nixfiles

My NixOS configuration and assorted other crap, powered by flakes. Clone to /etc/nixos.

See the memo for machine-specific notes.

Secrets

Secrets are managed with sops-nix. Create / edit secrets with:

./sops.sh                   # secrets.yaml for current host
./sops.sh <hostname>        # secrets.yaml for <hostname>
./sops.sh <hostname> <name> # <name>.yaml for <hostname>

Operational notes

Backups

Backups are generated by services.backups and uploaded to S3 with Duplicity.

Check the status of a backup collection with:

./backups.sh                   # for the current host
./backups.sh status            # for the current host
./backups.sh status <hostname> # for another host

Restore a backup to ~/tmp/backup-restore with:

./backups.sh restore            # for the current host
./backups.sh restore <hostname> # for another host

Change the restore target by setting $RESTORE_DIR.

ZFS

If there are any ZFS filesystems, the auto-trim, -scrub, and -snapshot jobs will be enabled, as well as a monitoring script to alert if a pool becomes unhealthy (if monitoring scripts are enabled on this host).

Enable the auto-trim for a pool with:

sudo zpool set autotrim=on <pool>

Enable the auto-snapshot for a dataset with:

sudo zfs set com.sun:auto-snapshot=true <dataset>

The auto-scrub and monitoring apply to all pools.