From 0d3964aa0de6b39ab2adbf229e4e1b1befb8f1b0 Mon Sep 17 00:00:00 2001 From: Pavel Borzenkov Date: Tue, 3 Dec 2024 23:48:59 +0100 Subject: [PATCH] Add pulseaudio CLI tools --- machines/rock/configs/backup.nix | 1 + machines/rock/configs/valheim.nix | 2 +- machines/rock/configs/webapps.nix | 1 + modules/backup/db.nix | 87 ++++++++++++++++--------------- modules/backup/default.nix | 78 +++++++++++++-------------- modules/backup/fs.nix | 55 +++++++++---------- modules/media/audio/default.nix | 1 + modules/webapps/default.nix | 3 +- 8 files changed, 118 insertions(+), 110 deletions(-) diff --git a/machines/rock/configs/backup.nix b/machines/rock/configs/backup.nix index 3cbe0f2..9d209c4 100644 --- a/machines/rock/configs/backup.nix +++ b/machines/rock/configs/backup.nix @@ -1,5 +1,6 @@ {config, ...}: { pbor.backup = { + enable = true; host = "zh1012.rsync.net"; user = "zh1012"; sshKeyFile = "/etc/ssh/ssh_host_ed25519_key"; diff --git a/machines/rock/configs/valheim.nix b/machines/rock/configs/valheim.nix index 2737834..e104d6c 100644 --- a/machines/rock/configs/valheim.nix +++ b/machines/rock/configs/valheim.nix @@ -1,6 +1,6 @@ {config, ...}: { services.valheim = { - enable = false; + enable = true; serverName = "Geest"; worldName = "Geest"; openFirewall = true; diff --git a/machines/rock/configs/webapps.nix b/machines/rock/configs/webapps.nix index 49e7ecb..14b1acc 100644 --- a/machines/rock/configs/webapps.nix +++ b/machines/rock/configs/webapps.nix @@ -6,6 +6,7 @@ ssoPort = 8082; in { pbor.webapps = { + enable = true; domain = "lab.borzenkov.net"; userIDHeader = "X-User"; diff --git a/modules/backup/db.nix b/modules/backup/db.nix index 585b5b4..9d900f7 100644 --- a/modules/backup/db.nix +++ b/modules/backup/db.nix @@ -33,47 +33,48 @@ in { config = let exporter = pkgs.writeShellScriptBin "restic-exporter" (builtins.readFile ./restic-exporter.sh); - in { - systemd.services = - lib.mapAttrs' - ( - name: backup: let - extraOptions = lib.concatMapStrings (arg: " -o ${arg}") config.lib.pbor.backup.extraOptions; - resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; - backupName = "restic-backups-db-${name}"; - pg = config.services.postgresql; - pgsu = "${pkgs.sudo}/bin/sudo -u ${pg.superUser}"; - in - lib.nameValuePair backupName { - environment = { - RESTIC_PASSWORD_FILE = cfg.passwordFile; - RESTIC_REPOSITORY = config.lib.pbor.backup.repository; - }; - path = [pkgs.openssh pkgs.gawk pkgs.gnugrep]; - restartIfChanged = false; - serviceConfig = { - Type = "oneshot"; - User = "root"; - RuntimeDirectory = backupName; - ExecStartPost = "${exporter}/bin/restic-exporter %n"; - }; - script = '' - set -o pipefail - ${pgsu} ${pg.package}/bin/pg_dump -c -d ${backup.database} | \ - ${resticCmd} backup --stdin --stdin-filename /db/${backup.database}.sql - ''; - } - ) - cfg.dbBackups; - systemd.timers = - lib.mapAttrs' - ( - name: backup: - lib.nameValuePair "restic-backups-db-${name}" { - wantedBy = ["timers.target"]; - timerConfig = config.lib.pbor.backup.timerConfig; - } - ) - cfg.dbBackups; - }; + in + lib.mkIf cfg.enable { + systemd.services = + lib.mapAttrs' + ( + name: backup: let + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") config.lib.pbor.backup.extraOptions; + resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; + backupName = "restic-backups-db-${name}"; + pg = config.services.postgresql; + pgsu = "${pkgs.sudo}/bin/sudo -u ${pg.superUser}"; + in + lib.nameValuePair backupName { + environment = { + RESTIC_PASSWORD_FILE = cfg.passwordFile; + RESTIC_REPOSITORY = config.lib.pbor.backup.repository; + }; + path = [pkgs.openssh pkgs.gawk pkgs.gnugrep]; + restartIfChanged = false; + serviceConfig = { + Type = "oneshot"; + User = "root"; + RuntimeDirectory = backupName; + ExecStartPost = "${exporter}/bin/restic-exporter %n"; + }; + script = '' + set -o pipefail + ${pgsu} ${pg.package}/bin/pg_dump -c -d ${backup.database} | \ + ${resticCmd} backup --stdin --stdin-filename /db/${backup.database}.sql + ''; + } + ) + cfg.dbBackups; + systemd.timers = + lib.mapAttrs' + ( + name: backup: + lib.nameValuePair "restic-backups-db-${name}" { + wantedBy = ["timers.target"]; + timerConfig = config.lib.pbor.backup.timerConfig; + } + ) + cfg.dbBackups; + }; } diff --git a/modules/backup/default.nix b/modules/backup/default.nix index 72ab221..9515128 100644 --- a/modules/backup/default.nix +++ b/modules/backup/default.nix @@ -31,6 +31,7 @@ in { ]; options.pbor.backup = { + enable = lib.mkEnableOption "Enable backup"; host = lib.mkOption { type = lib.types.str; description = '' @@ -115,46 +116,47 @@ in { ''; pruneName = "restic-backups-prune"; - in { - lib.pbor.backup.repository = "sftp::${cfg.repository}"; - lib.pbor.backup.extraOptions = [ - "sftp.command='${sftpCommand}'" - ]; - lib.pbor.backup.timerConfig = - { - OnCalendar = cfg.timerConfig.OnCalendar; - } - // lib.optionalAttrs (cfg.timerConfig.RandomizedDelaySec != null) { - RandomizedDelaySec = cfg.timerConfig.RandomizedDelaySec; - }; - - systemd.services."${pruneName}" = let - extraOptions = lib.concatMapStrings (arg: " -o ${arg}") config.lib.pbor.backup.extraOptions; - resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; - in - lib.mkIf (builtins.length cfg.prune.options > 0) { - environment = { - RESTIC_PASSWORD_FILE = cfg.passwordFile; - RESTIC_REPOSITORY = config.lib.pbor.backup.repository; + in + lib.mkIf cfg.enable { + lib.pbor.backup.repository = "sftp::${cfg.repository}"; + lib.pbor.backup.extraOptions = [ + "sftp.command='${sftpCommand}'" + ]; + lib.pbor.backup.timerConfig = + { + OnCalendar = cfg.timerConfig.OnCalendar; + } + // lib.optionalAttrs (cfg.timerConfig.RandomizedDelaySec != null) { + RandomizedDelaySec = cfg.timerConfig.RandomizedDelaySec; }; - path = [pkgs.openssh]; - restartIfChanged = false; - serviceConfig = { - Type = "oneshot"; - ExecStart = [ - (resticCmd + " forget --prune " + (lib.concatStringsSep " " cfg.prune.options)) - (resticCmd + " check") - ]; - ExecStartPost = "${checkRepoSpace}/bin/check-repo-space"; - User = "root"; - RuntimeDirectory = pruneName; - CacheDirectory = pruneName; - CacheDirectoryMode = "0700"; + + systemd.services."