3 files changed, 64 insertions, 4 deletions

diff --git a/profiles/defaults.nix b/profiles/defaults.nix
index d98daa0..6ada4c7 100644
--- a/profiles/defaults.nix
+++ b/profiles/defaults.nix
@@ -1,5 +1,4 @@
 {
-  self,
   config,
   pkgs,
   lib,
@@ -100,8 +99,8 @@
 
   environment.etc.motd.text = ''
     Machine  ${config.networking.hostName}
-     NixOS   ${config.system.nixos.release}
-       @     ${self.shortRev or self.dirtyShortRev}
+     NixOS   ${config.system.nixos.versionSuffix}
+       @     ${config.system.configurationRevision}
   '';
 
   ## disable that slow "building man-cache" step
diff --git a/profiles/storage-media.nix b/profiles/storage-media.nix
new file mode 100644
index 0000000..30fb9e4
--- /dev/null
+++ b/profiles/storage-media.nix
@@ -0,0 +1,61 @@
+{ pkgs, config, ... }:
+let
+  syncJobs = [
+    {
+      name = "movies";
+      source = "/data/media/movies/";
+      destination = "/volume1/media/movies/";
+    }
+    {
+      name = "videos";
+      source = "/data/media/videos/";
+      destination = "/volume1/media/videos/";
+    }
+  ];
+  remoteHost = "192.168.1.68";
+  remoteUser = "nas";
+in
+{
+  age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
+
+  systemd.timers = pkgs.lib.listToAttrs (
+    map (job: {
+      name = "rsync-backup-${job.name}";
+      value = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "daily";
+          Persistent = true;
+          RandomizedDelaySec = "1h";
+        };
+      };
+    }) syncJobs
+  );
+
+  systemd.services = pkgs.lib.listToAttrs (
+    map (job: {
+      name = "rsync-backup-${job.name}";
+      value = {
+        description = "Rsync backup for ${job.name}";
+
+        serviceConfig = {
+          Type = "oneshot";
+          DynamicUser = true;
+          LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}";
+          PrivateTmp = true;
+          NoNewPrivileges = true;
+          ProtectSystem = "strict";
+          ProtectHome = true;
+
+          ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" ''
+            ${pkgs.rsync}/bin/rsync \
+              -avz \
+              -e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \
+              ${job.source} \
+              ${remoteUser}@${remoteHost}:${job.destination}
+          '';
+        };
+      };
+    }) syncJobs
+  );
+}
diff --git a/profiles/users/fcuny.nix b/profiles/users/fcuny.nix
index 1a2b490..9d4e1e2 100644
--- a/profiles/users/fcuny.nix
+++ b/profiles/users/fcuny.nix
@@ -5,7 +5,7 @@
     uid = 1000;
     shell = pkgs.fish;
     isNormalUser = true;
-    hashedPassword = "$6$Llw8m62nKMLLN9mm$3.a4CKUFlqwkG8vjBryLlBNwTwgH63vpg2nhYwRoQzG76Q91vTXnlYDujS4G5yGrWoatkKZx5epCx4/NAvRh2/";
+    hashedPassword = "$y$j9T$U3mXpCzXC1VUp8wV5snJz/$32vTk0KwVXvP/jLO13nMlGPHy0nCe4ZtebdvqU4hwmD";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
     ];