add restic backups
Some checks failed
Hydra packages.riscv64-linux.art-lotte Hydra build #25287 of nixos-config:pr618:packages.riscv64-linux.art-lotte
Hydra packages.aarch64-linux.art-lotte Hydra build #25283 of nixos-config:pr618:packages.aarch64-linux.art-lotte
Hydra packages.x86_64-linux.art-lotte-bgs-sfw Hydra build #25293 of nixos-config:pr618:packages.x86_64-linux.art-lotte-bgs-sfw
Hydra packages.riscv64-linux.package-updater Hydra build #25290 of nixos-config:pr618:packages.riscv64-linux.package-updater
Hydra checks.x86_64-linux.containers-default Hydra build #25274 of nixos-config:pr618:checks.x86_64-linux.containers-default
Hydra packages.x86_64-linux.art-lotte-bgs-nsfw Hydra build #25292 of nixos-config:pr618:packages.x86_64-linux.art-lotte-bgs-nsfw
Hydra nixosConfigurations.not522-installer Hydra build #25305 of nixos-config:pr618:nixosConfigurations.not522-installer
Hydra nixosConfigurations.not522 Hydra build #25304 of nixos-config:pr618:nixosConfigurations.not522
Hydra nixosConfigurations.thinkrac Hydra build #25308 of nixos-config:pr618:nixosConfigurations.thinkrac
Hydra nixosConfigurations.pc-installer Hydra build #25306 of nixos-config:pr618:nixosConfigurations.pc-installer
Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #25277 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux
Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #25276 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux
Hydra packages.riscv64-linux.art-lotte-bgs-sfw Hydra build #25289 of nixos-config:pr618:packages.riscv64-linux.art-lotte-bgs-sfw
Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #25275 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux
Hydra nixosConfigurations.rainbow-resort Hydra build #25307 of nixos-config:pr618:nixosConfigurations.rainbow-resort
Hydra packages.aarch64-linux.art-lotte-bgs-nsfw Hydra build #25284 of nixos-config:pr618:packages.aarch64-linux.art-lotte-bgs-nsfw
Hydra packages.aarch64-linux.art-lotte-bgs-sfw Hydra build #25285 of nixos-config:pr618:packages.aarch64-linux.art-lotte-bgs-sfw
Hydra packages.riscv64-linux.art-lotte-bgs-nsfw Hydra build #25288 of nixos-config:pr618:packages.riscv64-linux.art-lotte-bgs-nsfw
Hydra packages.x86_64-linux.art-lotte Hydra build #25291 of nixos-config:pr618:packages.x86_64-linux.art-lotte
Some checks failed
Hydra packages.riscv64-linux.art-lotte Hydra build #25287 of nixos-config:pr618:packages.riscv64-linux.art-lotte
Hydra packages.aarch64-linux.art-lotte Hydra build #25283 of nixos-config:pr618:packages.aarch64-linux.art-lotte
Hydra packages.x86_64-linux.art-lotte-bgs-sfw Hydra build #25293 of nixos-config:pr618:packages.x86_64-linux.art-lotte-bgs-sfw
Hydra packages.riscv64-linux.package-updater Hydra build #25290 of nixos-config:pr618:packages.riscv64-linux.package-updater
Hydra checks.x86_64-linux.containers-default Hydra build #25274 of nixos-config:pr618:checks.x86_64-linux.containers-default
Hydra packages.x86_64-linux.art-lotte-bgs-nsfw Hydra build #25292 of nixos-config:pr618:packages.x86_64-linux.art-lotte-bgs-nsfw
Hydra nixosConfigurations.not522-installer Hydra build #25305 of nixos-config:pr618:nixosConfigurations.not522-installer
Hydra nixosConfigurations.not522 Hydra build #25304 of nixos-config:pr618:nixosConfigurations.not522
Hydra nixosConfigurations.thinkrac Hydra build #25308 of nixos-config:pr618:nixosConfigurations.thinkrac
Hydra nixosConfigurations.pc-installer Hydra build #25306 of nixos-config:pr618:nixosConfigurations.pc-installer
Hydra nixosConfigurations.container-default-x86_64-linux Hydra build #25277 of nixos-config:pr618:nixosConfigurations.container-default-x86_64-linux
