feat: add restic for backup, update, remove planify again

flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1723293904,
+        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "aquamarine": {
       "inputs": {
         "hyprutils": [
@@ -107,6 +128,28 @@
         "type": "github"
       }
     },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -183,7 +226,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -201,7 +244,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_5"
       },
       "locked": {
         "lastModified": 1710146030,
@@ -257,6 +300,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -276,7 +340,7 @@
         "type": "github"
       }
     },
-    "home-manager_2": {
+    "home-manager_3": {
       "inputs": {
         "nixpkgs": [
           "lazy",
@@ -336,7 +400,7 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems",
+        "systems": "systems_2",
         "xdph": "xdph"
       },
       "locked": {
@@ -417,7 +481,7 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1724326010,
@@ -514,7 +578,7 @@
         "flake-compat": "flake-compat",
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "pre-commit-hooks-nix": "pre-commit-hooks-nix",
         "rust-overlay": "rust-overlay"
       },
@@ -535,7 +599,7 @@
     "lazy": {
       "inputs": {
         "flake-utils": "flake-utils",
-        "home-manager": "home-manager_2",
+        "home-manager": "home-manager_3",
         "lanzaboote": "lanzaboote",
         "nix-index-database": "nix-index-database",
         "nixpkgs": [
@@ -600,7 +664,7 @@
     },
     "nix-index-database": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
         "lastModified": 1712459390,
@@ -618,16 +682,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1711297276,
-        "narHash": "sha256-KtHBr73Z729krfueBV6pUsEyq/4vILGP77DPmrKOTrI=",
+        "lastModified": 1703013332,
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3d41d1087707826b3a90685ab69147f8dc8145d5",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-unstable-small",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -679,6 +743,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1711297276,
+        "narHash": "sha256-KtHBr73Z729krfueBV6pUsEyq/4vILGP77DPmrKOTrI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3d41d1087707826b3a90685ab69147f8dc8145d5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1712163089,
         "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
@@ -694,7 +774,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1725361206,
         "narHash": "sha256-/HTUg+kMaqBPGrcQBYboAMsQHIWIkuKRDldss/035Hc=",
@@ -746,16 +826,17 @@
     },
     "root": {
       "inputs": {
+        "agenix": "agenix",
         "automapaper": "automapaper",
         "disko": "disko",
         "hardware": "hardware",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
         "hyprland": "hyprland",
         "hyprpicker": "hyprpicker",
         "lazy": "lazy",
         "mailserver": "mailserver",
         "nix-colors": "nix-colors",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
       }
     },
     "rust-overlay": {
@@ -787,16 +868,16 @@
     },
     "systems": {
       "locked": {
-        "lastModified": 1689347949,
-        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
         "owner": "nix-systems",
-        "repo": "default-linux",
-        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
         "type": "github"
       },
       "original": {
         "owner": "nix-systems",
-        "repo": "default-linux",
+        "repo": "default",
         "type": "github"
       }
     },
@@ -816,6 +897,21 @@
       }
     },
     "systems_3": {
+      "locked": {
+        "lastModified": 1689347949,
+        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default-linux",
+        "type": "github"
+      }
+    },
+    "systems_4": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -830,7 +926,7 @@
         "type": "github"
       }
     },
-    "systems_4": {
+    "systems_5": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

flake.nix

@@ -48,6 +48,10 @@
       url = "github:NixOS/nixos-hardware/master";
     };
 
+    agenix = {
+      url = "github:ryantm/agenix";
+    };
+
   };
 
   outputs = { self, nixpkgs, nix-colors, automapaper, disko, hyprland, lazy, ... }@inputs:
@@ -62,6 +66,7 @@
           modules = [
             ./hosts/lambdaos/configuration.nix
             inputs.home-manager.nixosModules.default
+            inputs.agenix.nixosModules.default
           ];
         };
         NoasServer = nixpkgs.lib.nixosSystem {

hosts/lambdaos/configuration.nix

@@ -12,9 +12,12 @@
       ../../modules/plasma
 
       ../../common
+
+      ./restic.nix
     ];
 
 
+  age.identityPaths = [ "${config.users.users.noa.home}/.ssh/id_ed25519" ];
 
 
   hardware = {
@@ -117,6 +120,21 @@
     };
   };
 
