add more home folders, enhance manual-backup-apps, add toot-cli, remove harry-vpn

home/apps/toot-cli.nix

@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  home.packages = with pkgs; [
+    toot
+  ];
+}

home/backup-apps.nix

@@ -1 +0,0 @@
-{pkgs, ...}: {home.packages = with pkgs; [gitlab_archiver];}

home/home-folders.nix

@@ -9,6 +9,7 @@
     "Mounts/Backups"
     "Mounts/Backups-Crypt"
     "Mounts/Photos-Crypt"
+    "Mounts/Personal-Crypt"
     "Mounts/Public"
     "Mounts/Temp1"
     "Mounts/Temp2"

home/manual-backup-apps.nix

@@ -0,0 +1,24 @@
+{
+  pkgs,
+  nixosConfig,
+  ...
+} @ file_inputs: let
+  # Requires secrets.{gitlab_archiver_token, restic_music_env}
+  # expected to be in default locations
+  # Incase home.apps.manual-backup-apps is running in container which passes secrets in from host
+  secrets =
+    if builtins.elem "host_secrets" (builtins.attrNames file_inputs)
+    then file_inputs.host_secrets
+    else nixosConfig.services.secrets.secrets;
+in {
+  home.packages = with pkgs; [
+    restic
+
+    (pkgs.writeShellScriptBin "restic-music" ''
+      env $(cat ${secrets.restic_music_env.path}) \
+        ${pkgs.restic}/bin/restic $@
+    '')
+
+    gitlab_archiver
+  ];
+}

hosts/lappy-t495/lappy-t495.nix

@@ -22,7 +22,7 @@
       home.base
       home.dev.all
       home.home-folders
-      home.backup-apps
+      home.manual-backup-apps
 
       home.programming.editors.vscode
       home.programming.languages.rust

hosts/lappy-t495/profiles/harry-vpn.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  secrets = config.services.secrets.secrets;
-in {
-  environment.systemPackages = with pkgs; [wireguard-tools];
-  networking.wg-quick.interfaces = {
-    wg-harry-vpn = {
-      autostart = false;
-      address = ["185.186.9.71/26" "2a0b:6b84:2022:6::1/64"];
-      dns = ["8.8.8.8"];
-      mtu = 1280;
-      privateKeyFile = "${secrets.wg_harry_priv.path}";
-
-      peers = [
-        {
-          publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
-          presharedKeyFile = "${secrets.wg_harry_preshared.path}";
-          allowedIPs = ["0.0.0.0/0" "::/0"];
-          endpoint = "185.186.9.1:8081";
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-}

hosts/lappy-t495/profiles/wireguard.nix

@@ -1,39 +0,0 @@
-{config, ...}: let
-  secrets = config.services.secrets.secrets;
-in {
-  networking.firewall.trustedInterfaces = ["wg0"];
-  networking.wg-quick.interfaces = {
-    wg0 = {
-      autostart = false;
-      address = ["10.69.42.2/32"];
-      privateKeyFile = "${secrets.wg_priv.path}";
-
-      peers = [
-        # hetzner-vm
-        {
-          publicKey = "UJr+EmUM7KWkIy0nk0JA38ibvcLC++6iuOKkHdrx9Dc=";
-          presharedKeyFile = "${secrets.wg_preshared_hetzner-vm.path}";
-          allowedIPs = ["10.69.42.1/32"];
-          endpoint = "hetzner-vm.servers.genderfucked.monster:51820";
-          persistentKeepalive = 25;
-        }
-        # vault
-        {
-          publicKey = "IGq+WanFM/bKNUkwjO/0AAtDhJLvtvU+mVxH27QyHTc=";
-          presharedKeyFile = "${secrets.wg_preshared_vault.path}";
-          allowedIPs = ["10.69.42.3/32"];
-          endpoint = "vault.servers.genderfucked.monster:51820";
-          persistentKeepalive = 25;
-        }
-        # storage
-        {
-          publicKey = "biNNeCkjAWi2jUVoL5+1pBtXGa3OFZi4DltB2dqGjGg=";
-          presharedKeyFile = "${secrets.wg_preshared_storage.path}";
-          allowedIPs = ["10.69.42.4/32"];
-          endpoint = "storage.servers.genderfucked.monster:51820";
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-}

hosts/lappy-t495/secrets.nix

@@ -3,6 +3,7 @@
     enable = true;
     secrets = {
       usb_encryption_passphrase = {manual = true;};
+
       music_stream_password = {
         user = "chaos";
         group = "users";
@@ -10,6 +11,32 @@
           simple_get "/api-keys/music-stream" .password > $secretFile
         '';
       };
+
+      # Required for home.apps.manual-backup-apps
+      gitlab_archiver_token = {
+        user = "chaos";
+        group = "users";
+
+        fetchScript = ''
+          simple_get "/api-keys/gitlab/gitlab_archiver" .token > $secretFile
+        '';
+      };
+
+      # Required for home.apps.manual-backup-apps
+      restic_music_env = {
+        user = "chaos";
+        group = "users";
+
+        fetchScript = ''
+          api_username=$(simple_get "/api-keys/storage/restic/Music" .username)
+          api_password=$(simple_get "/api-keys/storage/restic/Music" .password)
+          restic_password=$(simple_get "/private-public-keys/restic/Music" .password)
+
+          echo > $secretFile
+          echo "RESTIC_REPOSITORY=rest:https://''${api_username}:''${api_password}@storage-restic.owo.monster/Music" >> $secretFile
+          echo "RESTIC_PASSWORD=''${restic_password}" >> $secretFile
+        '';
+      };
     };
   };
 }

hosts/tablet/profiles/harry-vpn.nix

@@ -1,28 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
-  secrets = config.services.secrets.secrets;
-in {
-  environment.systemPackages = with pkgs; [wireguard-tools];
-  networking.wg-quick.interfaces = {
-    wg-harry-vpn = {
-      autostart = false;
-      address = ["185.186.9.71/26" "2a0b:6b84:2022:6::1/64"];
-      dns = ["8.8.8.8"];
-      mtu = 1280;
-      privateKeyFile = "${secrets.wg_harry_priv.path}";
-
-      peers = [
-        {
-          publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
-          presharedKeyFile = "${secrets.wg_harry_preshared.path}";
-          allowedIPs = ["0.0.0.0/0" "::/0"];
-          endpoint = "185.186.9.1:8081";
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-}

hosts/tablet/tablet.nix

@@ -10,7 +10,6 @@
     presets.nixos.encrypted-usb
 
     hosts.tablet.profiles.wireguard
-    hosts.tablet.profiles.harry-vpn
 
     ./secrets.nix
   ];
@@ -25,7 +24,7 @@
       home.base
       home.dev.all
       home.home-folders
-      home.backup-apps
+      home.manual-backup-apps
 
       home.programming.editors.vscode
       home.programming.languages.rust

presets/nixos/desktop.nix

@@ -23,6 +23,7 @@
       home.apps.telegram
       home.apps.quassel
       home.apps.session
+      home.apps.toot-cli
 
       home.apps.obsidian
       home.apps.strawberry