From 81af972cca0ec1a0987b161ec0ee0e91282ef3e6 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Sat, 22 Nov 2025 00:38:45 -0600
Subject: [PATCH 1/2] feat: fixed opensearch and elasticsearch

---
 modules/nixos/guests/mastodon/default.nix | 28 +++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/guests/mastodon/default.nix b/modules/nixos/guests/mastodon/default.nix
index f0a3f76..24334f9 100755
--- a/modules/nixos/guests/mastodon/default.nix
+++ b/modules/nixos/guests/mastodon/default.nix
@@ -322,9 +322,33 @@ in
             };
 
             mastodon-init-db.serviceConfig.EnvironmentFile = "/var/lib/mastodon/.secrets_env";
-            systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ];
-          };
 
+            systemd-tmpfiles-setup.after = [ "var-lib-mastodon.mount" ];
+
+            opensearch-install-plugins = {
+              description = "Install OpenSearch plugins";
+              before = [ "opensearch.service" ];
+              requiredBy = [ "opensearch.service" ];
+              serviceConfig = {
+                Type = "oneshot";
+                RemainAfterExit = true;
+              };
+              script = ''
+                PLUGIN_DIR="/var/lib/opensearch/plugins/analysis-icu"
+                if [ ! -d "$PLUGIN_DIR" ]; then
+                  # Create the plugins directory if it doesn't exist
+                  mkdir -p /var/lib/opensearch/plugins
+                  
+                  # Install using the proper OpenSearch plugin command
+                  export OPENSEARCH_JAVA_HOME="${pkgs.jdk17}/lib/openjdk"
+                  ${pkgs.opensearch}/bin/opensearch-plugin install --batch analysis-icu || {
+                    echo "Plugin installation failed, but continuing anyway"
+                    exit 0
+                  }
+                fi
+              '';
+            };
+          };
           timers.fedifetcher = {
             description = "Timer for FediFetcher";
             wantedBy = [ "timers.target" ];

From 56fa5bbf5c3bffa8b6b95578696489116924bf28 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Sat, 22 Nov 2025 03:14:50 -0600
Subject: [PATCH 2/2] feat: added restic

---
 modules/nixos/default.nix                 | 12 +---
 modules/nixos/services/restic/default.nix | 75 +++++++++++++++++++++++
 secrets/secrets.yaml                      |  8 ++-
 3 files changed, 83 insertions(+), 12 deletions(-)
 create mode 100644 modules/nixos/services/restic/default.nix

diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 87253da..282c015 100755
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -55,26 +55,18 @@ in
       imports = builtins.attrValues {
         inherit (modules)
           acme
-          # audiobookshelf
           caddy
+          ceresOpenCloud
           comfyui
-          # filesorter
           firefly-iii
           forgejo
-          # glance
           jellyfin
-          # logrotate
           mastodon
           microvm
-          # midnight
           minecraft
-          # ollamaCeres
-          ceresOpenCloud
-          # postgresCeres
           projectSite
-          # prompter
+          restic
           sambaCeres
-          # searx
           vaultwarden
           website
           zookeeper
diff --git a/modules/nixos/services/restic/default.nix b/modules/nixos/services/restic/default.nix
new file mode 100644
index 0000000..11c51f1
--- /dev/null
+++ b/modules/nixos/services/restic/default.nix
@@ -0,0 +1,75 @@
+{
+  config,
+  flake,
+  pkgs,
+  ...
+}:
+let
+  inherit (flake.config.services) instances;
+  inherit (flake.config.people) user0;
+  envFile = "backblaze/env";
+  repoFile = "backblaze/repo";
+  passFile = "restic-pass";
+in
+{
+  services.restic = {
+    backups = {
+      remote = {
+        environmentFile = config.sops.secrets.${envFile}.path;
+        initialize = true;
+        passwordFile = config.sops.secrets.${passFile}.path;
+        repositoryFile = config.sops.secrets.${repoFile}.path;
+        timerConfig = {
+          OnCalendar = "0/4:00";
+          Persistent = true;
+        };
+        paths = [
+          "/home/${user0}/.ssh"
+          instances.firefly-iii.mntPaths.path0
+          instances.forgejo.mntPaths.path0
+          instances.mastodon.mntPaths.path0
+          instances.minecraft.mntPaths.path0
+          instances.opencloud.mntPaths.path0
+          instances.vaultwarden.mntPaths.path0
+          "${instances.jellyfin.mntPaths.path0}/cache"
+          "${instances.jellyfin.mntPaths.path0}/data"
+          "${instances.jellyfin.mntPaths.path0}/media/Music"
+        ];
+      };
+    };
+  };
+
+  sops = {
+    secrets = builtins.listToAttrs (
+      map
+        (secret: {
+          name = secret;
+          value = {
+            path = "/run/secrets/${secret}";
+            owner = "root";
+            group = "root";
+            mode = "0600";
+          };
+        })
+        [
+          envFile
+          repoFile
+          passFile
+        ]
+    );
+  };
+
+  environment = {
+    variables = {
+      # AWS_ACCESS_KEY_ID = "";
+      # AWS_SECRET_ACCESS_KEY = "";
+      # RESTIC_PASSWORD_FILE = "pass.txt";
+      # RESTIC_REPOSITORY = "";
+    };
+    systemPackages = builtins.attrValues {
+      inherit (pkgs)
+        restic
+        ;
+    };
+  };
+}
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index a28c440..4f0df35 100755
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -54,6 +54,10 @@ firefly-iii:
     pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str]
     data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str]
     smtp: ENC[AES256_GCM,data:+e4MiRZ2WOZyWYpMf+By1Eb45ih4TA+svLI2+00yQk82,iv:+52+kJouMwkOSDEaOCA8V80+wT/VzNxgtCkOO68SCdk=,tag:YrtrJAXIhQpsUTEeYvrVwQ==,type:str]
+backblaze:
+    env: ENC[AES256_GCM,data:cdOYt77KocuGB3aqYz13oBokoLkEIgI1AW+cYC5uutgZYujG3PqoLEh6Gvbpzn3O+0OWg1/4UAYr4f2v7oCsgwFzPWS3HrhqC5+kIBjrPCyAnxDxlu2xaQ9hR+ogFh5UTDo=,iv:6+jx4Dj5CNV72DAss6NNYm44f9gSHco/EUBvL2o2CNI=,tag:6/cx84MgTDqQJxu/zINEeA==,type:str]
+    repo: ENC[AES256_GCM,data:sRae9XELIfkWPaXelCdgEXIDbLTHVqGcRO0o+WA9aBfB8MUw92JjRCYgMgGXT0Apy38eszyuEHFB3XPpRmtQ7g==,iv:EilVA9zdHm6B9pTIhNxyj6Th1248nXvh0kpnEqZJ5HI=,tag:q9ASAgx5vgY0IePws4rT5Q==,type:str]
+restic-pass: ENC[AES256_GCM,data:WtVFKDBKIdSAgPCsgpSGIMxIjFD2itFUVxzr9T5zWyk=,iv:KEgauoBqD9Htemfznm7n2ImH3HyB3ivYL/etGZHIcC0=,tag:mzJsu5QzqDMTuvulKAxtOA==,type:str]
 password-user0: ENC[AES256_GCM,data:VKrySmPAKh3UwCQXJS0EnOPPLDrigWtw5g4WMbSGz/VRtbzlQxMIgs42c/8NnHiqr98ifWy7u9c280oo7SrHhQmEOOvxfITQ9A==,iv:toGkVKCjsmtPP5Ukk/q8kPSmJo3FcTAyj2vcIEkHmU0=,tag:Nhucsk1kgx7zDZZQKycKZQ==,type:str]
 sops:
     age:
@@ -66,7 +70,7 @@ sops:
             bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
             aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-21T10:16:47Z"
-    mac: ENC[AES256_GCM,data:cgsHkgbaVkMYIaWPugPjX9yRbV6eBPcMmQnD1qRJbp647c/FF+KA4qJhB8eQD5/yA+u76in1LSEopRuKaXEGX9LRNzpUKknih/QN8bjHbbwpC2zKm/cxgkkING9Or5Fk821+RPhAb4ezZoUOl+lSG3LUl66GoDcbNAW3qxZhwO8=,iv:3rKoaAKKTskY47IqxZuKUDXeNFC58Av45nk/P/xYIzg=,tag:vfWE0td8UHxCquWW6WlqBg==,type:str]
+    lastmodified: "2025-11-22T08:22:22Z"
+    mac: ENC[AES256_GCM,data:aGtZuHEsxcUZCfMdiYoX0oHd71XNIEG5UgxtoSqIr1ICqnjGV1hrNeLu+coSslkvYjAteYkgDBk8lHiO1kBY7G3d9fn0cRnR7wpgcaiFDCPaKdjXlrZmDdbsN+4NF62Y1LkclvGOWGEvM4pR+HxnNxK3nVEU0e10TaZ0r9/b0+o=,iv:MCid50yHr9Sk8hzsbu8wBQwW4vnERxaCEuivq1TUvhA=,tag:T7F2lS5lWY7zncWOY4VSbA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0