From 8f55b769fe535e72d0f0d519fa9b64daa03d83c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= <patrickdgro@gmail.com>
Date: Sun, 3 Dec 2023 18:37:57 +0100
Subject: [PATCH] feat: zfs auto snapshotting

---
 hosts/testienix/fs.nix                  | 57 +++++++++++++++++++++++++
 hosts/testienix/net.nix                 |  2 +-
 hosts/testienix/secrets/secrets.nix.age | 29 ++++++-------
 lib/containers.nix                      |  9 ++--
 lib/default.nix                         |  1 +
 lib/misc.nix                            | 29 +++++++++++++
 modules/services/containers.nix         |  1 -
 modules/services/nextcloud.nix          |  2 +-
 8 files changed, 106 insertions(+), 24 deletions(-)
 create mode 100644 lib/misc.nix

diff --git a/hosts/testienix/fs.nix b/hosts/testienix/fs.nix
index 810d8ea..5969322 100644
--- a/hosts/testienix/fs.nix
+++ b/hosts/testienix/fs.nix
@@ -57,6 +57,63 @@
     };
   };
 
+  services.zrepl = {
+    enable = true;
+    settings = {
+      global = {
+        logging = [
+          {
+            type = "syslog";
+            level = "info";
+            format = "human";
+          }
+        ];
+        # TODO Monitoring
+      };
+      jobs = [
+        #{
+        #  type = "push";
+        #  name = "push-to-remote";
+        #}
+        {
+          type = "snap";
+          name = "mach-schnipp-schusss";
+          filesystems = {
+            "panzer/local/state<" = true;
+            "panzer/safe<" = true;
+            "rpool/local/state<" = true;
+            "rpool/safe<" = true;
+          };
+          snapshotting = {
+            type = "periodic";
+            prefix = "zrepl-";
+            interval = "10m";
+            timestamp_format = "iso-8601";
+          };
+          pruning = {
+            keep = [
+              {
+                type = "regex";
+                regex = "^zrepl-.*$";
+                negate = true;
+              }
+              {
+                type = "grid";
+                grid = lib.concatStringsSep " | " [
+                  "1x1d(keep=all)"
+                  "142x1h(keep=2)"
+                  "90x1d(keep=2)"
+                  "500x7d"
+                ];
+                regex = "^zrepl-.*$";
+              }
+            ];
+          };
+        }
+      ];
+    };
+  };
+
   fileSystems."/state".neededForBoot = true;
   fileSystems."/panzer/state".neededForBoot = true;
   fileSystems."/panzer/persist".neededForBoot = true;
diff --git a/hosts/testienix/net.nix b/hosts/testienix/net.nix
index e0e6e50..ee8a153 100644
--- a/hosts/testienix/net.nix
+++ b/hosts/testienix/net.nix
@@ -6,7 +6,7 @@
     "01-lan1" = {
       address = ["192.168.178.32/24"];
       gateway = ["192.168.178.1"];
-      matchConfig.MACAddress = config.secrets.secrets.local.networking.lan01.mac;
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.interfaces.lan01.mac;
       dns = ["192.168.178.2"];
       networkConfig = {
         IPv6PrivacyExtensions = "yes";
diff --git a/hosts/testienix/secrets/secrets.nix.age b/hosts/testienix/secrets/secrets.nix.age
index 57a3dd1..4a2e22a 100644
--- a/hosts/testienix/secrets/secrets.nix.age
+++ b/hosts/testienix/secrets/secrets.nix.age
@@ -1,18 +1,13 @@
 age-encryption.org/v1
--> X25519 yvfsxGyyzm6ltKrzJCvt4fiNKq28qKc1NhJAfsBoKHk
-ccIcrFkuQ1OSXKQQD/6gUoM9Rmgxu1ZAmIyMVHgt4eM
--> piv-p256 XTQkUA A4vKRNyh9FMXQLR38Qr5BNRa9QunSvkwjf6lIgYbgnuO
-LaaIJYLwQcIS9/rXWF8+8hjQ0POPOQntD/hq2w0Dn7I
--> piv-p256 ZFgiIw Avd6vl3zndUJ3sjF0LCOEWDIr7Kw+meAlhI96x5fblgC
-+oMYDzKBntsA5DJmLQpnVPemq1yK++j0ralMOiqgAps
--> piv-p256 ZFgiIw AkFE4lLts1uL8TM3DEIlPXJh7G4na8AVXm/AYdnBs8x3
-RWV+VTPrJ+pGG9Zlok7J71Wb4r6yFqbN/fPYPBCdzxs
--> s?N`-grease
-rN+B4f0cPFjxtUR/20RrSnzpacxc6SR3d4yiIaNB6iFH2mH01HlFcjFN46nwVs1g
-CWafTVncI4Vne/C+cA
---- DDayA/fH/5rwjIYpl6JLltwh8+4EWcKYQ4P+pTkNuxI
-��c���=��V�sS�s{@I=K�4�}_{�\�l��@�h&F$�	;(��B
-���.��DvZ��?;��]O�k�~L��Nx���K��Fp�)0e�+Ώk;���u
-�>����O,92B<*f�
-K|��A�v�@8_�u~�����L�)���^�̥ɛv��tY��:5*� �{^X��o���
-2��Z	,B+zk�S$���^4N���(Tx��e��{#�8��p6`��r�&�R���T pSFz"�
��f��)ȣ��o=�S�x^��;	��R�
\ No newline at end of file
+-> X25519 peN8LddAbhPxA8gKX8PUl5rsPQ8bLGu3pfsMYrm0cVE
+p9TRJH5BkYALKWathegKIV0ohIbI0QZ660V8awsFOis
+-> piv-p256 XTQkUA A+UjNTuqedCWHXhFamoMtkFmOT8xUY6U/0X8EqBGZaXf
+G9HFGv2ZkKXy8vldhA6VYUvU8Yws9dWvqt+9VR3zIrs
+-> piv-p256 ZFgiIw AtHwhB/pCVKkW1n9pgcAOkcNOAezpYDgag+S/NBqF61u
+WCV3rZkXdXqfwJsbSC9zM/zVa3TUstgBBcAGmG7UccM
+-> piv-p256 ZFgiIw A01o+NKTlNvjyraiG1FQeJ2S+S8cmbFs2Tt/B6yXcYra
+gFUdee9s1/111+FoHQ+zsGwkYuEMXvCsjpgOyc3FRFg
+-> uu4VaK0-grease u\p]JK D\k37zk
+dg
+--- cyNvJMdMwm9HQ9yKMVctRQN7lxiupua6/WY/oAjX8zE
+8����p���Ւ��K�g�Pp
Ú�H�Ddд/�_Yus7���e:aJ˪���@���s��`�A<���'"'�f�)3(����w#7��DEZ�
�����*�c�Q��Ȃ�������3��;_�P���z��3.�zn%Z̐2

