homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/machines/modules/README.md
+++ b/machines/modules/README.md
@ -0,0 +1,11 @@
+# Homelab nixos global config
+
+A global module config for my homelab, where we gather:
+* Monitoring endpoints (/metrics + port + host)
+* Promtail log files
+* Reverse proxy configuration
+* Postgres backups (pgbackrest)
+* Restic backups
+* ...?
+* LDAP config
+* OIDC configs
--- a/machines/modules/pgbackrest.nix
+++ b/machines/modules/pgbackrest.nix
@ -0,0 +1,43 @@
+{
+  lib,
+  config,
+  name,
+  # meta,
+  ...
+}: {
+  fileSystems."/mnt/pgdumps" = {
+    device = "192.168.1.226:/volume1/database_backups/${name}";
+    fsType = "nfs4";
+    options = ["x-systemd.automount" "noatime" "_netdev"];
+  };
+  services.postgresqlBackup = {
+    enable = true;
+    # We trigger this through restic
+    startAt = [];
+    # startAt = "*-*-* 01:15:00";
+    compression = "zstd";
+    databases = [
+      "authelia-procopius"
+      "lldap"
+    ];
+  };
+
+  # services.restic.backups.b2 = {
+  #   environmentFile = config.sops.templates.restic_floofs_env.path;
+  #   repositoryFile = config.sops.secrets.b2_floofs_server_repository.path;
+  #   passwordFile = config.sops.secrets.b2_floofs_server_password.path;
+
+  #   paths = ["/var/backup/postgresql"];
+  #   initialize = true;
+  #   pruneOpts = [
+  #     "--keep-daily 7"
+  #     "--keep-weekly 3"
+  #     "--keep-monthly 3"
+  #   ];
+  #   timerConfig = {
+  #     OnCalendar = "04:45";
+  #     Persistent = true;
+  #   };
+  # };
+  # systemd.services.restic-backups-b2.wants = ["postgresqlBackup.service"];
+}