hm cleanup

2025-06-02 01:21:31 -05:00 · 2025-06-02 01:21:31 -05:00 · 5d7ab7c414
commit 5d7ab7c414
parent 4eedb65822
18 changed files with 534 additions and 328 deletions
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -30,9 +30,13 @@ host,
  nix = {
    settings = {
      auto-optimise-store = true;
-      substituters = ["https://nix-community.cachix.org"];
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://install.determinate.systems"
+      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
      ];
      trusted-users = [host.username];
      experimental-features = ["nix-command" "flakes"];
--- a/nixos/consensus/backups.nix
+++ b/nixos/consensus/backups.nix
@ -0,0 +1,30 @@
+{config, ...}: {
+  sops = {
+    defaultSopsFile = ../../secrets/restic.yaml;
+    secrets = {
+      "b2-immich/env" = {};
+      "b2-immich/repo" = {};
+      "b2-immich/password" = {};
+    };
+  };
+  services.restic.backups = {
+    b2-immich = {
+      initialize = true;
+      environmentFile = config.sops.secrets."b2-immich/env".path;
+      repositoryFile = config.sops.secrets."b2-immich/repo".path;
+      passwordFile = config.sops.secrets."b2-immich/password".path;
+
+      paths = [
+        "/rice/immich"
+      ];
+      timerConfig = {
+        OnCalendar = "06:00";
+      };
+      pruneOpts = [
+        "--keep-daily 14"
+        "--keep-monthly 6"
+        "--keep-yearly 1"
+      ];
+    };
+  };
+}
--- a/nixos/consensus/configuration.nix
+++ b/nixos/consensus/configuration.nix
@ -1,11 +1,11 @@
 {lib, pkgs, config, ...}: {
  imports = [
    ./hardware-configuration.nix
+    ./backups.nix
  ];
  sops = {
-    defaultSopsFile = ../../secrets/cf-acme.yaml;
    secrets = {
-      "env" = {};
+      "env" = { sopsFile = ../../secrets/cf-acme.yaml; };
    };
  };
  documentation = {
@ -91,11 +91,11 @@
        2022
        6443
        25565
-        30001
+        9001
        30303
      ];
      allowedUDPPorts = [
-        30001
+        9001
        30303
      ];
      logRefusedConnections = true;
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -8,6 +8,7 @@
  defaultModules = [
    inputs.sops-nix.nixosModules.sops
    inputs.nix-index-database.nixosModules.nix-index
+    inputs.determinate.nixosModules.default
  ];
 in {
  t14 = inputs.nixpkgs.lib.nixosSystem {
--- a/nixos/t14/configuration.nix
+++ b/nixos/t14/configuration.nix
@ -120,20 +120,6 @@ in {
      };
    };
    ratbagd.enable = true; # Logitech
-    keyd = {
-      enable = true;
-      keyboards = {
-        default = {
-          ids = ["*"];
-          settings = {
-            main = {
-              pause = "timeout(esc, 150, space)";
-              scrolllock = "layer(shift)";
-            };
-          };
-        };
-      };
-    };
    udev.packages = [
      pkgs.ledger-udev-rules
      pkgs.trezor-udev-rules