[user module] add backup usr

doc/src/anleitung/create.md

@@ -1,19 +1,47 @@
-# Create host with nixos-anywhere
+# Create host with disko-install
-We use a nixos-anywhere wrapper script to deploy new hosts.
+How to use disko-install is described here: https://github.com/nix-community/disko/blob/master/docs/disko-install.md
-The wrapper script takes care of copying persistent host keys before calling nixos-anywhere.
+---
-
+Here are the exact steps to get bakunin running:  
-To accomplish that boot the host from a nixos image and setup a root password.
+First create machines/hostname/configuration.nix  
+Add hosts nixosConfiguration in machines/configurations.nix  
+Boot nixos installer on the Machine.  
 ``` bash
-sudo su
+# establish network connection
-passwd
+wpa_passphrase "network" "password" > wpa.conf
-```
+wpa_supplicant -B -i wlp3s0 -c wpa.conf
+ping 8.8.8.8
+# if that works continue
 
-After that get the hosts ip using `ip a` and start deployment from your own machine:
+# generate a base hardware config
+nixos-generate-config --root /tmp/config --no-filesystems
 
-``` bash
+# get the infra repo
-# from infrastrucutre repository root dir:
+nix-shell -p git
-nix develop .#
+git clone https://git.dynamicdiscord.de/kalipso/infrastructure
-remote-install hostname 10.0.42.23
+cd infrastructure
+
+# add the new generated hardware config (and import in hosts configuration.nix)
+cp /tmp/config/etc/nixos/hardware-configuration.nix machines/bakunin/
+
+# check which harddrive we want to install the system on
+lsblk #choose harddrive, in this case /dev/sda
+
+# run nixos-install on that harddrive
+sudo nix --extra-experimental-features flakes --extra-experimental-features nix-command run 'github:nix-community/disko/latest#disko-install' -- --flake .#bakunin --disk main /dev/sda
+
+# this failed with out of memory
+# running again showed: no disk left on device
+# it seems the usb stick i used for flashing is way to small
+# it is only 
+# with a bigger one (more than 8 gig i guess) it should work
+# instead the disko-install tool i try the old method - first partitioning using disko and then installing the system
+# for that i needed to adjust ./machines/modules/disko/btrfs-laptop.nix and set the disk to "/dev/sda"
+
+sudo nix --extra-experimental-features "flakes nix-command" run 'github:nix-community/disko/latest' -- --mode format --flake .#bakunin
+
+# failed with no space left on device.
+# problem is lots of data is written to the local /nix/store which is mounted on tmpfs in ram
+# it seems that a workaround could be modifying the bootable stick to contain a swap partition to extend tmpfs storage
 ```
 
 # Testing Disko

machines/fanny/configuration.nix

@@ -18,7 +18,6 @@ in
       inputs.self.nixosModules.malobeo.microvm
       inputs.self.nixosModules.malobeo.metrics
       inputs.self.nixosModules.malobeo.users
-      inputs.self.nixosModules.malobeo.backup
     ];
 
     virtualisation.vmVariantWithDisko = {
@@ -43,11 +42,6 @@ in
     cacheurl = "https://cache.dynamicdiscord.de";
   };
 
-  malobeo.backup = {
-    enable = true;
-    snapshots = [ "storage/encrypted" "zroot/encrypted/var" ];
-  };
-
   nix = {
     settings.experimental-features = [ "nix-command" "flakes" ];
     #always update microvms
@@ -59,7 +53,6 @@ in
   malobeo.users = {
     malobeo = true;
     admin = true;
-    backup = true;
   };
 
