From aff7af33ef35e5a4f988fc40718345cf1963fa47 Mon Sep 17 00:00:00 2001
From: Alexander Szczepanski <alexander@szczepan.ski>
Date: Thu, 23 Sep 2021 14:38:39 +0200
Subject: [PATCH] added borg backup

---
 .gitsecret/paths/mapping.cfg |   2 +-
 configs/common.nix           |   9 ++++
 configs/secrets.nix.secret   | Bin 1007 -> 1072 bytes
 configs/user.nix             |   1 +
 machine/desktop.nix          |  86 +++++++++++++++++++++--------------
 5 files changed, 64 insertions(+), 34 deletions(-)

diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
index 8596d3f..a3f91d8 100644
--- a/.gitsecret/paths/mapping.cfg
+++ b/.gitsecret/paths/mapping.cfg
@@ -1 +1 @@
-configs/secrets.nix:98200935d7749b2aa2f1e99951b6960c70a7777afbd1cc2f87f2500ea2ac5f71
+configs/secrets.nix:b18f9f61e87047362ace7028d25a48d42f3e2ee6c7047c9347279207d36ce182
diff --git a/configs/common.nix b/configs/common.nix
index 0f5b08a..27c5592 100644
--- a/configs/common.nix
+++ b/configs/common.nix
@@ -35,6 +35,15 @@ in
 
   networking = {
     nameservers = [ "127.0.0.1" "::1" ];
+    hosts = {
+      "2.56.97.114" = ["szczepan.ski"];
+      "10.100.0.1" = ["vps.wg"];
+      "10.100.0.2" = ["desktop.wg"];
+      "10.100.0.3" = ["mini.wg"];
+      "192.168.0.24" = ["mini.lan"];
+      "192.168.0.100" = ["homeserver.lan"];
+      "192.168.0.150" = ["desktop.lan"];
+    };
     # If using dhcpcd:
     dhcpcd.extraConfig = "nohook resolv.conf";
     # If using NetworkManager:
diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret
index 76048949a9f700f28dc9d21d43fcb929f051fd3e..9268b2e52457fb3f941c443168767bab3e4126d7 100644
GIT binary patch
literal 1072
zcmZo=;$b$E7Pz~&A*Y*BfZ@2L`Wogo!+2r)e*N`zOBugjk@S~TJe3sUW0d;j=Ej=z
zoYso;mX*hzo0WdL7S^Q8c|zm#6q~*4k1R0GV_x%A^<R_JKf%P=3=<xSO<j~UsbI~?
zuaW$&6Q^<>w27Wuv+MEmpWh`Ic8hMZT2!-2OZIyXyZBD-xy;A9wys-#{?D@qTR*Qb
zyS(;#?}o$ce?RO9?2h{Gar%DC^q`8#zfYW8`sr$E(}JZrb3=~K+aS!nCPrrSjGAvd
z-PUC4-Ky@|D>Kil@BUGPV+{3ED^mUM&-K|m;Xng7*DII4^25d5T3ZYrTI?^4UR?by
zhx?k<<A`IcS(2k>zCBj`?}(esv<Kn=9G5q8X?;C$T2VN!RCVRE--|nZn?>8En|-o#
zyDG-_p2xi<uux_N&(6uS-M)O0dM3$cxGje(Z@#qQm*Y#-4PqM_SM3WmN}9R(#FL2!
z_=Fv_+qy0|?(0|{*_5C1vufUx+4G)Mt^K=Z_mYXXb_7J9QLM?`=Q;H!f5;nQ$zQ$Z
z*Jmwm4f%Q2Dun;q9j@OYQw9GEg*)C`t58)PwQtcU-Hoz!Y-%yer}#aZ%(wjH)%FsY
zeWm<zV9e8R2bj0EJAE^H{bmN&-$40qA7*|qa=6F3UjBI!e@{~NL4CUq#;b+8=k`1g
zD9+Gs$@+4A>Bi4mGa|mUHJI0ao;~w;-u|#$#V2C%Gx=Gvg>O%~^pdgk%gqh#9rpy3
zy<az85oC$$o0<B1(X_`UHS#=*uYY~J<~rAw^R6E`YwvBJ^<=Ne_75p>D-~NBqkZ4X
z{J+e!w*2~%3y)PTPik^Wmor9HFfg8;v*N(g1x6nhK4)KgduNpFa?|b0G-PuG4UX)d
zSiLcpe+xeg*9;E7(;G66i<NgPUfJjGH_f(4eX>RNq8nC=_)T}eE%@Sn`7x)8$LhuV
z57#aWRq>fqGkvM?!aYZ>T?%hhdoeq<-$8vB-}hU`J>}dcHs?$}$g|3Gkw}5dIm?$v
ziuRoATwXknVee^y7pFqPUH82eyE{jJUh!Gc)+^gAPOwEut;&4KKJ9yL%FKoDR<g%3
zaOX_25OrF=QzJ}qe*RlmHP_qK`!0RiT(iVO)adrIEwh}j-%&oAzOG%wRK2tE^Y00#
zGd^@IPL_S$rs=d%=ZMw+2{CHR+)aYCIbNPumwCJDYt`mz?j_G1bYu^xU9)zwU%z|l
z_I<TcsS>NCF5fyTsLsFgfxP>7akHK~H`C4CxGUyQd$?%z?OlQr)0*<kV?)jyNi19u
zl%FY^Kj+vFxta1Y#cMC_N}JxgZf1A=n+8c;(IYqJKk7G;n^*8@P4n)PA9vo-_sjn>
zZ{cUd_YB=PQXR}y+plszGrjeEiLuTrfv1W+30h32velZOY}?MUhF^|zV)pUxPj{Z1
xt=hrAx__On>+@-c<g}e+j#MdcPm*cszSvuH>s(RwOfQzrnZ?CLh2Bp$0s!>x7+(MY

