darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

add restic backups
Some checks failed
Hydra packages.riscv64-linux.art-lotte Hydra build #25287 of nixos-config:pr618:packages.riscv64-linux.art-lotte
Details
Hydra packages.aarch64-linux.art-lotte Hydra build #25283 of nixos-config:pr618:packages.aarch64-linux.art-lotte
Details
Hydra packages.x86_64-linux.art-lotte-bgs-sfw Hydra build #25293 of nixos-config:pr618:packages.x86_64-linux.art-lotte-bgs-sfw
Details
Hydra packages.riscv64-linux.package-updater Hydra build #25290 of nixos-config:pr618:packages.riscv64-linux.package-updater
Details
Hydra checks.x86_64-linux.containers-default Hydra build #25274 of nixos-config:pr618:checks.x86_64-linux.containers-default
Details
Hydra packages.x86_64-linux.art-lotte-bgs-nsfw Hydra build #25292 of nixos-config:pr618:packages.x86_64-linux.art-lotte-bgs-nsfw
Details
Hydra nixosConfigurations.not522-installer Hydra build #25305 of nixos-config:pr618:nixosConfigurations.not522-installer
Details
Hydra nixosConfigurations.not522 Hydra build #25304 of nixos-config:pr618:nixosConfigurations.not522
Details
Hydra nixosConfigurations.thinkrac Hydra build #25308 of nixos-config:pr618:nixosConfigurations.thinkrac
Details
Hydra nixosConfigurations.pc-installer Hydra build #25306 of nixos-config:pr618:nixosConfigurations.pc-installer
Details
Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #25277 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux
Details
Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #25276 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux
Details
Hydra packages.riscv64-linux.art-lotte-bgs-sfw Hydra build #25289 of nixos-config:pr618:packages.riscv64-linux.art-lotte-bgs-sfw
Details
Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #25275 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux
Details
Hydra nixosConfigurations.rainbow-resort Hydra build #25307 of nixos-config:pr618:nixosConfigurations.rainbow-resort
Details
Hydra packages.aarch64-linux.art-lotte-bgs-nsfw Hydra build #25284 of nixos-config:pr618:packages.aarch64-linux.art-lotte-bgs-nsfw
Details
Hydra packages.aarch64-linux.art-lotte-bgs-sfw Hydra build #25285 of nixos-config:pr618:packages.aarch64-linux.art-lotte-bgs-sfw
Details
Hydra packages.riscv64-linux.art-lotte-bgs-nsfw Hydra build #25288 of nixos-config:pr618:packages.riscv64-linux.art-lotte-bgs-nsfw
Details
Hydra packages.x86_64-linux.art-lotte Hydra build #25291 of nixos-config:pr618:packages.x86_64-linux.art-lotte
Details

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-11-12 10:16:09 +01:00
parent ba89a18e00
commit e3a0a9a6f5
4 changed files with 88 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -5,7 +5,6 @@ keys:
- &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg - &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
- &rainbow-resort age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f - &rainbow-resort age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr - &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
creation_rules: creation_rules:
- path_regex: machine/not522/secrets\.yaml$ - path_regex: machine/not522/secrets\.yaml$
key_groups: key_groups:
@ -19,6 +18,13 @@ creation_rules:
- *not522 - *not522
- *rainbow-resort - *rainbow-resort
- *thinkrac - *thinkrac
- path_regex: services/restic\.yaml$
key_groups:
- age:
- *base
- *not522
- *rainbow-resort
- *thinkrac
- path_regex: users/root/system\.yaml$ - path_regex: users/root/system\.yaml$
key_groups: key_groups:
- age: - age:

1
config/default.nix
View file

@ -4,6 +4,7 @@
"${nixos-config}/modules" "${nixos-config}/modules"
"${nixos-config}/services/tailscale.nix" "${nixos-config}/services/tailscale.nix"
"${nixos-config}/services/openssh.nix" "${nixos-config}/services/openssh.nix"
"${nixos-config}/services/restic.nix"
"${nixos-config}/users" "${nixos-config}/users"
"${nixos-config}/programs" "${nixos-config}/programs"
./systemd-boot.nix ./systemd-boot.nix

27
services/restic.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.restic.backups.sysbackup = {
timerConfig = {
OnCalendar = "06:00";
RandomizedDelaySec = "12h";
};
environmentFile = config.sops.secrets."services/restic/backups/sysbackup/environment".path;
paths = [
"/persistent"
];
extraBackupArgs = [
"--exclude-caches"
"--compression max"
"--exclude"
"/persistent/var/cache"
"--exclude"
"/persistent/home/root/.cache"
"--exclude"
"/persistent/home/darkkirb/.cache"
];
repository = "s3://ams1.vultrobjects.com/backup-chir-rs";
passwordFile = config.sops.secrets."services/restic/backups/sysbackup/password".path;
};
sops.secrets."services/restic/backups/sysbackup/environment".sopsFile = ./restic.yaml;
sops.secrets."services/restic/backups/sysbackup/password".sopsFile = ./restic.yaml;
}

