pc27DUdmt/7ErxpldZAOGopNPYl54rI3t51VBiF0zr6m5BwPxTS61teIYYbuLvUMQpSn0NT/OARMTWylWUXf6xabl+r2ezytINg==,iv:qrWnEr9hiKiFDRcIeuW/e8U8OaTi6jItXR8M5RWw2Xs=,tag:sCMdcOm/BTYQhJ112WfUYg==,type:str] -sops: - age: - - recipient: age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL3grM1JOTWpQcW1xZHdL - dHByczNwZjZ6NGVVMFJ2cXJDRVJ2dCtaaWo0CnQ4SWhMTGw5TWlsU1NuZFFvY3RF - NVhTZ25oaGhWT1VnRUxNYnRCSyt1S00KLS0tIG5uK3Z6M3VZZUhJZVhsSklYU2FJ - K094aytMNDVlSE44SWFzbU5TVDVpUjQKsirQ+mIrgHHYIzJbl0kWAFe88yPF6XIR - vC/Dw6eCXCZ/yH845eLRkp3u87IB6JiObhbpXlS1NC6M1rkqXNAP5Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1g22ghnrdg858yv6w2ux8hgntj8gkdyjn28axdkmzyx38d4vx6geqj4px9a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3b3I0OFNWQU41bVVib3FQ - RGxKNytHemRBdHEyUjVCTC9Hc2x1OXJrblN3CnVXUnBFK3IrQWFYMnBvOHAvRU92 - QmhnSDQyNWlsZ2pqUmpqbmxvd1lFVm8KLS0tIFp5c3ZiYTl2T204NWR2ZElIR3pR - aFNiNm5CRFpvN0pxajJab1NPTFJuRWMKkkOfV+MBJr9XcjogeVvd+CLj+e4rVk1g - 1eRMeVZtXgA2c5CmSO9ZaRB+LuzbzFihThkpukm9NbxS4IkvO3Mqew== - -----END AGE ENCRYPTED FILE----- - - recipient: age1k5nzxq4ej2u9ls97c2dhlz96j2vghv0assz5g0p4npzyc8c8fqlqld72hg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MkE5bjBhZDU1UmUwVFo1 - bW96QndGYXJuanh0QklWNnpPbzNudXBHT3pVCk80Nkd1RFJYRUtZQms3MUp0NEZo - NXdlUktrU0dXeG8weVQwUWl5Yit6SzAKLS0tIFBnZ3JOMUQyVXJSU3ljMDZOREsy - R3kwVXVUMTR5Z2xoclJCUXhvUzJ6MFUK3ZFp7Pm7wjt6/EZTFgu99EZ2PG2YK1Mb - 4UnXZlnvvP3cIEBqPNodtiL1dWgKxdrrU8itlJSZirLwVy1NTUcDnA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1gkzp905yqkla54l52m4xkqtxpn0sndkx0vh6qqa8d2tu29x8f35q354gpe - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VGFySHgzeU9CQ05NYUJ6 - c01PQkZCQUxJZDk5TGRzQTREUkZseE5GM3pnCmhwVDRkN2JMMW8yY0x6dllONEV5 - TEgxT2xtaU1NanFQYy91NkpHSjNVK3cKLS0tIDNxMm5wSkwxdVZVUThEcXlMejFR - NkE2YTNoWEpQNjNnUitod1FSWTU4TmcKjXJfZmlrPgx4hw+/RiM8QJAevDUXGBF4 - 0c4dTPzBXiKtEyYoTovMxWC/heSNd0z3xzFOhWaKqbnDsWuWiMS6ag== - -----END AGE ENCRYPTED FILE----- - - recipient: age1c4d93hmawmx8nt8g2sjrxcngfl7qx7y6vwxpqqg7grrkhjen6fvstljgg9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrelpWWWdDNmRPeE40SGx6 - Y0Y1V0FxQkduZTBDQlBxaVJsU1BvbUtsMEVFClhMT1pzYTJvZ1FBSWZiVVV3NkZa - NDlwM2pLNXFCZ1pOUTFvbE12SHdFT2MKLS0tIHlIcE03TWNWdHgwWExVQ0JBUmhD - aDJEUEJrMHVLS0pjd0RWaVRnUnlCL2MK/LhMdLrUvxEK3kVgnvcgFfpmLIBFkYrj - JtQ9zUyTv/07zM4vGO8hd1rz4w/xf/cXn96WgTUE7xyYCDdp9cWJQg== - -----END AGE ENCRYPTED FILE----- - - recipient: age15jjykch8km3l8atssu0n9us6d2xg58z0ds9s0djtdh9l954sud5szqxv29 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdGtKQmZUdlp5cTExV3F2 - OStaYUlIZkdoTUpNVFpCY09XTExqU0xieG13CkNJMCtmVmZIYS9CYkhKbUx1NldN - TXNnR0Voa1U1YTBuNW9oU25NQ2cyTDgKLS0tIFYvUTA3NklCdkFaZWhQMXRncVpa - VE1lQ2tVVkc1RmY3a2o4K1NwU0xhRzQKLPqb9Nre2vZxmMs8OBloSi1reBI2vz2m - tvT9h4AjaSYiJ4SegvCWXw16iuH+ia0PwmuiPwFwhpgbs1rnzcKkeA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10jhawn266e3wr6rx0lndkl9a47ewtk6jgh35d2582uu2l7dtn4tqdqc29c - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0REVxdEpLYXRvbWhEdXRR - T2kvdVJyT2o1M3dnWFVra0xtY0JMWk9pbDNjCjZrQmpJT0pCMVlqeDJsLzJiZEhq - RHZCYUJ5bTVJSlEzWnhNR2lHS2NaL1kKLS0tIHM5eE5CemdRbW16SnlGL0l2cWdr - SjAyanNrRmFUNWg5RWgwOStRRm51YmcKkkIFwxPxtsB8/tSrlc3qXCCZ/OkmUPBa - DktZ00BjGDmenrhKrLEQAbgMYotr9Au6bVp6VfupaATt57K+e32MSA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1x708x83pjj7urp26pncx67fqz8a3htrf0umw7c00pvmxhl6y95lszjgd6r - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdFJ6TzdEdWsrRmU5SzVw - b0l2NjYwSzAyWks3N1Y4Z25BYkFoU3daeEUwClc5UmljMjkxU05FQVhjV1NIUUli - czBlWGFxdnFnNVhjanhna3hYOUt2WWsKLS0tIFBZeVN3eGJML1lvY2dQTTBuc2N5 - WklsU3NWQ3l0UTI4Sjc4c1p4V3ZtM2MKRTn2N3tLxcfves0FTMLi/HpxYNAesn81 - ij875ADIvcPEQqZxutQ5H2zQPrrrJFuNvFQgS03Yw8JErdkBgpaqcw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-04T14:39:43Z" - mac: ENC[AES256_GCM,data:GXcbhyREoIydqvEinF5lW9ExgbEv147XORK85tbeec7+b6lyYVmlOnUO16VZG30ExnDEtT1t+zx3R8rbsUhcfnLGRBEErYSKHV2IQOCsgIWSefp6YYmTnZBxosgMdXQ6wlRZv9vg0t14PuJpWA+KO65bWXveukQgEGFIxmHcmaE=,iv:sJVSIs+rWmCU3y4qEQDJho0Za3Fo8rKtr77N7msS/so=,tag:RnXeMC8cNKlf69bg27hQzg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/modules/profiles/backups/borgmatic/system/common.nix b/modules/profiles/backups/borgmatic/system/common.nix deleted file mode 100644 index 4c8abf5..0000000 --- a/modules/profiles/backups/borgmatic/system/common.