Removed some unnecessary stuff

backups.nix

@@ -0,0 +1,24 @@
+{ lib, ... }: {
+  system.activationScripts.makeBackupDir = lib.stringAfter [ "var" ] ''
+    mkdir -p /var/lib/backup
+  '';
+
+  services.forgejo.dump = {
+    enable = true;
+    file = "forgejo-dump";
+    backupDir = "/var/lib/backup";
+  };
+
+  services.restic.backups.s3 = {
+    passwordFile = "/var/secrets/restic-backup";
+    environmentFile = "/var/secrets/restic-s3";
+    initialize = true;
+    repository = "s3:https://object.ceph-waw3.hswaw.net/cebulacamp-backups";
+    paths = [
+      "/var/lib/backup"
+      "/var/lib/postgresql"
+      "/var/lib/redis-authentik"
+      "/var/lib/nextcloud"
+    ];
+  };
+}

configuration.nix

@@ -13,6 +13,7 @@
       ./nextcloud.nix
       ./authentik.nix
       ./forgejo.nix
+      ./backups.nix
     ];
 
   boot.loader.systemd-boot.enable = true;
@@ -36,36 +37,8 @@
     "8.8.8.8"
   ];
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.jane = {
-  #   isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  # };
-
-  users.users.root = {
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG599UildOrAq+LIOQjKqtGMwjgjIxozI1jtQQRKHtCP q3k@mimeomia"
-      "cert-authority ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPt2EXhvAwjMZ+5j8P0dCMaUdXeUQePeTv8tBdHXNly mewp"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR informatic@InformaticPC"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOccFr7RFddSB5kdvYCIdCyKgD3X79mC90cMImqziTd9 radex@radpro"
-    ];
-  };
   users.groups.ldap-access = {};
 
-  # users.ldap = {
-  #   enable = true;
-  #   loginPam = true;
-  #   nsswitch = true;
-  #   base = "ou=users,dc=cebula,dc=camp";
-  #   server = "ldap://10.88.0.1:389/";
-  #   timeLimit = 1;
-  #   daemon.enable = true;
-  #   bind = {
-  #     distinguishedName = "cn=ldap-access,ou=users,dc=cebula,dc=camp";
-  #     passwordFile = "/var/secrets/ldap-access";
-  #   };
-  # };
-
   services.sssd = {
     enable = true;
     sshAuthorizedKeysIntegration = true;
@@ -74,20 +47,11 @@
       serviceAccount = "ldap-access";
       allowedGroup = "cn=orga-infra,ou=groups,${baseDN}";
     in ''
-      [nss]
-      filter_groups = root
-      filter_users = root
-      reconnection_retries = 3
-
       [sssd]
       config_file_version = 2
-      reconnection_retries = 3
       domains = LDAP
       services = nss, pam, ssh
 
-      [pam]
-      reconnection_retries = 3
-
       [domain/LDAP]
       cache_credentials = True
       id_provider = ldap