53
services/restic.yaml Normal file
View file

@ -0,0 +1,53 @@
services:
restic:
backups:
sysbackup:
environment: ENC[AES256_GCM,data:6doK0jeQ1WgjVspk8gGIfKplvIjI8HfxiTGGuV4U4F4HjjoNqSDvbTaQjw4kllbX3Y/mOMrPorOV+IKswhZWIyFHYkxSoXnEERqOcL4NR0phzS47dob9cmzZRtrk9RMYr8xOjzN+,iv:CceNo1rnhwIZ8YnMqp8Yh/7TTGThnkFo9sMmd6feq3A=,tag:5HOHOxGAQcchyI2jv64eZA==,type:str]
password: ENC[AES256_GCM,data:xfGpi1SHYNVgTpGE4OK78MsPQZI=,iv:Ri3WD0PmMpQ/a5ny3lesR/Z6DzwMShGRzYFbVMuGi9g=,tag:ocTJY5zH5+2Z/C2QGL1TZw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWkl0WWx0STFUVHlhaXgy
WjJYcEdJOHd0aW8rN1kwbnVjeHh2a0RUWTBBCjZFRUE1K3RFYmZMcDJMVDVOdnV6
VDF5bEEwVE4vRTQvNVJLRkhOdXJhMjQKLS0tIG9iVTVOeHRUbVdySjc2T2dkRnhh
bjEwK0ludjR2NHpWYk1LUFUyWkVPaEUK4szqvropJKPnF4exnoJM1x3YSnQB2axH
JoQZkeO4y1wBqh/JDb5Xlw+3lziH6tlwqMYI5Mj0ACbpy/y0gPrG3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadndrd0tMNHBYMnExaEpn
Y2dVbWxmVWRDaUdnK1gwVUJ5VlVNNzJ4b20wClBCSkova2dxN0d5d05wUzhIUkc2
bXJoRXZ5alY3N29KRlEvK0V6MG1PSFkKLS0tIGFVY2xTMVZTZU9VRXViNkQrOHlT
UTJzRWxnWW9wZVo0K0xiaE9PTGhlTWcKpHkPLrMCYcLPDNSMQnPDfOXh3fQdgc/O
VMLhplZ0CcrAbDii0AMqqen+qStGpfFvMpW1fqWy3guNTxZMTKIjrA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSWJUZFNoaEZOTVNvSjRW
aEQrRzNKKzhKM1ROcDFzd2xBS010MkY3a0c0CnlycnJmZHUveUFGUUxacVN4WTdE
VVZSdGw3UjV3RXdhd2ZrWnA0ZUVIczgKLS0tIFV6Mm5rajVFSHh1Z0IydWpGUHBE
TEVvL0pZUXpRcjl4Z3JmQTF3QmNpNmMKMpCHx3vqOBXyvM4gcQctLpmE4ypC/Oqj
9PqfcAADPzGFZMH1v5chBXpMD/FZ9yr8KfFVz3VD3MTEqQBYqTlZ0A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBU1FXNXhuWHZJMk02RnQ2
clRtL3hhd1dTbXlOWHF2bkRFb2hhYUo2bTBNCm1vNWZiU1IzdGI3aEdaZEcvUmdQ
ZXN5SU5ZZ0w4VkEyaGcra1hsQW9BaG8KLS0tIG9ieWF4cG5IVk1XVmxsTkt1bURQ
VXlvWkhVYTY2aWpwOHZUSDFkbHN4cUUKIHdWPdwqb9JjH8K91CaNqxH5qyP7tmdj
HVjFUz5AGE6E5oi8oZcru3m3WviuBsTxT8lYiCPd9xO99/7Zkswtsw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-12T09:14:08Z"
mac: ENC[AES256_GCM,data:g9grCtq75gKHxM4kKzbvg/XcWUtIXkWGHEfvYbseTsXxdR1WuIXonSs/VX/1Oni6kvalnvUGaR0IflPhXYr7bEhyAWPqDRVditt6yeb/UbwWONSlxtnJVTxAJ3RRVjZZaQJnwuu1UIEZRz3JS/EKXqQjma6A5WtN0WNMEJkw8No=,iv:VkKHUFF9s56iu+Tk2qzhu3s7rJs2NGO/08OICwmds0c=,tag:eI89jJCTF7rkRJ/QNyt62g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1