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - imports = [ ../common.nix ]; - - services.borgmatic.configurations.system = { - source_directories = [ "/etc" "/var/lib" "/srv" "/root" ]; - exclude_patterns = [ - "**/.cache" - "**/.nix-profile" - "/var/lib/containers" - "/var/lib/docker" - "/var/lib/libvirt" - "/var/lib/postgresql" - "/var/lib/private" - "/var/lib/systemd" - "/var/logs" - ]; - keep_daily = 3; - keep_weekly = 2; - keep_monthly = 2; - }; -} diff --git a/modules/profiles/backups/borgmatic/system/omnibus.nix b/modules/profiles/backups/borgmatic/system/omnibus.nix deleted file mode 100644 index 4532918..0000000 --- a/modules/profiles/backups/borgmatic/system/omnibus.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, ... }: { - imports = [ ./common.nix ]; - - services.borgmatic.configurations.system.repositories = lib.mkAfter [{ - label = "omnibus"; - path = "/mnt/files/backup/${config.networking.hostName}-system"; - }]; -} diff --git a/modules/profiles/backups/borgmatic/system/rsync-net.nix b/modules/profiles/backups/borgmatic/system/rsync-net.nix deleted file mode 100644 index 470dec0..0000000 --- a/modules/profiles/backups/borgmatic/system/rsync-net.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: { - imports = [ ./common.nix ]; - - services.borgmatic.configurations.system.repositories = lib.mkAfter [{ - label = "rsync.net"; - path = - "ssh://de2228@de2228.rsync.net/./${config.networking.hostName}-system"; - }]; -} diff --git a/modules/profiles/backups/restic-rest/default.nix b/modules/profiles/backups/restic-rest/default.nix new file mode 100644 index 0000000..68cde89 --- /dev/null +++ b/modules/profiles/backups/restic-rest/default.nix @@ -0,0 +1,24 @@ +{ config, ... }: { + sops.secrets.restic_rest_httpasswd_file = { + sopsFile = ./secrets.yml; + format = "yaml"; + owner = "restic"; + }; + + systemd.tmpfiles.settings."10-restic-rest" = { + ${config.services.restic.server.dataDir} = { + "d" = { + user = "restic"; + group = "restic"; + mode = "0777"; + }; + }; + }; + + services.restic.server = { + enable = true; + dataDir = "/data/files/services/restic"; + htpasswd-file = config.sops.secrets.restic_rest_httpasswd_file.path; + prometheus = true; + }; +} diff --git a/modules/profiles/backups/restic-rest/secrets.yml b/modules/profiles/backups/restic-rest/secrets.yml new file mode 100644 index 0000000..04324fc --- /dev/null +++ b/modules/profiles/backups/restic-rest/secrets.yml @@ -0,0 +1,79 @@ +restic_rest_httpasswd_file: ENC[AES256_GCM,data:ZRjNA23BnZVJnIbnqUyVConScs18b9vP3ajDJzN7hI397Qb1H5Uvk5sTwnAcELAYGrj1WzUwNtDLrkfIULze+l4J0I1lt6oURw+iGWZtZ6k9zhvbUmmF4oJkKyys+Il/vMYW57VGZFgX4BBovNhwZZCB7fHtBF+GSOQYWWZ8TFkQBq23,iv:3R4ac828btrboEvoX9A7bxccVRpVZkdtbQsV2Du2CUE=,tag:X8xJA4NFaJGTSXaWYe2nyg==,type:str] +sops: + age: + - recipient: age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqa2thSE5sSEk0K0JFbGdl + dVVvUkllY3o5TFF0UXlnbXRidmRmMHNoY1cwClErS0JMSkpublJyY1k5b2hyVUE0 + Y0dpYnB3YTRpZnhnUm0waXVuVWNCQlkKLS0tIExCVFhaMFVxVGh6NlZ3YlQ3NlM2 + OHN3bTExek5ybDBweUo5aTNXc25hNG8K4/MY5RMpYQ+PaGmfou4k8GQMtRizx76R + awI+/kD+8kuvajZDjUblHR54JOkjDqFLPi9zmaKmUctKFWjeYWVmqQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g22ghnrdg858yv6w2ux8hgntj8gkdyjn28axdkmzyx38d4vx6geqj4px9a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NGJSVXluTjh3S0pTeWI5 + em9SOGVjVDVtbVhsdWw0MFZUTGozelN1TGxZCjROLzdGRzdtcEVEeXNIUlhVRU1H + U2gvSlpKbVJTdy9zU0JHblRDaHpmVncKLS0tIC9hZW50VkFLSDAzbTNQS1JVSVpU + Q3hONGd2WXVkaHo0T1lqQTRoK2x1UkUKJTSGwfrVaayEz5lH2hJdPMAo1OcjwOsz + wNtAkUa638LH6xECYQHejlAlgyjeTYpmFe7r/d086SSHpegRlAZOew== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k5nzxq4ej2u9ls97c2dhlz96j2vghv0assz5g0p4npzyc8c8fqlqld72hg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwV3J0ZitSRFgrTmh6eC9n + UXVXVENCdEJiWGF1MU83eXo5RlhsMm4xdFVVClNPVGNtUlpRVE9SazZZb005d1gv + cUNkVncvMm40R3dxV2hrZVVGS1VaREEKLS0tIHVKNTRUakJlVlh2WVFZYk9ndmNN + N0VqZW9STjZlZVNTT3NzQW5SVXpQTWcKfp1PfFchsWXJz8ri4nk1BQcu8r38icv9 + r3A0ta10BRKzP/xCYE8I8JClhvnKSHNChfFLopBSN8HmYw9fE0G6ag== + -----END AGE ENCRYPTED FILE----- + - recipient: age1gkzp905yqkla54l52m4xkqtxpn0sndkx0vh6qqa8d2tu29x8f35q354gpe + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcTdURHE4NEF4VzZveFpp + RllOTWtyUlptSkZIZG54SkY4bWNwK3dReWd3Ck5PYVM5TE5RdGVHVHArb0VGWFli + enprZE9FY3VubG5IK3BkdVUzRUo1WlUKLS0tIDM0aFpMdUpUTHpYNzFWR2ZjOEFs + a015MmxKczNIR0pKZ2tzYlc3OGp6MVEK7e2nsndYMYJ4uUhFeRdmQm6uAHLHrhmo + rVl3/+0Dr+M2tnaakA9IcbHRr7CwrUokEkDOq/+tzvGpQJBOvOfRxA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1c4d93hmawmx8nt8g2sjrxcngfl7qx7y6vwxpqqg7grrkhjen6fvstljgg9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cFhPRVJlWXF3c0lveGd3 + N0tYZlhNYWtvN01GWUJNTzlmOXd3b0JKSmxBCm05VFZBZzltSjBOYUljaTh6ZFFz + WjZrNXYzelRZdkhMMTdWWEZpNmw2MTgKLS0tIGxaWWM0cmFKT0ZNbmE1cG5kUjNp + Y1VSVUQ5TWcwYVF6UGIxcFZPbWFKWjAKzVspjoY3LwnLRIg5IK/mzNyyaKz43DVR + K3fxBCGRbDncYSeGNj3Ljp+blk0BvfCaF4fLScY0TWUqsF15KZvgIQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age15jjykch8km3l8atssu0n9us6d2xg58z0ds9s0djtdh9l954sud5szqxv29 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaDhWMFU0OHRzQ09jaHZv + NDRValJhNU9kL2MrcjdjM0w0aURCbUdJeG1zCmFsZjNyMStSWjg3WVN4TzBEdkhX + eXhCSHFRZU16ek9hMWt4emtiL0dHdVkKLS0tIGREbmFLWEc2NlVRRVluZDBDUVlj + M2ZlU3RSYmVBVWJlc2dRVzhENlE4MTQKEfy3F/NJ26okuX0i1FIpc8U/ibCYNMEs + WItf3YCXz9JJRtgHRkSapt4IR0i2GrAkrEfZh45immgks/Jljf5qPA== + -----END AGE ENCRYPTED FILE----- + - recipient: age10jhawn266e3wr6rx0lndkl9a47ewtk6jgh35d2582uu2l7dtn4tqdqc29c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZC94VWhLZ3kwK0daWk5O + TWFrVUVmbmRkbHhDZFdoV3JkMHhWc0hzNGlFCmtZeUlzV0lwZ0x3VCt3SXN3ckUz + bDN6TTAySmx1OUl0UHlmSlBvYm9VeUkKLS0tIHBTeDVNRFlGRGo2Q04vem5qUHBV + UE84Y0krNnlBL0pPTHp5WXV1M1pueVUK8arhbxd/QtiaPHj4mWN+wiWqqVc1ZA6f + YEum4pEpRtsviu4kJi4Rmlua5/cT57zQoRT1Bi/pHRJycjSMjoqfmg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x708x83pjj7urp26pncx67fqz8a3htrf0umw7c00pvmxhl6y95lszjgd6r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR1FVemJacnVoSTB0RWxB + ZHhFLzhGWVJaUmJ4V3JKMFRCQ2lDNE9GY0c4CjFwbFVTZWZvTDZuckU5cXhnM0FC + T1NIcDJ1aGhhU0MvcklGMUJvaE5xeE0KLS0tIHRxREFqLy83ZTU2Wjg3RkIyZlRW + NXVVL0YrWWdxUlZrUnBXQVZiTkxDeUEK5m2o9eiUSzBxoa8OcjCdarPmFuhIo6xN + 9Qv/MvjKhXFfgp39h1B5kSWK+qF6nPOV7NBHdXhEbint1yOw4Sk+kA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-08T02:45:16Z" + mac: ENC[AES256_GCM,data:lKIY0MuTCooVILvMjtcJfoQF8k8cP15eqdu3w8hbNA/+9cbMp+SU1RuJna9UK47V3z30NbAQowD8jNMz1S89Sc72oDIH5z1TylBO+jLu8EDMpAGvLadD+e4NQYPVAkqVWGPLdzPQTVpLyRhJsjujw+3stxSlfjKq7YyMSVEk/7E=,iv:V+1L9TGTnAjJ8U5OlOTNTOA6LstMEV3nALXTus8ZJjM=,tag:AySkR/d7/3BHeh7wteuGew==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/modules/profiles/backups/restic/common.nix b/modules/profiles/backups/restic/common.nix new file mode 100644 index 0000000..ec08362 --- /dev/null +++ b/modules/profiles/backups/restic/common.nix @@ -0,0 +1,69 @@ +{ config, pkgs, lib, ... }: { + sops = { + secrets = { + restic_backup_password = { + sopsFile = ./secrets.yml; + format = "yaml"; + mode = "0600"; + }; + + restic_rest_omnibus_e10_password = { + sopsFile = ./secrets.yml; + format = "yaml"; + mode = "0600"; + }; + + rsync_net_ssh_key = { + format = "yaml"; + sopsFile = ./secrets.yml; + mode = "0600"; + }; + + apprise_url_ses = { + format = "yaml"; + sopsFile = ./secrets.yml; + mode = "0777"; + }; + }; + + templates = { + omnibus_rest_server_environment_file = { + content = '' + RESTIC_REST_USERNAME=e10 + RESTIC_REST_PASSWORD=${config.sops.placeholder.restic_rest_omnibus_e10_password} + ''; + }; + }; + }; + + programs.ssh = { + knownHosts."de2228.rsync.net".publicKeyFile = ./key.pub; + extraConfig = '' + Host de2228.rsync.net + User de2228 + IdentityFile ${config.sops.secrets.rsync_net_ssh_key.path} + ''; + }; + + systemd.services = { + "restic-notify-failure@" = { + description = "Notify on