homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/modules/nixos/system/backups/root.nix
+++ b/modules/nixos/system/backups/root.nix
@ -0,0 +1,66 @@
+# root.nix - Main backup system module
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.system.backups;
+
+  # Filter backups by backend
+  getBackupsByBackend = backend:
+    filterAttrs (_: backup: backup.backend == backend && backup.enable) cfg.backups;
+in {
+  options.system.backups = {
+    # Backend registration system - backends register themselves here
+    backends = mkOption {
+      type = with types; attrsOf (functionTo attrs);
+      internal = true;
+      default = {};
+      description = ''
+        Attribute set of backends where the value is a function that accepts
+        backend-specific arguments and returns an attribute set for the backend's options.
+      '';
+    };
+
+    # Import the backups option from separate file, passing cfg for backend inference
+    backups = import ./backups-option.nix cfg;
+
+    # Pass lib to the backups-option for access to mkOption, types, etc.
+    lib = mkOption {
+      type = types.attrs;
+      internal = true;
+      default = lib;
+    };
+  };
+
+  config = {
+    # Re-export backups at root level for convenience
+    # backups = cfg.backups;
+
+    # Common backup packages
+    environment.systemPackages = with pkgs; [
+      # Add common backup utilities here
+    ];
+
+    # Common systemd service modifications for all backup services
+    systemd.services = let
+      allBackupServices = flatten (
+        mapAttrsToList (
+          backendName: backups:
+            mapAttrsToList (name: backup: "${backendName}-backups-${name}") backups
+        ) (genAttrs (attrNames cfg.backends) (backend: getBackupsByBackend backend))
+      );
+    in
+      genAttrs allBackupServices (serviceName: {
+        serviceConfig = {
+          # Common hardening for all backup services
+          ProtectSystem = "strict";
+          ProtectHome = "read-only";
+          PrivateTmp = true;
+          NoNewPrivileges = true;
+        };
+      });
+  };
+}