Add configuration for backup raspberry

It contains setting up NetworkManager which is not needed for servers

README.md

@@ -13,6 +13,6 @@ Nix allows for easy to manage, collaborative, reproducible deployments. This mea
 After installed NixOS with `nix-command` & `flake` enabled, you can deploy this flake with the following command:
 
 ```bash
-sudo nixos-rebuild switch .#nixos-test
+sudo nixos-rebuild switch --flake .#nixos-test
 ```
 

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736492828,
+        "lastModified": 1737093527,
-        "narHash": "sha256-iDvgL5dQerQnu2ERKAWGvWppG7cQ/0uKEfVY93ItvO4=",
+        "narHash": "sha256-A3J+O+IUDSYuNvaQ0QHdkBnTzU188FXzqyhmXeRzUU4=",
         "owner": "AdnanHodzic",
         "repo": "auto-cpufreq",
-        "rev": "c0d9ec565a4c78247a4f70beb1c1ae74279673e2",
+        "rev": "cef9bfec79007c48d871feed547eb5d04c15b6e7",
         "type": "github"
       },
       "original": {
@@ -43,11 +43,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1736441705,
+        "lastModified": 1736978406,
-        "narHash": "sha256-OL7leZ6KBhcDF3nEKe4aZVfIm6xQpb1Kb+mxySIP93o=",
+        "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "8870dcaff63dfc6647fb10648b827e9d40b0a337",
+        "rev": "b678606690027913f3434dea3864e712b862dde5",
         "type": "github"
       },
       "original": {
@@ -59,11 +59,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1736549401,
+        "lastModified": 1736916166,
-        "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
+        "narHash": "sha256-puPDoVKxkuNmYIGMpMQiK8bEjaACcCksolsG36gdaNQ=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899",
+        "rev": "e24b4c09e963677b1beea49d411cd315a024ad3a",
         "type": "github"
       },
       "original": {
@@ -75,11 +75,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1736523798,
+        "lastModified": 1737062831,
-        "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=",
+        "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "130595eba61081acde9001f43de3248d8888ac4a",
+        "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -72,7 +72,19 @@
               home-manager.users.${username} = import ./users/${username}/home.nix;
             }
         ];
+      };
 
+      backup-raspberrypi = nixpkgs.lib.nixosSystem rec {
+        system = "aarch64";
+
+        specialArgs = {
+          inherit inputs outputs;
+        };
+
+        modules = [
+          nixos-hardware.nixosModules.raspberry-pi-4
+          ./hosts/backup-raspberrypi
+        ];
       };
     };
   };

hosts/backup-raspberrypi/.gitignore

@@ -0,0 +1 @@
+teleport-cred.nix

hosts/backup-raspberrypi/default.nix

@@ -0,0 +1,77 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ outputs, config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ../../modules/nix.nix
+      ../../modules/network-server.nix
+      ../../modules/locale.nix
+      ../../modules/server-cli.nix
+      ../../modules/teleport.nix
+      ./teleport-cred.nix
+
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+    nixpkgs = {
+      overlays = [
+        outputs.overlays.additions
+      ];
+    };
+
+  # Bootloader.
+  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
+  boot.loader.grub.enable = false;
+  # Enables the generation of /boot/extlinux/extlinux.conf
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  fileSystems."/backups" = 
+    { device = "/dev/disk/by-uuid/7ccdab55-fba4-47b8-aef2-74be0103f885";
+      fsType = "btrfs";
+    };
+
+  networking.hostName = "backup-raspberry"; # Define your hostname.
+
+  users = {
+    users = {
+      julius = {
+        isNormalUser = true;
+        uid = 1000;
+        extraGroups = [ "wheel" "julius" ];
+      };
+      restic = {
+        isNormalUser = true;
+        uid = 1337;
+        extraGroups = [ "restic" ];
+      };
+    };
+    groups = {
+      julius = { 
+        gid = 1000;
+      };
+      restic = { 
+        gid = 1337;
+      };
+    };
+  };
+
+  location = {
+    latitude = 48.740556;
+    longitude = 9.310833;
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11"; # Did you read the comment?
+
+}
+

hosts/backup-raspberrypi/hardware-configuration.nix

@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
+

hosts/julius-framework/default.nix

@@ -8,11 +8,11 @@
   imports =
     [
       ../../modules/nix.nix
-      ../../modules/system.nix
       ../../modules/firmware.nix
       ../../modules/laptop.nix
-      ../../modules/network.nix
+      ../../modules/network-client.nix
       ../../modules/locale.nix
+      ../../modules/timezone-imperatively.nix
       ../../modules/boot-login.nix
       ../../modules/fonts.nix
       ../../modules/cli-essentials.nix

modules/network-server.nix

@@ -0,0 +1,9 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking = {
+    useDHCP = true;
+  };
+}

modules/server-cli.nix

@@ -0,0 +1,18 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    wget
+    curl
+    git
+
+    btrfs-progs
+  ];
+
+  programs = {
+    htop.enable = true;
+    vim.enable = true;
+  };
+}

modules/system.nix

@@ -1,23 +0,0 @@
-{
-  pkgs,
-  lib,
-  username,
-  ...
-}: {
-  # do garbage collection weekly to keep disk usage low
-  nix = {
-    settings = {
-      experimental-features = ["nix-command" "flakes"];
-    };
-
-    gc = {
-      automatic = lib.mkDefault true;
-      dates = lib.mkDefault "weekly";
-      options = lib.mkDefault "--delete-older-than 7d";
-    };
-  };
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-}

modules/teleport.nix

@@ -0,0 +1,52 @@
+{
+  pkgs,
+  lib,
+  config,
+  nodename,
+  ...
+}: let
+  cfg = config.services.teleport;
+  in {
+
+  config = lib.mkIf config.services.teleport.enable {
+    environment.systemPackages = [ cfg.package ];
+
+    services.teleport = {
+      settings = {
+        teleport = {
+          nodename = config.networking.hostName;
+          auth_servers = [ "tp.jfreudenberger.de:3023" ];
+          log.severity = "ERROR";
+        };
+        ssh_service = {
+          enabled = true;
+          permit_user_env = true;
+          commands = [
+            {
+              name = "hostname";
+              command = ["${pkgs.nettools}/bin/hostname"];
+              period = "1h";
+            }
+            {
+              name = "IP";
+              command = ["${pkgs.curl}/bin/curl" "ifconfig.me"];
+              period = "1h";
+            }
+            {
+              name = "UP";
+              command = ["${pkgs.bash}/bin/bash" "-c" "${pkgs.procps}/bin/uptime -p | ${pkgs.coreutils}/bin/cut -c4- | ${pkgs.coreutils}/bin/cut -d',' -f1"];
+              period = "1h";
+            }
+            {
+              name = "teleport-version";
+              command = ["${pkgs.bash}/bin/bash" "-c" "${cfg.package}/bin/teleport version | ${pkgs.coreutils}/bin/cut -d' ' -f2"];
+              period = "12h";
+            }
+          ];
+        };
+        proxy_service.enabled = false;
+        auth_service.enabled = false;
+      };
+    };
+  };
+}

modules/timezone-imperatively.nix

@@ -0,0 +1,10 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # Set timezone to null to make it imperatively settable
+  time.timeZone = lib.mkForce null;
+
+  services.tzupdate.enable = true;
+}