restic backup failure for %i"; + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellApplication { + name = "restic-notify-failure"; + runtimeInputs = with pkgs; [ apprise ]; + text = '' + apprise \ + --title "[E10] Backup failed for ${config.networking.hostName}" \ + --body "Backup failed for ${config.networking.hostName}: %i" \ + "$(cat ${config.sops.secrets.apprise_url_ses.path})" + ''; + }; + }; + }; + } // lib.mapAttrs' (name: _: + lib.nameValuePair "restic-backups-${name}" { + unitConfig.OnFailure = "restic-notify-failure@%n.service"; + }) config.services.restic.backups; +} diff --git a/modules/profiles/backups/borgmatic/key.pub b/modules/profiles/backups/restic/key.pub similarity index 100% rename from modules/profiles/backups/borgmatic/key.pub rename to modules/profiles/backups/restic/key.pub diff --git a/modules/profiles/backups/restic/secrets.yml b/modules/profiles/backups/restic/secrets.yml new file mode 100644 index 0000000..3ad7271 --- /dev/null +++ b/modules/profiles/backups/restic/secrets.yml @@ -0,0 +1,83 @@ +restic_backup_password: ENC[AES256_GCM,data:AjnlEhOL6SJPswvRuxNuyqyD0H5ECwQ3/INomvKC56U=,iv:+KaJRxRBbemxPU+7vrpNLr0HY951V22aN1xYf7rqfDU=,tag:gljycbp4M9ufj00umqRi5Q==,type:str] +restic_rest_omnibus_e10_password: ENC[AES256_GCM,data:JVpiOOcJrxodFylttL23/W7r4e3+Hbojp4FV/g9LDrc=,iv:F/aMKxUx2vRb898VCZKUO/i0GsWEPSIYOd3JNkh2lek=,tag:zB+ra7BvU4VD98+/2HiUIA==,type:str] +rsync_net_ssh_key: ENC[AES256_GCM,data:WhDcyr/uCnZaBB1Wsrn/0KluWLph9anmBMZVAFNOohjzx/NBfGZh2vExS0tTy7N8yfOY9iExiGTJREzlkVfkB64hT/ViOwxuBwEqVdo1OUxDx0TlP1pFQNYltLA2DUdX7ej61KwVgB07F6shCWlgT0TVr28o298L8sHzPZ1EcNP1oDHpP05CdGOqfZEFGW40gSZvpGhTxwp6IzqAq3MjghlDjVhzPdBugO59cKJKVH99WuwHUh91IkE8KawP1gxCFcf3siun2gbbfe3hF8P0dXVED9tlIMlzCF1ZeZ6c+F4/CzzftXwiEe9igM2oG/QdlrO7VcsY2C7xcMiAP+k6cRXXfpdMAgnG1QbqAyiYMGuqbJOANgH7rlCqBEN2tdPyyunsLWqEvDxDFtvexjYxjH3FdXo2DTMcf7XWooedpqVIUPm1fRDtGKZDkhUgPh+ghsuaHRIC3DMV+pOJgT3vacxM1zTAopI9N4wzeTQG0WRgltpYw4ghYx1UviT+ksJfeallOyy2hekioC3uj+TelqWs0ehXQ45YbJBn4FWy3zhvAmYAY66vPDwEPBRm6gm0xqiWCsFsPzbiwZ8DnaPRJMALIK/h3ZlJi7+2zmUbqU3H4WTM0+8STiEQx2Vdhca3gAfOEcb+8zNpKk41HjbqoWWJh4qIdObaVAQhuMq5pDxwfxWpaB+ysUGIB+s9yC3XB6IO5fkfx//DyUK9/Du6hzgp2PFSkRcMxdi16EZMe4KN6zHyjQOMaefgFOrVuzu1cAOiK1JQdrDquPY/adZWnfsuEBgz9YlmOQhERkrMCrCh8po10iLPqSf+m5E9VmJ8hzFi1ZHmnwueYWGtrCVWF+QPrxy+zgRfHPIiWlQpLMWyiPAFGYMQ03Q+VC75LilNphe8x/CNm8NgSA5xG1Hd+ce+n7k26f5Qi5+DDSX+K7nP0hdX6JptVOVbYXMajliLdncAmp3rEFJ7A3KXEcffBXIpLHwSdPaSLzy8yqnxx/ae3ybGxTvmMqNN4pbtoE5QIqV/MKiZR03DYjqDVgr5Hz8NsTzxGd3XMkkyVnWAFGOBkaR5SiPWr70P1sgUV4im7X/x9e+yWscHKgPX2rUZG7QtLRyiMpSSWJqjleEH8Fo5tcHMlUp2mZ5zePXRiPFaDbDfi1SNYmWQ6/1KClUmVOOHN5aGqWWbKx/crrcgFWDtlH+zWCEvtbubiyZvPThVE35/V/yU3QSgITDGgR3SI1FSElf+VkpD4gBmnWTldcFoO0H3NOSq3QwAZ91xo3v1n1bqPUiGlrYshYOHga0wbJsCWfq7gG0zPreSbHsbJBsbprVyCBelRLLv2rHaHzFZTYATST31JSGfscshRLO8bUOVMsZPKt8cmPCuu7HoQrQ8glS1XDqPdVDerkr27UvX1UMZEX9O5uWeIUIREVnK3t3hwMRvNBT6uvd8itr1wnuxafpL9l2yKvD/9tyCF6grSQwID9T2oZmn4CI9fD31o/4SVssCpjDEWQlzrd366dAltUEjZNnV2h0TFch42GmDMeutS43OHXYjL1QwkhnsWRBiFyakRcqPqJawJfOkB1Yzgopz8M5soKdi6oG7xpYIDMTMa5cYhZ2sVmEWQzPoi5FlW1EYWHTOdoxbf8GJouIFLTkvy/wpN7bBfPRlaIMFaT5Aoxmt2jx2bqPHWObXr4lScBog9iHkiDJmNf66BcVdw2e7EGVGoeBcO9YGLIRM7gzdWsmjDtFC+/lQqvBGdDatzDA5RjbGN2dYiCix3xHv3uCQC8cz+4uFy95diDLMBHS7J8Fl97qf52Pc4yeeeUX523SyXbM9FDVkYYPr0eCipeF77fOE1GB2QgE3R6OwkUdimij+gcmnlCjVG2sRFo+smUdXbt4JV6sC9Bykn00/xcXF03/47LQDjP+qzGXPaUmJBZhDpcVwgTahLPGP+FJfjCDWJJ85bBbVOS7JSHW4KkhHm3dm8ja0RdNWj3mqYlwtQEKAZ2tY5g3orYMenX+qQzMeKxHNwLOq+P2j30YAOBiGIgVkmJGXd0vZgB8xpP611ONP2+KMvgVgtZpraN9ODYJ99AfFK+RkwXz57suoX+HmRJtYICSWEpEY3XyKfnrk8bMMbYidLhUBHFR3Fwq/vnUWlUu2+f4OC4ggOsMd6BOQqN92qjEpoq7n5LKG0XHN82PJrxLwEyDj7BQ/OjEDAzwkmt4Fx647pjJehWzsXa7WoK56sBL7Uf3r6do=,iv:z0yEqTAl/GTbAu+xjuBW6CYT2OIz9ZaTQkJ3061alLM=,tag:D9IvzeAaVHYL2fVRMSGXTQ==,type:str] +apprise_url_pushover: ENC[AES256_GCM,data:CLZcPo/h6g++zTnmS7cLocyVqebACa/JTTMskGSmifOujdCAmbdWLvafbDVYO+prw6t0L8UcRQUIyi0VVoH4rNzmFuvH,iv:dWxfU+0l1BYi/V7lkdfqL8d4zBJjuwglFEHLR9OQyew=,tag:GrAVGYW/ZoGamAutpM7k5w==,type:str] +apprise_url_ses: ENC[AES256_GCM,data:obDNIQxXPazWLwokAYmLuk5XR1mXnMwsAHX+fZr/VcrJMxaKXM68FQpPuELCP9bLbYWR+3YGzncIogukKvbrrpi4nXOJZkB3QgOwQYpFRocrHS7ejlZy2CB/Rjf9qQ==,iv:2OPTfmEAm8R7GEQGvRRdacp7WUV1KaYFygchcGDdJfI=,tag:lmBDjQTB+RcHh1ydXs3ThA==,type:str] +sops: + age: + - recipient: age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWGZ4MytXK2tqaTNDVUR3 + WVJZZzI0cUNFc3BZWVREakRVWE5ObHVFMG5rCjloRUVFMElDSUUyYm9DcGRVNlBQ + Yk4yNmVtYy9La0VSbVNRSEsrcFpBak0KLS0tIGRDbUNuQnpaK21oT2JNZ1U4cVYv + UmpOVmhqcXJBakhmempCYzBHMFZ3ajgKefhFndwc4zvljZpN1u33O7hoBYIltywN + IS6WaZ9lmAwC1QJyv/nM5db3gRv+6glZ5Dy3QkCpOn0fSdkUhXreSw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1g22ghnrdg858yv6w2ux8hgntj8gkdyjn28axdkmzyx38d4vx6geqj4px9a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1eDhGWHEzZjVOREpaUXp5 + R1VNT29ZNThyVVdtRFc5MjErTDdzOGRBMVZVCjJLeGhhWDFub0JGaGQ0bEpHM3Zy + SVRaenZuZDZrbDZLbll2QTNQbUcrc2MKLS0tIGJodWFjaHBhdy9PT1FuL3pIcUJm + N3EzVW4zQkdVRmE3RDJvQWs1VHdiNnMKuGp7Gi6fzLsz1bM5Qnz2OrgpqAJw7Ne/ + oRhW9w/hswpklL1FWt6pJ5Q1afsGqgjjs8VdyXX+fSTWvPu3/Vf/KQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k5nzxq4ej2u9ls97c2dhlz96j2vghv0assz5g0p4npzyc8c8fqlqld72hg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb3F2TitLV1R3c3NaMXc5 + RnNib2pCaS9pKzdYdlRCK2hBWVZkUzM3cWswCnNQS3paYWhQaHhCeDFDSm9oNFRN + bE96T09OY012NGdMZnZ4dGcxZGx4VGsKLS0tIEM2MVo0V0dtTEtVNEtXbDhqM2lE + OTN2VEFIMmZXYk5HOTBiNW1LVitCcWMKYwM2V2pQdwfPZF0izcm7zPIqUA38d2ah + Rhyof/hCOMxgW8NT6fuPlDNfsZPE1r6fG3UxmlUC23MewEqSz6ieIw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1gkzp905yqkla54l52m4xkqtxpn0sndkx0vh6qqa8d2tu29x8f35q354gpe + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpb3FxckNhdjBldm5Xb3VZ + UFlrdjZpRXJkNDNtOUxndVRWN1BCVUhmK0RBCnMvUUpYT3BtK0FCRnlrTHBBVk9t + VlhjNkJMWmJ4eWprQ0FFN3kxWEtwbE0KLS0tIDdVN3RCbk5ES1BCcFdXdG1nSWsx + Nk91NnBxcXB5OGZuc3pzU2NrMDVDcFkK9V3tYwOjR7D1boC8vuXSHcaCjI9W+V1M + LWAuZTDkgdoF2pFsDZQ9R0MmtVCP8S9pTVku9BhOxZkYAQvAvWZXCQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1c4d93hmawmx8nt8g2sjrxcngfl7qx7y6vwxpqqg7grrkhjen6fvstljgg9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQ1Vxc0RSSUtFaVhQa3Nj + R2FHSEorTzJmMlAxM3JmVTBQZXRqRmdzbUNFCjZUMzVxWS93MithcitCeHJyK0NN + WFFTYzlCd3BlMnBlMStjVnF0OFNtVWcKLS0tIFIxcnJIdGZyUHAxbk5jN3dVNWFT + M0ppS29nN2xHeUhoRzlRR2hPb0d0T28KhxfP0ZkBB4FB5H+QyGeGO9eghIVos3Bl + IdJwe19HcG+jXpDF84ehhuoxZHaJ+keKmBxg1zzPEgTcsuCRBZ2l7A== + -----END AGE ENCRYPTED FILE----- + - recipient: age15jjykch8km3l8atssu0n9us6d2xg58z0ds9s0djtdh9l954sud5szqxv29 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UEtUTlo2THVJWmZZYStP + ZDhTNDZNSnNwNU0rQWZ0Q05kcWR2TUNzc1hjCmpSZzExa0VmYlVXZitOSm5KVjky + d1YzNEQyU2N6cVIzdFU1ME5tZDJLNlUKLS0tIFRKbUlKVmxXdSsrUkhnWG95RXpD + RUQ2aENmaWdFZmVlMngvUkZuZUpvblUKlRSUwGD7xhhkgiuzirO/evCqL0MoR2ZX + RIok0H+PGZLjSJvXHEw0tFp1tHJ4QX+91QrWzDwYhY2UrDwdM0pbiQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10jhawn266e3wr6rx0lndkl9a47ewtk6jgh35d2582uu2l7dtn4tqdqc29c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNm5DejRnU2didUZlZ0Zn + MnYvNERXL25UOUIrMTRBNkMrVWorQXBpcm1zCnpCdWRDdFo1MnhIa1NrMGNZSS9K + ckQyQms4RndPQmdFWDJPV2NldEtmOGMKLS0tIDdYRGlaVFExMkVSaHBuM3dzcW5J + TDVnMXc4dk13ZHRiZlBjVzJieGxvdXMKWca+s9yKqG3AbXmblGOBm8Ehp95EOPIw + OsPRr8DG2t4sXwCOJJO+tgi3aoO8DxOaitFc/z6TVZKKC2G2QMfPWA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x708x83pjj7urp26pncx67fqz8a3htrf0umw7c00pvmxhl6y95lszjgd6r + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVDBEZXVnU2lwZUlMelpQ + dTk0OTc1M1VDR3FoZ1Y1YUpMalJNbnBNc1VRCjk2Vm1qQ2QvbS9OQWNZUUFQaXdD + cUgzNFBoZE50OWtOSlVMVS9qeFpXWlkKLS0tIDlicDNVVHk3Y1ZQdEZZeEw4L1Ro + RE9hdFVIWEdnMUM5K0ZHNTRqMm5zSU0KPBicK1L8mhdLBt3lun5NNYBJXeXUXIPi + y6T3BBoUvkWx2HXVbqUYTfbvc3AQV0j3W1t5yy1a+I+zABoY4cHjPg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-03-09T02:22:06Z" + mac: ENC[AES256_GCM,data:5c4e28JRFfF/ceoDG+1Ojpzaw9N8+ySQtbsVVYXs+/6eNVj2g+4ZqIzOOonCYsvd5lYE49zLRqeXxTCRRHmgPTK3B2w6WxXuA1J7hIWlfZbblioYy66YfFuMPgKVBiGJ2cAg+qpYgjaSFep781g5h0h7M6l0Ye7Yq8KS6QEHKyo=,iv:SFXMH7L9dWQKFkG1mWQDsGPuZanwvyeftA0TMJXJeGY=,tag:vqwoC/MhUbKXDZWRCMG/Dg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.11.0 