   malobeo.disks = {

machines/modules/malobeo/backup.nix

@@ -1,102 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let 
-  cfg = config.malobeo.backup;
-  hostToCommand = (hostname: datasetNames: 
-    (map (dataset:  { 
-      name = "${hostname}_${dataset.sourceDataset}";
-      value = { 
-        inherit hostname; 
-        inherit (dataset) sourceDataset targetDataset;
-      }; 
-    } ) datasetNames));
-  peers = import ./peers.nix;
-
-  enableSnapshots = cfg.snapshots != null;
-  enableBackups = cfg.hosts != null;
-in
-{
-  options.malobeo.backup = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable sanoid/syncoid based backup functionality";
-    };
-
-    snapshots = mkOption {
-      type = types.nullOr (types.listOf types.str);
-      default = null;
-      description = "Automatic snapshots will be created for the given datasets";
-    };
-
-    hosts = mkOption {
-      default = null;
-      type = types.nullOr (types.attrsOf (types.listOf (types.submodule {
-        options = {
-          sourceDataset = mkOption {
-            type = types.str;
-            description = "The source that needs to be backed up";
-          };
-          targetDataset = mkOption {
-            type = types.str;
-            description = "The target dataset where the backup should be stored";
-          };
-        };
-      })));
-      description = ''
-          Hostname with list of datasets to backup. This option should be defined on hosts that will store backups.
-
-          It is necessary to add the machines that get backed up to known hosts.
-          This can be done for example systemwide using 
-          programs.ssh.knownHosts."10.100.0.101" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqp2/YiiIhai7wyScGZJ20gtrzY+lp4N/8unyRs4qhc";
-          Or set it for the syncoid user directly.
-        '';
-    };
-
-    sshKey = mkOption {
-      default = null;
-      type = types.nullOr types.str;
-      description = "Set path to ssh key used for pull backups. Otherwise default key is used";
-    };
-  };
-  
-  config = mkIf (cfg.enable) {
-    services.sanoid = mkIf (enableSnapshots) {
-      enable = true;
-  
-      templates."default" = {
-        hourly = 0;
-        daily = 30; #keep 30 daily snapshots
-        monthly = 6; #keep 6 monthly backups
-        yearly = 0;
-  
-        autosnap = true; #take snapshots automatically
-        autoprune = true; #delete old snapshots
-      };
-  
-      datasets = builtins.listToAttrs (map (name: { inherit name; value = {
-        useTemplate = [ "default" ];
-        recursive = true;
-      }; }) cfg.snapshots);
-    };
-
-    services.syncoid = mkIf (enableBackups) {
-      enable = true;
-      sshKey = cfg.sshKey;
-  
-      commonArgs = [
-        "--no-sync-snap"
-      ];
-  
-      interval = "*-*-* 04:15:00";
-  
-      commands = builtins.mapAttrs (name: value: {
-        source = "backup@${peers.${value.hostname}.address}:${value.sourceDataset}";
-        target = "${value.targetDataset}";
-        sendOptions = "w";
-        recvOptions = "\"\"";
-        recursive = true;
-      })(builtins.listToAttrs (builtins.concatLists (builtins.attrValues (builtins.mapAttrs hostToCommand cfg.hosts))));
-    };
-  };
-}

machines/modules/malobeo/peers.nix

@@ -2,7 +2,7 @@
   "vpn" = {
     role = "server";
     publicIp = "5.9.153.217";
-    address = "10.100.0.1";
+    address = [ "10.100.0.1/24" ];
     allowedIPs = [ "10.100.0.0/24" ];
     listenPort = 51821;
     publicKey = "hF9H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
@@ -11,35 +11,35 @@
 
   "celine" = {
     role = "client";
-    address = "10.100.0.2";
+    address = [ "10.100.0.2/24" ];
     allowedIPs = [ "10.100.0.2/32" ];
     publicKey = "Jgx82tSOmZJS4sm1o8Eci9ahaQdQir2PLq9dBqsWZw4=";
   };
 
   "desktop" = {
     role = "client";
-    address = "10.100.0.3";
+    address = [ "10.100.0.3/24" ];
     allowedIPs = [ "10.100.0.3/32" ];
     publicKey = "FtY2lcdWcw+nvtydOOUDyaeh/xkaqHA8y9GXzqU0Am0=";
   };
 
   "atlan-pc" = {
     role = "client";
-    address = "10.100.0.5";
+    address = [ "10.100.0.5/24" ];
     allowedIPs = [ "10.100.0.5/32" ];
     publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
   };
 
   "hetzner" = {
     role = "client";
-    address = "10.100.0.6";
+    address = [ "10.100.0.6/24" ];
     allowedIPs = [ "10.100.0.6/32" ];
     publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
   };
 
   "fanny" = {
     role = "client";
-    address = "10.100.0.101";
+    address = [ "10.100.0.101/24" ];
     allowedIPs = [ "10.100.0.101/32" ];
     publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
   };

machines/modules/malobeo/users.nix

@@ -68,7 +68,7 @@ in
           users = [ "backup" ];
           commands = [
             {
-              command = "${pkgs.zfs}/bin/zfs";
+              command = "${pkgs.zfs-user}/bin/zfs";
               options = [ "NOPASSWD" ];
             }
           ];
@@ -94,4 +94,4 @@ in
       ];
     }
   ];
-}
+}

machines/modules/malobeo/wireguard.nix

@@ -70,7 +70,7 @@ in
       interfaces = {
         malovpn = {
           mtu = 1340; #seems to be necessary to proxypass nginx traffic through vpn
-          address = [ "${myPeer.address}/24" ];
+          address = myPeer.address;
           autostart = cfg.autostart;
           listenPort = mkIf (myPeer.role == "server") myPeer.listenPort;
 

machines/nextcloud/configuration.nix

@@ -47,7 +47,7 @@ with lib;
     };
     extraAppsEnable = true;
     extraApps = {
-      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration;
+      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls;
       collectives = pkgs.fetchNextcloudApp {
         sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY=";
         url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz";
@@ -56,7 +56,6 @@ with lib;
     };
     settings = {
       trusted_domains = ["10.0.0.13"];
-      trusted_proxies = [ "10.0.0.1" ];
       "maintenance_window_start" = "1";
       "default_phone_region" = "DE";
     };

outputs.nix

@@ -116,7 +116,6 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       metrics.imports = [ ./machines/modules/malobeo/metrics.nix ];
       disko.imports = [ ./machines/modules/disko ];
       users.imports = [ ./machines/modules/malobeo/users.nix ];
-      backup.imports = [ ./machines/modules/malobeo/backup.nix ];
     };
 
     hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (