Torjus Håkestad
fa4a418007
Some checks failed
Run nix flake check / flake-check (push) Failing after 23m42s
Prevents lock conflicts when multiple backup jobs targeting the same repository run concurrently. Jobs will now retry acquiring the lock every 10 seconds for up to 5 minutes before failing. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
101 lines
2.1 KiB
Nix
101 lines
2.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
|
|
../../system
|
|
../../common/vm
|
|
];
|
|
|
|
homelab.host.role = "home-automation";
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
device = "/dev/sda";
|
|
configurationLimit = 3;
|
|
};
|
|
|
|
networking.hostName = "ha1";
|
|
networking.domain = "home.2rjus.net";
|
|
networking.useNetworkd = true;
|
|
networking.useDHCP = false;
|
|
services.resolved.enable = true;
|
|
networking.nameservers = [
|
|
"10.69.13.5"
|
|
"10.69.13.6"
|
|
];
|
|
|
|
systemd.network.enable = true;
|
|
systemd.network.networks."ens18" = {
|
|
matchConfig.Name = "ens18";
|
|
address = [
|
|
"10.69.13.9/24"
|
|
];
|
|
routes = [
|
|
{ Gateway = "10.69.13.1"; }
|
|
];
|
|
linkConfig.RequiredForOnline = "routable";
|
|
};
|
|
time.timeZone = "Europe/Oslo";
|
|
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
nix.settings.tarball-ttl = 0;
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
wget
|
|
git
|
|
];
|
|
|
|
# Vault secrets management
|
|
vault.enable = true;
|
|
homelab.deploy.enable = true;
|
|
vault.secrets.backup-helper = {
|
|
secretPath = "shared/backup/password";
|
|
extractKey = "password";
|
|
outputDir = "/run/secrets/backup_helper_secret";
|
|
services = [ "restic-backups-ha1" ];
|
|
};
|
|
|
|
# Backup service dirs
|
|
services.restic.backups.ha1 = {
|
|
repository = "rest:http://10.69.12.52:8000/backup-nix";
|
|
passwordFile = "/run/secrets/backup_helper_secret";
|
|
paths = [
|
|
"/var/lib/hass"
|
|
"/var/lib/zigbee2mqtt"
|
|
"/var/lib/mosquitto"
|
|
];
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
RandomizedDelaySec = "2h";
|
|
};
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 4"
|
|
"--keep-monthly 6"
|
|
"--keep-within 1d"
|
|
];
|
|
extraOptions = [ "--retry-lock=5m" ];
|
|
};
|
|
|
|
# Open ports in the firewall.
|
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
# Or disable the firewall altogether.
|
|
networking.firewall.enable = false;
|
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
}
|