13 changed files with 38 additions and 227 deletions
--- a/README.md
+++ b/README.md
@ -13,6 +13,6 @@ Nix allows for easy to manage, collaborative, reproducible deployments. This mea
 After installed NixOS with `nix-command` & `flake` enabled, you can deploy this flake with the following command:
 ```bash
-sudo nixos-rebuild switch --flake .#nixos-test
+sudo nixos-rebuild switch .#nixos-test
 ```
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737093527,
+        "lastModified": 1736492828,
-        "narHash": "sha256-A3J+O+IUDSYuNvaQ0QHdkBnTzU188FXzqyhmXeRzUU4=",
+        "narHash": "sha256-iDvgL5dQerQnu2ERKAWGvWppG7cQ/0uKEfVY93ItvO4=",
        "owner": "AdnanHodzic",
        "repo": "auto-cpufreq",
-        "rev": "cef9bfec79007c48d871feed547eb5d04c15b6e7",
+        "rev": "c0d9ec565a4c78247a4f70beb1c1ae74279673e2",
        "type": "github"
      },
      "original": {
@ -43,11 +43,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1736978406,
+        "lastModified": 1736441705,
-        "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=",
+        "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b678606690027913f3434dea3864e712b862dde5",
+        "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337",
        "type": "github"
      },
      "original": {
@ -59,11 +59,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1736916166,
+        "lastModified": 1736549401,
-        "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=",
+        "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a",
+        "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899",
        "type": "github"
      },
      "original": {
@ -75,11 +75,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1737062831,
+        "lastModified": 1736523798,
-        "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
+        "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
+        "rev": "130595eba61081acde9001f43de3248d8888ac4a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -72,19 +72,7 @@
              home-manager.users.${username} = import ./users/${username}/home.nix;
            }
        ];
      };
      backup-raspberrypi = nixpkgs.lib.nixosSystem rec {
        system = "aarch64";
        specialArgs = {
          inherit inputs outputs;
        };
        modules = [
          nixos-hardware.nixosModules.raspberry-pi-4
          ./hosts/backup-raspberrypi
        ];
      };
    };
  };
--- a/hosts/backup-raspberrypi/.gitignore
+++ b/hosts/backup-raspberrypi/.gitignore
@ -1 +0,0 @@
 teleport-cred.nix
--- a/hosts/backup-raspberrypi/default.nix
+++ b/hosts/backup-raspberrypi/default.nix
@ -1,77 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { outputs, config, pkgs, ... }:
 {
  imports =
    [
      ../../modules/nix.nix
      ../../modules/network-server.nix
      ../../modules/locale.nix
      ../../modules/server-cli.nix
      ../../modules/teleport.nix
      ./teleport-cred.nix
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];
    nixpkgs = {
      overlays = [
        outputs.overlays.additions
      ];
    };
  # Bootloader.
  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
  boot.loader.grub.enable = false;
  # Enables the generation of /boot/extlinux/extlinux.conf
  boot.loader.generic-extlinux-compatible.enable = true;
  fileSystems."/backups" = 
    { device = "/dev/disk/by-uuid/7ccdab55-fba4-47b8-aef2-74be0103f885";
      fsType = "btrfs";
    };
  networking.hostName = "backup-raspberry"; # Define your hostname.
  users = {
    users = {
      julius = {
        isNormalUser = true;
        uid = 1000;
        extraGroups = [ "wheel" "julius" ];
      };
      restic = {
        isNormalUser = true;
        uid = 1337;
        extraGroups = [ "restic" ];
      };
    };
    groups = {
      julius = { 
        gid = 1000;
      };
      restic = { 
        gid = 1337;
      };
    };
  };
  location = {
    latitude = 48.740556;
    longitude = 9.310833;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.11"; # Did you read the comment?
 }
--- a/hosts/backup-raspberrypi/hardware-configuration.nix
+++ b/hosts/backup-raspberrypi/hardware-configuration.nix
@ -1,33 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "xhci_pci" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
    };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
 }
--- a/hosts/julius-framework/default.nix
+++ b/hosts/julius-framework/default.nix
@ -8,11 +8,11 @@
  imports =
    [
      ../../modules/nix.nix
      ../../modules/system.nix
      ../../modules/firmware.nix
      ../../modules/laptop.nix
-      ../../modules/network-client.nix
+      ../../modules/network.nix
      ../../modules/locale.nix
      ../../modules/timezone-imperatively.nix
      ../../modules/boot-login.nix
      ../../modules/fonts.nix
      ../../modules/cli-essentials.nix
--- a/modules/network-server.nix
+++ b/modules/network-server.nix
@ -1,9 +0,0 @@
 {
  pkgs,
  lib,
  ...
 }: {
  networking = {
    useDHCP = true;
  };
 }
--- a/modules/network-client.nix
+++ b/modules/network-client.nix
--- a/modules/server-cli.nix
+++ b/modules/server-cli.nix
@ -1,18 +0,0 @@
 {
  pkgs,
  lib,
  ...
 }: {
  environment.systemPackages = with pkgs; [
    wget
    curl
    git
    btrfs-progs
  ];
  programs = {
    htop.enable = true;
    vim.enable = true;
  };
 }
--- a/modules/system.nix
+++ b/modules/system.nix
@ -0,0 +1,23 @@
 {
  pkgs,
  lib,
  username,
  ...
 }: {
  # do garbage collection weekly to keep disk usage low
  nix = {
    settings = {
      experimental-features = ["nix-command" "flakes"];
    };
    gc = {
      automatic = lib.mkDefault true;
      dates = lib.mkDefault "weekly";
      options = lib.mkDefault "--delete-older-than 7d";
    };
  };
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
 }
--- a/modules/teleport.nix
+++ b/modules/teleport.nix
@ -1,52 +0,0 @@
 {
  pkgs,
  lib,
  config,
  nodename,
  ...
 }: let
  cfg = config.services.teleport;
  in {
  config = lib.mkIf config.services.teleport.enable {
    environment.systemPackages = [ cfg.package ];
    services.teleport = {
      settings = {
        teleport = {
          nodename = config.networking.hostName;
          auth_servers = [ "tp.jfreudenberger.de:3023" ];
          log.severity = "ERROR";
        };
        ssh_service = {
          enabled = true;
          permit_user_env = true;
          commands = [
            {
              name = "hostname";
              command = ["${pkgs.nettools}/bin/hostname"];
              period = "1h";
            }
            {
              name = "IP";
              command = ["${pkgs.curl}/bin/curl" "ifconfig.me"];
              period = "1h";
            }
            {
              name = "UP";
              command = ["${pkgs.bash}/bin/bash" "-c" "${pkgs.procps}/bin/uptime -p | ${pkgs.coreutils}/bin/cut -c4- | ${pkgs.coreutils}/bin/cut -d',' -f1"];
              period = "1h";
            }
            {
              name = "teleport-version";
              command = ["${pkgs.bash}/bin/bash" "-c" "${cfg.package}/bin/teleport version | ${pkgs.coreutils}/bin/cut -d' ' -f2"];
              period = "12h";
            }
          ];
        };
        proxy_service.enabled = false;
        auth_service.enabled = false;
      };
    };
  };
 }
--- a/modules/timezone-imperatively.nix
+++ b/modules/timezone-imperatively.nix
@ -1,10 +0,0 @@
 {
  pkgs,
  lib,
  ...
 }: {
  # Set timezone to null to make it imperatively settable
  time.timeZone = lib.mkForce null;
  services.tzupdate.enable = true;
 }