literal 1007
zcmZo=;$b$E7Pz~&A*Y*>|9^V%-(s$4k=|eb(i<!{pMC#b_HnVVU;gWgojdoP-O%>H
zeE0J!FH+eqiUg#d5Yrc(?_Q$y<>6`nPtznKUR^s?b!2;f!$t4yuMb~&Jmo6;>Ftf1
zw-yDh6XsuXJtcK{r=Z%-DNo#w+R9c4M*44R$o*Kf{Or&E5R*mUn=fi-o}I?xGMlM(
z&(<y31uw4EGODFF$?iU^Ud&@2w(HI9?%DYX8t;@gajoWmDZaZ?a_Owi*^(D>nU3u|
zZx?D6^Qiezr<%4!r2E?7xep$8byVxCsB|n{9{1tvl^a*(;^$vJcEfnCc<ZXio9n$!
z)-Y@OMs3ZVwJLwh+PNR1Hue@i5m_<edWu8_JKMkWcf$AVjfkDLhhLYyl9`Ej;jQI1
zwhRd&E1qj)pSND!Qg#2^^$BrKR{OGL-I_(NHq1YlDfGr!^pn5h!DDq?+dMdC6g#Bv
z=M6sdVrh%p74@x4bbp!E3H<I!xWKDCd9zcAyR|*<`I<`=*Q9C<e+ONBcr>M@)c%y2
z*Kv#f>n<mvb6Q?>RQ>-PAS#|^uKn|xaJJsAN8SwSjg=2wd>pbqm}zCR1)cxD>pW}0
zy&X^9{S1o={k8nBsI1}5Q_G~&{_!hHUe2C6`_@}V{rc-aW>u7jo!vh3x(jc_yg-|O
zS0c@fwJMVnACy=7{ol4LVDZBxUB;nJ@lm2bSI(%cE-TcNskn4dmT~<}g*ql<=c2cJ
zo|G`fAKQ49x6bt+?~DJXcQ4rT39+p(omJO2<3W6m%LW5i-k`a?^Ddl@3ibSz%EP(q
z>}qDQDUR0V@6P5nE8PFKM8RdpokfO4yB98-7}8@WSs!!1EpFSs?b^-Hj|e*oiAXc#
z3k#VwzA!RKiP?Rx<^S8T^N-H7E8SdUTz~r}=cnYr#(XZx#i9MP^xovX$}QZJ$djN|
zSHsG}P_{(6(CKvUIbQW70q5m9KRc9ka}__?=kK^!f9NU?ui5ceSDNqtbUOV1^|KQf
z86HmNklc|mW#Zx@iBn5{O#c62r~b2Z9L&GB6kd>w*7A0-DgBcAE9;19wwCIJ^lMk%
zsmc7RVNfYdGL&|SYSiQ1$JHV6Q$7Fkrl*(XH(koNyCZOk`I;0*xLiQ+4z;bXG)p(<
zrF35jl1<(8D1D}EhsXb)nfq6*b^Uxew(8909gh}7evF-YE8fnFab@|_kMCY9iH4>v
zcxL(k%IzSnvPU|Be{Y5{cdk5Vy)H8Us|=6o6GzWmRe|zSQZIJId0i0v^hWoYYk^|-
z>zg^=yBpkR|KiK5Up>z`;{Oc0n;p)n{j1k?ZF?(v=s~cWa)YP6Udr|I4sM=x;>wCI
bJ74T}xy0PSENA|X>$b#wcZCDL_n86!ttRr+