��nM�1JDe.���
{5�΍7|���GvXY)x�7R��8���3P�P��r�.c��fґCF@�CIS���J~Uכ��!�����$�H��M�YO���LPܱ�,t�ꠕK
�G�f�����C��9���ٸC
���iB6�*��jf
\ No newline at end of file
diff --git a/lib/containers.nix b/lib/containers.nix
index 4108b07..e2ca235 100644
--- a/lib/containers.nix
+++ b/lib/containers.nix
@@ -5,16 +5,17 @@ _inputs: _self: super: {
       containers.mkConfig = name: config:
         super.lib.mkMerge [
           {
-            bindmounts = {
+            bindMounts = {
               "state" = {
-                mountpoint = "/state";
+                mountPoint = "/state";
                 hostPath = "/state/containers/${name}";
               };
               "persist" = {
-                mountpoint = "/persist";
-                hostPath = config.zfs.mountpoint;
+                mountPoint = "/persist";
+                hostPath = "/containers/${name}";
               };
             };
+            zfs.mountpoint = super.lib.mkDefault "/containers/${name}";
             #config = {...}: {
             #};
           }
diff --git a/lib/default.nix b/lib/default.nix
index 49043ee..d19828f 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,4 +1,5 @@
 inputs: [
   (import ./disko.nix inputs)
   (import ./containers.nix inputs)
+  (import ./misc.nix inputs)
 ]
diff --git a/lib/misc.nix b/lib/misc.nix
new file mode 100644
index 0000000..2d0a133
--- /dev/null
+++ b/lib/misc.nix
@@ -0,0 +1,29 @@
+_inputs: _self: super: let
+  inherit
+    (super.lib)
+    unique
+    foldl'
+    filter
+    ;
+
+  # Counts how often each element occurrs in xs.
+  # Elements must be strings.
+  countOccurrences =
+    foldl'
+    (acc: x: acc // {${x} = (acc.${x} or 0) + 1;})
+    {};
+  # Returns all elements in xs that occur at least twice
+  duplicates = xs: let
+    occurrences = countOccurrences xs;
+  in
+    unique (filter (x: occurrences.${x} > 1) xs);
+in {
+  lib =
+    super.lib
+    // {
+      inherit
+        countOccurrences
+        duplicates
+        ;
+    };
+}
diff --git a/modules/services/containers.nix b/modules/services/containers.nix
index 7a24c12..c7bdace 100644
--- a/modules/services/containers.nix
+++ b/modules/services/containers.nix
@@ -40,7 +40,6 @@ in {
 
             mountpoint = mkOption {
               type = types.str;
-              default = "/containers/${name}";
               description = mdDoc "The host's mountpoint for the containers dataset";
             };
           };
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 625ac69..fea27c3 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -4,7 +4,7 @@
   ...
 }: {
   imports = [./containers.nix];
-  containers.nextcloud = lib.container.mkConfig "nextcloud" {
+  containers.nextcloud = lib.containers.mkConfig "nextcloud" {
     autoStart = true;
     zfs = {
       enable = true;