diff --git a/modules/profiles/backups/restic/system.nix b/modules/profiles/backups/restic/system.nix new file mode 100644 index 0000000..acbe5ac --- /dev/null +++ b/modules/profiles/backups/restic/system.nix @@ -0,0 +1,49 @@ +{ config, lib, ... }: { + imports = [ ./common.nix ]; + + services.restic.backups = let + sharedOptions = { + initialize = true; + passwordFile = config.sops.secrets.restic_backup_password.path; + paths = [ "/etc" "/var/lib" "/srv" "/root" ]; + exclude = [ + "**/.cache" + "**/.nix-profile" + "**/*.log" + "/var/lib/containers" + "/var/lib/docker" + "/var/lib/libvirt" + "/var/lib/postgresql" + "/var/lib/private" + "/var/lib/systemd" + "/var/logs" + ]; + timerConfig = { + OnCalendar = "03:30"; + Persistent = true; + RandomizedDelaySec = "1h"; + }; + pruneOpts = [ "--keep-daily 3" "--keep-weekly 2" "--keep-monthly 2" ]; + exporter.enable = true; + }; + in { + system-omnibus = lib.recursiveUpdate { + repository = + "rest:http://omnibus:8000/${config.networking.hostName}/system"; + environmentFile = + config.sops.templates.omnibus_rest_server_environment_file.path; + exporter.port = 9753; + } sharedOptions; + + system-rsync-net = lib.recursiveUpdate { + repository = + "sftp://de2228@de2228.rsync.net/${config.networking.hostName}/system"; + extraOptions = + [ "sftp.args='-i ${config.sops.secrets.rsync_net_ssh_key.path}'" ]; + exporter = { + enable = true; + port = 9754; + }; + } sharedOptions; + }; +} diff --git a/modules/profiles/home-automation/home-assistant/default.nix b/modules/profiles/home-automation/home-assistant/default.nix index 385cbaa..6760a19 100644 --- a/modules/profiles/home-automation/home-assistant/default.nix +++ b/modules/profiles/home-automation/home-assistant/default.nix @@ -45,6 +45,7 @@ "brother" "ecobee" "google_translate" + "govee_ble" "homeassistant_hardware" "homeassistant_sky_connect" "homekit_controller" @@ -54,9 +55,11 @@ "matter" "met" "mqtt" + "netatmo" "opower" "radio_browser" "sonos" + "switchbot" "tplink" "zha" ]; diff --git a/modules/profiles/media-management/huntarr.nix b/modules/profiles/media-management/huntarr.nix deleted file mode 100644 index 0c50348..0000000 --- a/modules/profiles/media-management/huntarr.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.huntarr = { - enable = true; - openFirewall = true; - }; -} diff --git a/modules/profiles/media-management/sabnzbd/default.nix b/modules/profiles/media-management/sabnzbd/default.nix index 9d2aaff..f552232 100644 --- a/modules/profiles/media-management/sabnzbd/default.nix +++ b/modules/profiles/media-management/sabnzbd/default.nix @@ -1,4 +1,8 @@ -{ flake, config, ... }: { +{ flake, config, ... }: +let + downloadDir = "/data/local/tmp/sabnzbd/inter"; + completeDir = "/data/local/tmp/sabnzbd/dst"; +in { sops = { secrets = { sabnzbd_admin_password = { @@ -133,12 +137,13 @@ host = "0.0.0.0"; username = "admin"; permissions = 777; - download_dir = "/data/local/tmp/sabnzbd/inter"; - complete_dir = "/data/local/tmp/sabnzbd/dst"; + download_dir = downloadDir; + complete_dir = completeDir; admin_dir = "/var/lib/sabnzbd/admin/"; log_dir = "/var/lib/sabnzbd/logs/"; host_whitelist = "htpc,"; inet_exposure = "api+web (auth needed)"; + cache_limit = "512M"; }; servers = { "news-us.newsgroup.ninja" = { @@ -146,120 +151,79 @@ displayname = "news-us.newsgroup.ninja"; host = "news-us.newsgroup.ninja"; port = 563; - timeout = 60; connections = 40; ssl = true; ssl_verify = "strict"; - ssl_ciphers = ""; enable = true; required = false; - optional = false; - retention = 0; expire_date = "2026-10-29"; - quota = ""; - usage_at_start = 0; priority = 0; - notes = ""; }; "news.supernews.com" = { name = "news.supernews.com"; displayname = "news.supernews.com"; host = "news.supernews.com"; port = 119; - timeout = 60; connections = 15; ssl = false; ssl_verify = "strict"; - ssl_ciphers = ""; enable = false; required = false; - optional = false; - retention = 0; expire_date = ""; - quota = ""; - usage_at_start = 