${pruneName}" = let + extraOptions = lib.concatMapStrings (arg: " -o ${arg}") config.lib.pbor.backup.extraOptions; + resticCmd = "${pkgs.restic}/bin/restic${extraOptions}"; + in + lib.mkIf (builtins.length cfg.prune.options > 0) { + environment = { + RESTIC_PASSWORD_FILE = cfg.passwordFile; + RESTIC_REPOSITORY = config.lib.pbor.backup.repository; + }; + path = [pkgs.openssh]; + restartIfChanged = false; + serviceConfig = { + Type = "oneshot"; + ExecStart = [ + (resticCmd + " forget --prune " + (lib.concatStringsSep " " cfg.prune.options)) + (resticCmd + " check") + ]; + ExecStartPost = "${checkRepoSpace}/bin/check-repo-space"; + User = "root"; + RuntimeDirectory = pruneName; + CacheDirectory = pruneName; + CacheDirectoryMode = "0700"; + }; }; + systemd.timers."${pruneName}" = lib.mkIf (builtins.length cfg.prune.options > 0) { + wantedBy = ["timers.target"]; + timerConfig = cfg.prune.timerConfig; }; - systemd.timers."${pruneName}" = lib.mkIf (builtins.length cfg.prune.options > 0) { - wantedBy = ["timers.target"]; - timerConfig = cfg.prune.timerConfig; }; - }; } diff --git a/modules/backup/fs.nix b/modules/backup/fs.nix index 69d4ba0..e3d25a4 100644 --- a/modules/backup/fs.nix +++ b/modules/backup/fs.nix @@ -51,32 +51,33 @@ in { config = let exporter = pkgs.writeShellScriptBin "restic-exporter" (builtins.readFile ./restic-exporter.sh); - in { - services.restic.backups = - lib.mapAttrs' - ( - name: backup: - lib.nameValuePair "fs-${name}" { - repository = config.lib.pbor.backup.repository; - passwordFile = cfg.passwordFile; - extraOptions = config.lib.pbor.backup.extraOptions; - extraBackupArgs = ["--exclude-caches"]; - paths = backup.paths; - exclude = backup.excludes; - timerConfig = config.lib.pbor.backup.timerConfig; - } - ) - cfg.fsBackups; + in + lib.mkIf cfg.enable { + services.restic.backups = + lib.mapAttrs' + ( + name: backup: + lib.nameValuePair "fs-${name}" { + repository = config.lib.pbor.backup.repository; + passwordFile = cfg.passwordFile; + extraOptions = config.lib.pbor.backup.extraOptions; + extraBackupArgs = ["--exclude-caches"]; + paths = backup.paths; + exclude = backup.excludes; + timerConfig = config.lib.pbor.backup.timerConfig; + } + ) + cfg.fsBackups; - systemd.services = - lib.mapAttrs' - ( - name: backup: - lib.nameValuePair "restic-backups-fs-${name}" { - path = [pkgs.gawk pkgs.gnugrep]; - serviceConfig.ExecStartPost = "${exporter}/bin/restic-exporter %n"; - } - ) - cfg.fsBackups; - }; + systemd.services = + lib.mapAttrs' + ( + name: backup: + lib.nameValuePair "restic-backups-fs-${name}" { + path = [pkgs.gawk pkgs.gnugrep]; + serviceConfig.ExecStartPost = "${exporter}/bin/restic-exporter %n"; + } + ) + cfg.fsBackups; + }; } diff --git a/modules/media/audio/default.nix b/modules/media/audio/default.nix index 20efb83..b5bfb45 100644 --- a/modules/media/audio/default.nix +++ b/modules/media/audio/default.nix @@ -19,6 +19,7 @@ in { home = { packages = with pkgs; [ playerctl + pulseaudio ncpamixer picard shntool diff --git a/modules/webapps/default.nix b/modules/webapps/default.nix index 1e7bb3c..28673af 100644 --- a/modules/webapps/default.nix +++ b/modules/webapps/default.nix @@ -6,6 +6,7 @@ cfg = config.pbor.webapps; in { options.pbor.webapps = { + enable = lib.mkEnableOption "Enable webapps"; domain = lib.mkOption { type = lib.types.str; description = '' @@ -179,7 +180,7 @@ in { }; }; - config = { + config = lib.mkIf cfg.enable { security.acme = { acceptTerms = true; defaults.email = "pavel@borzenkov.net";