diff --git a/configs/user.nix b/configs/user.nix
index 4ca82e9..07f28ae 100644
--- a/configs/user.nix
+++ b/configs/user.nix
@@ -11,6 +11,7 @@
       extraGroups = [ "wheel" "docker" "networkmanager" "libvirtd" "lp" "scanner" "adbusers" ];
       openssh.authorizedKeys.keys = [
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski"
+        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIsOYaj6+akcgTQPvm0/htYgO5z+PR1TJRxCnbRNI/ucqvcC6/eTzPU7tKG+UJtkfy30NSnwu/k9aENyb5zYLVoDHngOzH8DLl93B2nHgwUiLpv7kFXOhvD1jsA5RsryeumaL7YbtlePrso+FEJkUez8mncAjG4t9U/MifkTbujjS5AP35NONH01fQWKvivnqw4T0dq36e0J0YF/zcb1mQovt3dw7+NE0A6OwNGAElRNwVh619jL9g0TJBi3Ge8LASsHBildzTlNVHzIwdDzRdAvsoAXjYF42fjHSQXZJv5P5eJcT7JEt7x+yVWzTnk/K6/dtKi6kewbp/srUGSsVLP6x+o6QTQ5rYKoBRsM/3bfqG0PwijfDXEdn7bQn6+7PcnMhVi5wJppUeEOt0SbRBDSa3ewzTWjjESPW03b/oIlNrnDhk5UJmF5jlfxz9HHP73lqEpcNhEAiZMLbfvnwtufS/wYnZXz44i8rVEiNMfIOS2VIM74aNloPTvkq0Ek0GzTT6H4wQy7VbRgSOaW+XN5TSOEqtfZ0TpmYNrpskVx5yDrbOOArmULICGLlexed8fsFZX8P1ouTg96pM5Kr47HZsdEZzS8DKuDx8EP50ORYKbN6Kyb+f0FcMEfD1RQV+IECKnnFUyoozFjE0aV+ROjAKoDmyWdU2lpOPA8kRBw== alex@desktop"
       ];
     };
   };
diff --git a/machine/desktop.nix b/machine/desktop.nix
index bf0b23f..4084f63 100644
--- a/machine/desktop.nix
+++ b/machine/desktop.nix
@@ -24,43 +24,48 @@ in
     options = [ "noatime" "discard" ];
   };
 
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "nodev";
-  boot.loader.grub.efiSupport = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.grub.gfxmodeEfi = "1024x768";
-  boot.initrd.kernelModules = [ "amdgpu" ];
-  boot.plymouth.enable = true;
-  boot.extraModulePackages = with pkgs.linuxPackages; [ it87 ];
-  boot.kernelModules = [ "it87" "v4l2loopback" ];
+  boot = {
+    loader = {
+      grub = {
+        enable = true;
+        version = 2;
+        device = "nodev";
+        efiSupport = true;
+        gfxmodeEfi = "1024x768";
+      };
 
-  networking.hostName = "desktop"; # Define your hostname.
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.100.0.2/24" ];
-      privateKey = secrets.wireguard-desktop-private;
+      efi.canTouchEfiVariables = true;
+    };
 
-      peers = [
-        {
-          publicKey = secrets.wireguard-vps-public;
-          presharedKey = secrets.wireguard-preshared;
-          allowedIPs = [ "10.100.0.0/24" ];
-          endpoint = "szczepan.ski:51820";
-          persistentKeepalive = 25;
-        }
-      ];
+    initrd.kernelModules = [ "amdgpu" ];
+    plymouth.enable = true;
+    extraModulePackages = with pkgs.linuxPackages; [ it87 ];
+    kernelModules = [ "it87" "v4l2loopback" ];
+  };
+
+  networking = {
+    hostName = "desktop"; # Define your hostname.
+    useDHCP = false;
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "10.100.0.2/24" ];
+        privateKey = secrets.wireguard-desktop-private;
+
+        peers = [
+          {
+            publicKey = secrets.wireguard-vps-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.0/24" ];
+            endpoint = "szczepan.ski:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
     };
   };
 
-  # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-
   console = {
      font = "latarcyrheb-sun32";
      keyMap = "us";
@@ -113,10 +118,25 @@ in
     fswatch
   ];
 
-  services.xserver.videoDrivers = [ "amdgpu" ];
-  services.hardware.xow.enable = true;
-  services.printing.enable = true;
   sound.enable = true;
 
+  services = {
+    printing.enable = true;
+    xserver.videoDrivers = [ "amdgpu" ];
+    hardware.xow.enable = true;
+    borgbackup.jobs.home-alex = {
+      compression = "auto,zstd";
+      encryption = {
+        mode = "repokey-blake2" ;
+        passphrase = secrets.borg-desktop-key;
+      };
+      environment.BORG_RSH = "ssh -i /home/alex/.ssh/id_borg_rsa";
+      paths = "/home/alex";
+      repo = "ssh://alex@szczepan.ski/borg-backup/desktop";
+      startAt = "daily";
+      user = "alex";
+    };
+  };
+
   system.stateVersion = "21.05";
 }