0; priority = 0; - notes = ""; }; "reader.xsnews.nl" = { name = "reader.xsnews.nl"; displayname = "reader.xsnews.nl"; host = "reader.xsnews.nl"; port = 563; - timeout = 60; connections = 15; ssl = true; ssl_verify = "strict"; - ssl_ciphers = ""; enable = false; required = false; - optional = false; - retention = 0; expire_date = ""; - quota = ""; - usage_at_start = 0; priority = 0; - notes = ""; }; "news.newshosting.com" = { name = "news.newshosting.com"; displayname = "news.newshosting.com"; host = "news.newshosting.com"; port = 563; - timeout = 60; connections = 100; ssl = true; ssl_verify = "strict"; - ssl_ciphers = ""; enable = true; required = false; - optional = false; - retention = 0; expire_date = "2026-08-29"; - quota = ""; - usage_at_start = 0; priority = 0; - notes = ""; }; "news.newsgroupdirect.com" = { name = "news.newsgroupdirect.com"; displayname = "NewsgroupDirect"; host = "news.newsgroupdirect.com"; port = 563; - timeout = 60; connections = 8; ssl = true; ssl_verify = "strict"; - ssl_ciphers = ""; enable = true; required = false; - optional = false; - retention = 0; expire_date = ""; quota = "4000G"; - usage_at_start = 0; priority = 1; - notes = ""; }; "news.eweka.nl" = { name = "news.eweka.nl"; displayname = "news.eweka.nl"; host = "news.eweka.nl"; port = 563; - timeout = 60; connections = 50; ssl = true; ssl_verify = "strict"; - ssl_ciphers = ""; enable = true; required = false; - optional = false; - retention = 0; expire_date = "2027-05-13"; - quota = ""; - usage_at_start = 0; priority = 0; - notes = ""; }; }; categories = { @@ -304,8 +268,8 @@ }; systemd.tmpfiles.rules = [ - "d '/data/local/tmp/sabnzbd/inter' 0777 ${config.services.sabnzbd.user} ${config.services.sabnzbd.group} - -" - "d '/data/local/tmp/sabnzbd/dst' 0777 ${config.services.sabnzbd.user} ${config.services.sabnzbd.group} - -" + "d '${downloadDir}' 0777 ${config.services.sabnzbd.user} ${config.services.sabnzbd.group} - -" + "d '${completeDir}' 0777 ${config.services.sabnzbd.user} ${config.services.sabnzbd.group} - -" ]; services.prometheus.exporters.exportarr-sabnzbd = { diff --git a/modules/profiles/monitoring/loki/default.nix b/modules/profiles/monitoring/loki/default.nix index 532b248..65da89a 100644 --- a/modules/profiles/monitoring/loki/default.nix +++ b/modules/profiles/monitoring/loki/default.nix @@ -133,6 +133,8 @@ [ config.services.loki.configuration.server.http_listen_port ]; }; - services.borgmatic.configurations.system.exclude_patterns = - [ "/var/lib/prometheus2/data/wal" ]; + services.restic.backups = { + system-omnibus.exclude = [ "/var/lib/loki/wal" ]; + system-rsync-net.exclude = [ "/var/lib/loki/wal" ]; + }; } diff --git a/modules/profiles/monitoring/prometheus.nix b/modules/profiles/monitoring/prometheus.nix index 07645ae..95895a2 100644 --- a/modules/profiles/monitoring/prometheus.nix +++ b/modules/profiles/monitoring/prometheus.nix @@ -14,6 +14,8 @@ globalConfig.external_labels.prometheus = "${config.networking.hostName}"; }; - services.borgmatic.configurations.system.exclude_patterns = - [ "/var/lib/prometheus2/data/wal" ]; + services.restic.backups = { + system-omnibus.exclude = [ "/var/lib/prometheus2/data/wal" ]; + system-rsync-net.exclude = [ "/var/lib/prometheus2/data/wal" ]; + }; } diff --git a/modules/profiles/networking/unifi.nix b/modules/profiles/networking/unifi.nix index 6f73fc7..755e1ab 100644 --- a/modules/profiles/networking/unifi.nix +++ b/modules/profiles/networking/unifi.