From be93664b478861080f2832b04b2c2ff4d64df6ee Mon Sep 17 00:00:00 2001
From: Jasper Ras <jras@hostnet.nl>
Date: Sat, 22 Mar 2025 17:41:50 +0100
Subject: Snorlax updates

---
 flake.nix                           |   1 +
 modules/core/default.nix            |   7 +++++++
 modules/core/packages.nix           |   2 ++
 modules/snorlax/default.nix         |  27 ++++++++++++++++++++++++++-
 secrets/ghostnet-auth-user-pass.age | Bin 361 -> 361 bytes
 secrets/ghostnet-ca.age             | Bin 2755 -> 2755 bytes
 secrets/ghostnet-cert.age           | Bin 6996 -> 6996 bytes
 secrets/ghostnet-key.age            | Bin 3616 -> 3616 bytes
 secrets/ghostnet-tls-auth.age       | Bin 980 -> 980 bytes
 secrets/intelephense-licence.age    | Bin 470 -> 580 bytes
 secrets/secrets.nix                 | Bin 870 -> 1013 bytes
 secrets/syncoid-key.age             | Bin 0 -> 963 bytes
 secrets/systems-auth-user-pass.age  | Bin 378 -> 378 bytes
 secrets/systems-ca.age              | Bin 1138 -> 1138 bytes
 secrets/systems-cert.age            | Bin 1373 -> 1373 bytes
 secrets/systems-key.age             | Bin 2198 -> 2198 bytes
 secrets/systems-tls-auth.age        | Bin 980 -> 980 bytes
 syncoid-key.pub                     |   1 +
 18 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 secrets/syncoid-key.age
 create mode 100644 syncoid-key.pub

diff --git a/flake.nix b/flake.nix
index a51cbc4..025e75d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -89,6 +89,7 @@
         disko.nixosModules.disko
         nixos-facter-modules.nixosModules.facter
         microvm.nixosModules.host
+        agenix.nixosModules.default
 
         { config.facter.reportPath = ./modules/snorlax/facter.json; }
         ./modules/snorlax
diff --git a/modules/core/default.nix b/modules/core/default.nix
index 2640047..f26e6c7 100644
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@@ -9,4 +9,11 @@
   ];
 
   programs.mtr.enable = true;
+
+  programs.ssh.knownHosts = {
+    backup = {
+      extraHostNames = [ "185.107.88.38" ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGr0wvMck97G+g7PY3IaQ12/29Y7B3Me7HDPabMxHoKa";
+    };
+  };
 }
diff --git a/modules/core/packages.nix b/modules/core/packages.nix
index 37d1562..16ff140 100644
--- a/modules/core/packages.nix
+++ b/modules/core/packages.nix
@@ -17,5 +17,7 @@
     wget
     iftop
     htop
+
+    nixos-anywhere
   ];
 }
diff --git a/modules/snorlax/default.nix b/modules/snorlax/default.nix
index cbc0430..1817661 100644
--- a/modules/snorlax/default.nix
+++ b/modules/snorlax/default.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
   imports = [
     ./disk-config.nix
@@ -19,4 +19,29 @@
   time.timeZone = "Europe/Amsterdam";
 
   home-manager.users.jras = { home.stateVersion = "24.11"; };
+
+  age.secrets.syncoid-key = {
+    file = ../../secrets/syncoid-key.age;
+    owner = "syncoid";
+    group = "syncoid";
+  };
+
+  services.sanoid.enable = true;
+  services.sanoid.datasets."zroot/persist" = {
+    autoprune = true;
+    autosnap = true;
+    daily = 7;
+    hourly = 24;
+    monthly = 1;
+    yearly = 1;
+  };
+
+  services.syncoid.enable = true;
+  services.syncoid.sshKey = config.age.secrets.syncoid-key.path;
+  services.syncoid.commands = {
+    "zroot/persist" = {
+      source = "zroot/persist";
+      target = "ubuntu@185.107.88.38:backup/snorlax";
+    };
+  };
 }
diff --git a/secrets/ghostnet-auth-user-pass.age b/secrets/ghostnet-auth-user-pass.age
index a11d7f0..8b774b2 100644
Binary files a/secrets/ghostnet-auth-user-pass.age and b/secrets/ghostnet-auth-user-pass.age differ
diff --git a/secrets/ghostnet-ca.age b/secrets/ghostnet-ca.age
index ff1e92d..cb9e3a3 100644
Binary files a/secrets/ghostnet-ca.age and b/secrets/ghostnet-ca.age differ
diff --git a/secrets/ghostnet-cert.age b/secrets/ghostnet-cert.age
index 907a939..3b6b5e9 100644
Binary files a/secrets/ghostnet-cert.age and b/secrets/ghostnet-cert.age differ
diff --git a/secrets/ghostnet-key.age b/secrets/ghostnet-key.age
index 85e94ff..782ab48 100644
Binary files a/secrets/ghostnet-key.age and b/secrets/ghostnet-key.age differ
diff --git a/secrets/ghostnet-tls-auth.age b/secrets/ghostnet-tls-auth.age
index 3907e1d..cbca658 100644
Binary files a/secrets/ghostnet-tls-auth.age and b/secrets/ghostnet-tls-auth.age differ
diff --git a/secrets/intelephense-licence.age b/secrets/intelephense-licence.age
index a52d4be..0b43493 100644
Binary files a/secrets/intelephense-licence.age and b/secrets/intelephense-licence.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 8f049a5..b87293b 100644
Binary files a/secrets/secrets.nix and b/secrets/secrets.nix differ
diff --git a/secrets/syncoid-key.age b/secrets/syncoid-key.age
new file mode 100644
index 0000000..db8ac6b
Binary files /dev/null and b/secrets/syncoid-key.age differ
diff --git a/secrets/systems-auth-user-pass.age b/secrets/systems-auth-user-pass.age
index 5cd6055..9d32e33 100644
Binary files a/secrets/systems-auth-user-pass.age and b/secrets/systems-auth-user-pass.age differ
diff --git a/secrets/systems-ca.age b/secrets/systems-ca.age
index a5afa4d..4720060 100644
Binary files a/secrets/systems-ca.age and b/secrets/systems-ca.age differ
diff --git a/secrets/systems-cert.age b/secrets/systems-cert.age
index 92c4c9f..a4235f9 100644
Binary files a/secrets/systems-cert.age and b/secrets/systems-cert.age differ
diff --git a/secrets/systems-key.age b/secrets/systems-key.age
index 3d6691a..3b8b42e 100644
Binary files a/secrets/systems-key.age and b/secrets/systems-key.age differ
diff --git a/secrets/systems-tls-auth.age b/secrets/systems-tls-auth.age
index 714baa8..ff011e6 100644
Binary files a/secrets/systems-tls-auth.age and b/secrets/systems-tls-auth.age differ
diff --git a/syncoid-key.pub b/syncoid-key.pub
new file mode 100644
index 0000000..bc2f101
--- /dev/null
+++ b/syncoid-key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGnWMAq+6bzP3TVo5mHkg+ABQOyM32hN1Jg6AiXemHG9 jras@work
-- 
cgit v1.2.3