diff --git a/hosts/chidi/secrets.nix b/hosts/chidi/secrets.nix index c40a1f6..a065902 100644 --- a/hosts/chidi/secrets.nix +++ b/hosts/chidi/secrets.nix @@ -7,8 +7,9 @@ in { sops.age.keyFile = "/Users/${user}/.config/sops/age/keys.txt"; - sops.secrets = secrets.mkSyncthingSecrets { - inherit hostname user; - isDarwin = true; - }; + sops.secrets = + secrets.mkSyncthingSecrets { + inherit hostname user; + isDarwin = true; + }; } diff --git a/hosts/jason/secrets.nix b/hosts/jason/secrets.nix index 4be567f..4bf69d3 100644 --- a/hosts/jason/secrets.nix +++ b/hosts/jason/secrets.nix @@ -9,8 +9,9 @@ in { sops.age.sshKeyPaths = []; sops.gnupg.sshKeyPaths = []; - sops.secrets = secrets.mkSyncthingSecrets { - inherit hostname user; - isDarwin = true; - }; + sops.secrets = + secrets.mkSyncthingSecrets { + inherit hostname user; + isDarwin = true; + }; } diff --git a/hosts/tahani/networking.nix b/hosts/tahani/networking.nix index f50a16d..2f4a988 100644 --- a/hosts/tahani/networking.nix +++ b/hosts/tahani/networking.nix @@ -1,4 +1,8 @@ -{config, hostname, ...}: { +{ + config, + hostname, + ... +}: { networking = { hostName = hostname; useDHCP = false; diff --git a/modules/pgbackrest.nix b/modules/pgbackrest.nix index d9f4b3c..052bcce 100644 --- a/modules/pgbackrest.nix +++ b/modules/pgbackrest.nix @@ -10,231 +10,254 @@ in { options.my.pgbackrest = { enable = mkEnableOption "pgBackRest PostgreSQL backup"; - stanza = mkOption { - type = types.str; - default = "main"; - description = "Name of the pgBackRest stanza"; - }; - - secretFile = mkOption { - type = types.path; - description = "Path to the environment file containing S3 credentials and cipher passphrase"; - }; - - s3 = mkOption { - type = types.submodule { - options = { - endpoint = mkOption { - type = types.str; - default = "s3.eu-central-003.backblazeb2.com"; - description = "S3 endpoint URL"; - }; - - bucket = mkOption { - type = types.str; - description = "S3 bucket name"; - }; - - region = mkOption { - type = types.str; - default = "eu-central-003"; - description = "S3 region"; - }; - - path = mkOption { - type = types.str; - default = "/backups"; - description = "Path within the S3 bucket"; - }; - }; + stanza = + mkOption { + type = types.str; + default = "main"; + description = "Name of the pgBackRest stanza"; }; - default = {}; - description = "S3 storage configuration"; - }; - retention = mkOption { - type = types.submodule { - options = { - full = mkOption { - type = types.int; - default = 7; - description = "Number of full backups to retain"; - }; - - diff = mkOption { - type = types.int; - default = 7; - description = "Number of differential backups to retain"; - }; - }; + secretFile = + mkOption { + type = types.path; + description = "Path to the environment file containing S3 credentials and cipher passphrase"; }; - default = {}; - description = "Backup retention configuration"; - }; - compression = mkOption { - type = types.submodule { - options = { - type = mkOption { - type = types.str; - default = "zst"; - description = "Compression algorithm (none, gz, lz4, zst)"; - }; + s3 = + mkOption { + type = + types.submodule { + options = { + endpoint = + mkOption { + type = types.str; + default = "s3.eu-central-003.backblazeb2.com"; + description = "S3 endpoint URL"; + }; - level = mkOption { - type = types.int; - default = 3; - description = "Compression level"; + bucket = + mkOption { + type = types.str; + description = "S3 bucket name"; + }; + + region = + mkOption { + type = types.str; + default = "eu-central-003"; + description = "S3 region"; + }; + + path = + mkOption { + type = types.str; + default = "/backups"; + description = "Path within the S3 bucket"; + }; + }; }; - }; + default = {}; + description = "S3 storage configuration"; }; - default = {}; - description = "Compression configuration"; - }; - processMax = mkOption { - type = types.int; - default = 2; - description = "Maximum number of processes for parallel operations"; - }; + retention = + mkOption { + type = + types.submodule { + options = { + full = + mkOption { + type = types.int; + default = 7; + description = "Number of full backups to retain"; + }; - schedule = mkOption { - type = types.submodule { - options = { - full = mkOption { - type = types.str; - default = "daily"; - description = "OnCalendar expression for full backups"; + diff = + mkOption { + type = types.int; + default = 7; + description = "Number of differential backups to retain"; + }; + }; }; - - diff = mkOption { - type = types.str; - default = "hourly"; - description = "OnCalendar expression for differential backups"; - }; - }; + default = {}; + description = "Backup retention configuration"; + }; + + compression = + mkOption { + type = + types.submodule { + options = { + type = + mkOption { + type = types.str; + default = "zst"; + description = "Compression algorithm (none, gz, lz4, zst)"; + }; + + level = + mkOption { + type = types.int; + default = 3; + description = "Compression level"; + }; + }; + }; + default = {}; + description = "Compression configuration"; + }; + + processMax = + mkOption { + type = types.int; + default = 2; + description = "Maximum number of processes for parallel operations"; + }; + + schedule = + mkOption { + type = + types.submodule { + options = { + full = + mkOption { + type = types.str; + default = "daily"; + description = "OnCalendar expression for full backups"; + }; + + diff = + mkOption { + type = types.str; + default = "hourly"; + description = "OnCalendar expression for differential backups"; + }; + }; + }; + default = {}; + description = "Backup schedule configuration"; }; - default = {}; - description = "Backup schedule configuration"; - }; }; - config = mkIf cfg.enable (let - archivePushScript = pkgs.writeShellScript "pgbackrest-archive-push" '' - set -a - source ${cfg.secretFile} - set +a - exec ${pkgs.pgbackrest}/bin/pgbackrest --stanza=${cfg.stanza} archive-push "$1" - ''; - in { - environment.systemPackages = [ - pkgs.pgbackrest - (pkgs.writeShellScriptBin "pgbackrest-wrapper" '' - set -a - source ${cfg.secretFile} - set +a - exec ${pkgs.pgbackrest}/bin/pgbackrest "$@" - '') - ]; + config = + mkIf cfg.enable (let + archivePushScript = + pkgs.writeShellScript "pgbackrest-archive-push" '' + set -a + source ${cfg.secretFile} + set +a + exec ${pkgs.pgbackrest}/bin/pgbackrest --stanza=${cfg.stanza} archive-push "$1" + ''; + in { + environment.systemPackages = [ + pkgs.pgbackrest + (pkgs.writeShellScriptBin "pgbackrest-wrapper" '' + set -a + source ${cfg.secretFile} + set +a + exec ${pkgs.pgbackrest}/bin/pgbackrest "$@" + '') + ]; - services.postgresql.settings = { - archive_mode = "on"; - archive_command = "${archivePushScript} %p"; - }; - - environment.etc."pgbackrest/pgbackrest.conf".text = '' - [global] - repo1-type=s3 - repo1-s3-endpoint=${cfg.s3.endpoint} - repo1-s3-bucket=${cfg.s3.bucket} - repo1-s3-region=${cfg.s3.region} - repo1-path=${cfg.s3.path} - repo1-retention-full=${toString cfg.retention.full} - repo1-retention-diff=${toString cfg.retention.diff} - repo1-cipher-type=aes-256-cbc - compress-type=${cfg.compression.type} - compress-level=${toString cfg.compression.level} - process-max=${toString cfg.processMax} - log-level-console=info - log-level-file=detail - log-path=/var/log/pgbackrest - spool-path=/var/spool/pgbackrest - - [${cfg.stanza}] - pg1-path=/var/lib/postgresql/${config.services.postgresql.package.psqlSchema} - pg1-user=postgres - ''; - - systemd.services.pgbackrest-stanza-create = { - description = "pgBackRest Stanza Create"; - after = ["postgresql.service"]; - requires = ["postgresql.service"]; - path = [pkgs.pgbackrest]; - serviceConfig = { - Type = "oneshot"; - User = "postgres"; - EnvironmentFile = cfg.secretFile; - RemainAfterExit = true; + services.postgresql.settings = { + archive_mode = "on"; + archive_command = "${archivePushScript} %p"; }; - script = '' - pgbackrest --stanza=${cfg.stanza} stanza-create || true + + environment.etc."pgbackrest/pgbackrest.conf".text = '' + [global] + repo1-type=s3 + repo1-s3-endpoint=${cfg.s3.endpoint} + repo1-s3-bucket=${cfg.s3.bucket} + repo1-s3-region=${cfg.s3.region} + repo1-path=${cfg.s3.path} + repo1-retention-full=${toString cfg.retention.full} + repo1-retention-diff=${toString cfg.retention.diff} + repo1-cipher-type=aes-256-cbc + compress-type=${cfg.compression.type} + compress-level=${toString cfg.compression.level} + process-max=${toString cfg.processMax} + log-level-console=info + log-level-file=detail + log-path=/var/log/pgbackrest + spool-path=/var/spool/pgbackrest + + [${cfg.stanza}] + pg1-path=/var/lib/postgresql/${config.services.postgresql.package.psqlSchema} + pg1-user=postgres ''; - }; - systemd.services.pgbackrest-backup = { - description = "pgBackRest Full Backup"; - after = ["postgresql.service" "pgbackrest-stanza-create.service"]; - requires = ["postgresql.service"]; - wants = ["pgbackrest-stanza-create.service"]; - path = [pkgs.pgbackrest]; - serviceConfig = { - Type = "oneshot"; - User = "postgres"; - EnvironmentFile = cfg.secretFile; + systemd.services.pgbackrest-stanza-create = { + description = "pgBackRest Stanza Create"; + after = ["postgresql.service"]; + requires = ["postgresql.service"]; + path = [pkgs.pgbackrest]; + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + EnvironmentFile = cfg.secretFile; + RemainAfterExit = true; + }; + script = '' + pgbackrest --stanza=${cfg.stanza} stanza-create || true + ''; }; - script = '' - pgbackrest --stanza=${cfg.stanza} backup --type=full - ''; - }; - systemd.timers.pgbackrest-backup = { - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = cfg.schedule.full; - Persistent = true; - RandomizedDelaySec = "1h"; + systemd.services.pgbackrest-backup = { + description = "pgBackRest Full Backup"; + after = ["postgresql.service" "pgbackrest-stanza-create.service"]; + requires = ["postgresql.service"]; + wants = ["pgbackrest-stanza-create.service"]; + path = [pkgs.pgbackrest]; + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + EnvironmentFile = cfg.secretFile; + }; + script = '' + pgbackrest --stanza=${cfg.stanza} backup --type=full + ''; }; - }; - systemd.services.pgbackrest-backup-diff = { - description = "pgBackRest Differential Backup"; - after = ["postgresql.service" "pgbackrest-stanza-create.service"]; - requires = ["postgresql.service"]; - wants = ["pgbackrest-stanza-create.service"]; - path = [pkgs.pgbackrest]; - serviceConfig = { - Type = "oneshot"; - User = "postgres"; - EnvironmentFile = cfg.secretFile; + systemd.timers.pgbackrest-backup = { + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = cfg.schedule.full; + Persistent = true; + RandomizedDelaySec = "1h"; + }; }; - script = '' - pgbackrest --stanza=${cfg.stanza} backup --type=diff - ''; - }; - systemd.timers.pgbackrest-backup-diff = { - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = cfg.schedule.diff; - Persistent = true; - RandomizedDelaySec = "5m"; + systemd.services.pgbackrest-backup-diff = { + description = "pgBackRest Differential Backup"; + after = ["postgresql.service" "pgbackrest-stanza-create.service"]; + requires = ["postgresql.service"]; + wants = ["pgbackrest-stanza-create.service"]; + path = [pkgs.pgbackrest]; + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + EnvironmentFile = cfg.secretFile; + }; + script = '' + pgbackrest --stanza=${cfg.stanza} backup --type=diff + ''; }; - }; - systemd.tmpfiles.rules = [ - "d /var/lib/pgbackrest 0750 postgres postgres -" - "d /var/log/pgbackrest 0750 postgres postgres -" - "d /var/spool/pgbackrest 0750 postgres postgres -" - ]; - }); + systemd.timers.pgbackrest-backup-diff = { + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = cfg.schedule.diff; + Persistent = true; + RandomizedDelaySec = "5m"; + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/lib/pgbackrest 0750 postgres postgres -" + "d /var/log/pgbackrest 0750 postgres postgres -" + "d /var/spool/pgbackrest 0750 postgres postgres -" + ]; + }); } diff --git a/profiles/opencode.nix b/profiles/opencode.nix index 1f82e35..d248266 100644 --- a/profiles/opencode.nix +++ b/profiles/opencode.nix @@ -127,24 +127,25 @@ }; }; - home.file.".config/opencode/oh-my-opencode.json".text = builtins.toJSON { - "$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json"; - google_auth = false; - agents = { - oracle = { - model = "opencode/gpt-5.2"; - }; - frontend-ui-ux-engineer = { - model = "google/gemini-3-pro-high"; - }; - document-writer = { - model = "google/gemini-3-flash"; - }; - multimodal-looker = { - model = "google/gemini-3-flash"; + home.file.".config/opencode/oh-my-opencode.json".text = + builtins.toJSON { + "$schema" = "https://raw.githubusercontent.com/code-yeongyu/oh-my-opencode/master/assets/oh-my-opencode.schema.json"; + google_auth = false; + agents = { + oracle = { + model = "opencode/gpt-5.2"; + }; + frontend-ui-ux-engineer = { + model = "google/gemini-3-pro-high"; + }; + document-writer = { + model = "google/gemini-3-flash"; + }; + multimodal-looker = { + model = "google/gemini-3-flash"; + }; }; }; - }; home.sessionVariables = { OPENCODE_EXPERIMENTAL_EXA = "true";