prune_cfg

configuration.nix

@@ -105,14 +105,17 @@
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.sondell = {
+    home = "/home/sondell";
     isNormalUser = true;
     description = "sondell";
-    extraGroups = ["networkmanager" "wheel"];
+    extraGroups = ["networkmanager" "wheel" "backup"];
     packages = with pkgs; [
       firefox
       #  thunderbird
     ];
   };
+  users.groups."backup".gid = 1337;
+
 
   users.users.root = {
     isNormalUser = false;
@@ -127,6 +130,7 @@
   environment.systemPackages = with pkgs; [
     #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
     #  wget
+    restic
     htop
     cloudflared
     filebrowser
@@ -143,17 +147,19 @@
   programs = {
     ssh.startAgent = true;
     fish = {
-      enable = true;
+      enable = false;
       shellInit = "starship init fish | source";
     };
-    starship.enable = true;
-    starship.settings = {
-      shell = {
-        disabled = false;
-        fish_indicator = "";
-        bash_indicator = "BASH";
+  starship = {
+      enable = false;
+      settings = {
+        shell = {
+          disabled = false;
+          # fish_indicator = "";
+          bash_indicator = "BASH";
+        };
       };
-    };
+  };
   };
 
   # Some programs need SUID wrappers, can be configured further or are

flake.lock

@@ -71,6 +71,26 @@
         "url": "https://git.sondell.org/glennwso/home.git"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1716847642,
+        "narHash": "sha256-rjEswRV0o23eBBils8lJXyIGha+l/VjV73IPg+ztxgk=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "10c7c219b7dae5795fb67f465a0d86cbe29f25fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nixos-mailserver": {
       "inputs": {
         "blobs": "blobs",
@@ -78,14 +98,14 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "utils": "utils"
+        "nixpkgs-24_05": "nixpkgs-24_05"
       },
       "locked": {
-        "lastModified": 1710449465,
-        "narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
+        "lastModified": 1718697807,
+        "narHash": "sha256-Enla61WFisytTYbWygPynEbu8vozjeGc6Obkj2GRj7o=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
+        "rev": "290a995de5c3d3f08468fa548f0d55ab2efc7b6b",
         "type": "gitlab"
       },
       "original": {
@@ -96,11 +116,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1711703276,
-        "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
+        "lastModified": 1716509168,
+        "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
+        "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
         "type": "github"
       },
       "original": {
@@ -110,9 +130,25 @@
         "type": "github"
       }
     },
+    "nixpkgs-24_05": {
+      "locked": {
+        "lastModified": 1717144377,
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-24.05",
+        "type": "indirect"
+      }
+    },
     "root": {
       "inputs": {
         "home": "home",
+        "home-manager": "home-manager",
         "nixos-mailserver": "nixos-mailserver",
         "nixpkgs": "nixpkgs"
       }
@@ -131,39 +167,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "utils": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1709126324,
-        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -1,17 +1,37 @@
 {
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-  inputs.home.url = "git+https://git.sondell.org/glennwso/home.git";
-  inputs.home.inputs.nixpkgs.follows = "nixpkgs";
-  inputs.nixos-mailserver = {
-    url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
-    inputs.nixpkgs.follows = "nixpkgs";
-  };
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    home = {
+      url = "git+https://git.sondell.org/glennwso/home.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixos-mailserver = {
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+};
 
-  outputs = { self, nixpkgs, home, nixos-mailserver}@attrs:
+  outputs = { self, nixpkgs, home, nixos-mailserver, home-manager}@attrs:
   let 
     system = "x86_64-linux";
     homepage = home.packages.${system}.default;
     mailserver = nixos-mailserver.nixosModules.default;
+
+    homeSettings = {
+      home-manager = {
+        useGlobalPkgs = true;
+        useUserPackages = true;
+        users.sondell = import ./home/sondell.nix;
+      };
+    };
+    homeModules = [
+      home-manager.nixosModules.home-manager
+      homeSettings
+    ];
   in
    {
     # replace 'joes-desktop' with your hostname here.
@@ -33,7 +53,7 @@
         ./vaultwarden.nix
         (import ./mail.nix {inherit mailserver;})
         (import ./homepage.nix {inherit homepage;})
-      ];
+      ] ++ homeModules;
 
     };
   };

home/sondell.nix

@@ -0,0 +1,30 @@
+{
+  # pkgs,
+  # config,
+  # lib,
+  ...
+}:
+{	
+  # Home Manager needs a bit of information about you and the
+  # paths it should manage.
+  home.username = "sondell";
+  home.homeDirectory = "/home/sondell";
+  programs.ssh.addKeysToAgent = "yes";
+  programs.ssh.enable = true;
+  programs.ssh.matchBlocks."*".identityFile = [
+    "/home/sondell/.ssh/tulpan"
+  ];
+
+  # This value determines the Home Manager release that your
+  # configuration is compatible with. This helps avoid breakage
+  # when a new Home Manager release introduces backwards
+  # incompatible changes.
+  #
+  # You can update Home Manager without changing this value. See
+  # the Home Manager release notes for a list of state version
+  # changes in each release.
+  home.stateVersion = "24.05";
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}

nextcloud.nix

@@ -8,28 +8,49 @@ in
   environment.systemPackages = [
     nextcloud
   ];
-  systemd.timers."nextcloud-backup" = {
+  systemd.timers."nextcloud-db-backup" = {
     wantedBy = [ "timers.target" ];
       timerConfig = {
         # OnBootSec = "5m";
         # OnUnitActiveSec = "5m";
         OnCalendar="*-*-* 2:00:00";
-        Unit = "nextcloud-backup.service";
+        Unit = "nextcloud-db-backup.service";
       };
   };
 
-  systemd.services."nextcloud-backup" = {
+  systemd.services."nextcloud-db-backup" = {
     script = with pkgs; ''
       set -eu
-      ${postgresql}/bin/pg_dump "nextcloud" | ${openssh}/bin/ssh -i /etc/nixos/.secrets/tulpan Glenn@nas "cat - > back/nextcloud/dump.sql" 
+      date=$(date --iso-8601)
+      ${postgresql}/bin/pg_dump "nextcloud" | ${openssh}/bin/ssh -i /etc/nixos/.secrets/tulpan Glenn@nas "cat - > back/nextcloud/sqldump/$date.sql" 
     '';
     serviceConfig = {
       Type = "oneshot";
       User = "postgres";
     };
   };
+
   
   services = {
+    restic.backups = {
+      "nextcloud" = {
+        passwordFile = "/etc/nixos/.secrets/restic_pw";
+        repository = "sftp:Glenn@nas:/home/back/nextcloud/restic-repo";
+        paths = [
+          "/pool/var/lib/nextcloud"
+        ];
+        user = "sondell";
+        timerConfig.OnCalendar = "02:05";
+        pruneOpts = [
+          "--keep-daily 10"
+          "--keep-weekly 5"
+          "--keep-monthly 12"
+          "--keep-yearly 75"
+        ];
+      };
+    };
+
+  
     nginx.virtualHosts = {
       ${domain} = {
         forceSSL = true;
@@ -48,6 +69,8 @@ in
       # Let NixOS install and configure the database automatically.
       database.createLocally = true;
       # Increase the maximum file upload size.
+      datadir="/pool/var/lib/nextcloud";
+      
       maxUploadSize = "16G";
       https = true;
       autoUpdateApps.enable = true;