+  environment.systemPackages = with pkgs; [
+    restic
+  ];
+  users.users.restic = {
+    isNormalUser = true;
+  };
+
+  security.wrappers.restic = {
+    source = "${pkgs.restic.out}/bin/restic";
+    owner = "restic";
+    group = "users";
+    permissions = "u=rwx,g=,o=";
+    capabilities = "cap_dac_read_search=+ep";
+  };
+
   # TODO: find list of fonts to install
   fonts.packages = with pkgs; [
     font-awesome
@@ -295,13 +313,15 @@
   };
 
   systemd = {
-    timers."update-flake" = {
+    timers = {
+      "update-flake" = {
         wantedBy = [ "timers.target" ];
         timerConfig = {
           OnCalendar = "daily";
           Persistent = true;
         };
       };
+    };
 
     services = {
       "update-flake" = {

hosts/lambdaos/home.nix

@@ -66,7 +66,6 @@
     localsend
     blueberry
     qbittorrent
-    planify
     keepassxc
     yubikey-manager-qt
     yubico-piv-tool

hosts/lambdaos/restic.nix

@@ -0,0 +1,34 @@
+{ config, ... }: {
+  # configure agenix secrets
+  age.secrets = {
+    "restic/env".file = ../../secrets/restic/env.age;
+    "restic/repo".file = ../../secrets/restic/repo.age;
+    "restic/password".file = ../../secrets/restic/password.age;
+  };
+
+  # configure restic backup services
+  services.restic.backups = {
+    daily = {
+      timerConfig = {
+        OnCalendar = "14:00";
+        RandomizedDelaySec = "1h";
+      };
+      initialize = true;
+
+      environmentFile = config.age.secrets."restic/env".path;
+      repositoryFile = config.age.secrets."restic/repo".path;
+      passwordFile = config.age.secrets."restic/password".path;
+
+      paths = [
+        "${config.users.users.noa.home}/Pictures/library/library/"
+      ];
+
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+      ];
+    };
+  };
+}
+

hosts/muos/home.nix

@@ -69,7 +69,6 @@
     localsend
     blueberry
     qbittorrent
-    planify
     keepassxc
     yubikey-manager-qt
     yubico-piv-tool

modules/hyprland.nix

@@ -103,7 +103,6 @@ in
           "${pkgs.dunst}/bin/dunst"
           "${cfg.package}/bin/hyprctl dispatcher focusmonitor 1"
           "${pkgs.keepassxc}/bin/keepassxc"
-          "${pkgs.planify}/bin/io.github.alainm23.planify"
           "${pkgs.spotify}/bin/spotify"
         ];
         general = {

secrets/restic/password.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 tcnWbQ thwEJwkSyHz5s/qlJP5yc/uDVtb3OuOuVAyGVJnFBBw
+fKgidiZR07MT26e1QIgToVf2xAd5Sqh6fDBZuNT60t8
+--- ZnbKfBYCOONti3NyFU0f97Dh8WHGeON/9DfWZHuGoMs
+àjÓ ?<3F>NOdúXF„÷sÕ_*Çd–¡¹HYC»pë{Ä`e£ƒbÇJ ¼<>3&€
JXa<Š„³N

secrets/restic/repo.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 tcnWbQ hQI7bUjPkUKDXhyJkGMUC/d4/YpFQBXHRvDyhP5QZBY
+MRtdkY3dAOQ2SEAtEs6NkdCyC3rbWyVBvV2e+UTaMZk
+--- 3GT3PGx7vrZszGqpOXIZnTlEHe3hQGRisdpBceSKhxk
+žœðYAß<41>Ìlk@	Ž¨K*6xYuA‘ö~¦5ÖWž1P¿ŒŸ<C592>£<EFBFBD>ŒX¯h<C2AF>LrƒšºÖ¾¯JŽ#m6ç—

secrets/secrets.nix

@@ -0,0 +1,9 @@
+let
+  noa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOiz4Dsp4fgtwgOvARzOO9kZI4fSwJ4QJCf34dGVB6Z";
+in
+{
+  "restic/env.age".publicKeys = [ noa ];
+  "restic/repo.age".publicKeys = [ noa ];
+  "restic/password.age".publicKeys = [ noa ];
+}
+