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ pkgs, lib, ... }: { services.unifi = { enable = true; openFirewall = true; @@ -6,6 +6,10 @@ mongodbPackage = pkgs.mongodb-ce-6_0; }; + # Set to 5 mintues by the NixOS module, but prevents shutdown of the host for + # that long. Shorten to make this happen quicker + systemd.services.unifi.serviceConfig.TimeoutSec = lib.mkOverride 10 "30s"; + networking.firewall = { allowedTCPPorts = [ 6789 8080 8880 8443 8843 ]; allowedUDPPorts = [ 8443 ]; diff --git a/modules/profiles/observability/gatus/default.nix b/modules/profiles/observability/gatus/default.nix index 4905539..cba527b 100644 --- a/modules/profiles/observability/gatus/default.nix +++ b/modules/profiles/observability/gatus/default.nix @@ -87,11 +87,6 @@ in { config, lib, ... }: { url = "http://bastion:9100"; group = "Bastion"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://bastion:9996"; - group = "Bastion"; - }) ]; omnibus = [ (mkEndpoint { @@ -99,11 +94,6 @@ in { config, lib, ... }: { url = "http://omnibus:9100"; group = "Omnibus"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://omnibus:9996"; - group = "Omnibus"; - }) (mkEndpoint { name = "Prometheus SMART Exporter"; url = "http://omnibus:9633"; @@ -158,11 +148,6 @@ in { config, lib, ... }: { url = "https://profilarr.e10.camp"; group = "HTPC"; }) - (mkEndpoint { - name = "Huntarr"; - url = "https://huntarr.e10.camp"; - group = "HTPC"; - }) (mkEndpoint { name = "Tautulli"; url = "https://tautulli.e10.camp"; @@ -208,11 +193,6 @@ in { config, lib, ... }: { url = "http://htpc:9100"; group = "HTPC"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://htpc:9996"; - group = "HTPC"; - }) (mkEndpoint { name = "FileFlows"; url = "https://fileflows.e10.camp"; @@ -236,11 +216,6 @@ in { config, lib, ... }: { url = "http://matrix:9100"; group = "Matrix"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://matrix:9996"; - group = "Matrix"; - }) (mkEndpoint { name = "Netbox"; url = "https://netbox.e10.camp"; @@ -323,11 +298,6 @@ in { config, lib, ... }: { url = "http://builder:9100"; group = "Builder"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://builder:9996"; - group = "Builder"; - }) ]; controller = [ (mkEndpoint { @@ -365,11 +335,6 @@ in { config, lib, ... }: { url = "http://controller:9100"; group = "Controller"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://controller:9996"; - group = "Controller"; - }) (mkEndpoint { name = "Prometheus NUT Exporter"; url = "http://controller:9199"; @@ -430,11 +395,6 @@ in { config, lib, ... }: { url = "http://monitor:9100"; group = "Monitor"; }) - (mkEndpoint { - name = "Prometheus Borgmatic Exporter"; - url = "http://monitor:9996"; - group = "Monitor"; - }) ]; pikvm = [ (mkEndpoint { diff --git a/modules/profiles/services/glance/default.nix b/modules/profiles/services/glance/default.nix index 58bb0b6..9624d83 100644 --- a/modules/profiles/services/glance/default.nix +++ b/modules/profiles/services/glance/default.nix @@ -105,12 +105,6 @@ url = "https://hass.e10.camp"; icon = "di:home-assistant"; }) - (mkSite { - title = "Huntarr"; - url = "https://huntarr.e10.camp"; - icon = - "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/huntarr.png"; - }) (mkSite { title = "Immich"; url = "https://immich.e10.camp"; diff --git a/modules/profiles/telemetry/prometheus-borgmatic-exporter.nix b/modules/profiles/telemetry/prometheus-borgmatic-exporter.nix deleted file mode 100644 index 2100b44..0000000 --- a/modules/profiles/telemetry/prometheus-borgmatic-exporter.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, ... }: { - services.prometheus.exporters.borgmatic = { - enable = true; - openFirewall = true; - - configFile = "/etc/borgmatic.d/"; - }; - - systemd.services.prometheus-borgmatic-exporter.serviceConfig = { - User = lib.mkForce "borgmatic"; - Group = lib.mkForce "borgmatic"; - }; -} diff --git a/modules/suites.nix b/modules/suites.nix index 84600cb..8dcf87e 100644 --- a/modules/suites.nix +++ b/modules/suites.nix @@ -1,6 +1,6 @@ { profiles }: { core = [ - profiles.backups.borgmatic.system.rsync-net + profiles.backups.restic.system profiles.core.caching profiles.core.common profiles.core.nix-config @@ -14,7 +14,6 @@ profiles.security.fail2ban profiles.shell.fish profiles.system.earlyoom - profiles.telemetry.prometheus-borgmatic-exporter profiles.telemetry.prometheus-node-exporter profiles.telemetry.vector.common profiles.telemetry.vector.journald @@ -39,8 +38,6 @@ profiles.users.root ]; - local = [ profiles.backups.borgmatic.system.omnibus ]; - nuc = [ profiles.filesystems.hybrid-boot profiles.filesystems.zfs