Hydra nixosConfigurations.container-default-riscv64-linux Hydra build #25276 of nixos-config:pr618:nixosConfigurations.container-default-riscv64-linux
Hydra packages.riscv64-linux.art-lotte-bgs-sfw Hydra build #25289 of nixos-config:pr618:packages.riscv64-linux.art-lotte-bgs-sfw
Hydra nixosConfigurations.container-default-aarch64-linux Hydra build #25275 of nixos-config:pr618:nixosConfigurations.container-default-aarch64-linux
Hydra nixosConfigurations.rainbow-resort Hydra build #25307 of nixos-config:pr618:nixosConfigurations.rainbow-resort
Hydra packages.aarch64-linux.art-lotte-bgs-nsfw Hydra build #25284 of nixos-config:pr618:packages.aarch64-linux.art-lotte-bgs-nsfw
Hydra packages.aarch64-linux.art-lotte-bgs-sfw Hydra build #25285 of nixos-config:pr618:packages.aarch64-linux.art-lotte-bgs-sfw
Hydra packages.riscv64-linux.art-lotte-bgs-nsfw Hydra build #25288 of nixos-config:pr618:packages.riscv64-linux.art-lotte-bgs-nsfw
Hydra packages.x86_64-linux.art-lotte Hydra build #25291 of nixos-config:pr618:packages.x86_64-linux.art-lotte
This commit is contained in:
parent
ba89a18e00
commit
e3a0a9a6f5
4 changed files with 88 additions and 1 deletions
|
|
@ -5,7 +5,6 @@ keys:
|
|||
- &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
|
||||
- &rainbow-resort age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f
|
||||
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
|
||||
|
||||
creation_rules:
|
||||
- path_regex: machine/not522/secrets\.yaml$
|
||||
key_groups:
|
||||
|
|
@ -19,6 +18,13 @@ creation_rules:
|
|||
- *not522
|
||||
- *rainbow-resort
|
||||
- *thinkrac
|
||||
- path_regex: services/restic\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *not522
|
||||
- *rainbow-resort
|
||||
- *thinkrac
|
||||
- path_regex: users/root/system\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
"${nixos-config}/modules"
|
||||
"${nixos-config}/services/tailscale.nix"
|
||||
"${nixos-config}/services/openssh.nix"
|
||||
"${nixos-config}/services/restic.nix"
|
||||
"${nixos-config}/users"
|
||||
"${nixos-config}/programs"
|
||||
./systemd-boot.nix
|
||||
|
|
|
|||
27
services/restic.nix
Normal file
27
services/restic.nix
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.restic.backups.sysbackup = {
|
||||
timerConfig = {
|
||||
OnCalendar = "06:00";
|
||||
RandomizedDelaySec = "12h";
|
||||
};
|
||||
environmentFile = config.sops.secrets."services/restic/backups/sysbackup/environment".path;
|
||||
paths = [
|
||||
"/persistent"
|
||||
];
|
||||
extraBackupArgs = [
|
||||
"--exclude-caches"
|
||||
"--compression max"
|
||||
"--exclude"
|
||||
"/persistent/var/cache"
|
||||
"--exclude"
|
||||
"/persistent/home/root/.cache"
|
||||
"--exclude"
|
||||
"/persistent/home/darkkirb/.cache"
|
||||
];
|
||||
repository = "s3://ams1.vultrobjects.com/backup-chir-rs";
|
||||
passwordFile = config.sops.secrets."services/restic/backups/sysbackup/password".path;
|
||||
};
|
||||
sops.secrets."services/restic/backups/sysbackup/environment".sopsFile = ./restic.yaml;
|
||||
sops.secrets."services/restic/backups/sysbackup/password".sopsFile = ./restic.yaml;
|
||||
}
|
||||
53
services/restic.yaml
Normal file
53
services/restic.yaml
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
services:
|
||||
restic:
|
||||
backups:
|
||||
sysbackup:
|
||||
environment: ENC[AES256_GCM,data:6doK0jeQ1WgjVspk8gGIfKplvIjI8HfxiTGGuV4U4F4HjjoNqSDvbTaQjw4kllbX3Y/mOMrPorOV+IKswhZWIyFHYkxSoXnEERqOcL4NR0phzS47dob9cmzZRtrk9RMYr8xOjzN+,iv:CceNo1rnhwIZ8YnMqp8Yh/7TTGThnkFo9sMmd6feq3A=,tag:5HOHOxGAQcchyI2jv64eZA==,type:str]
|
||||
password: ENC[AES256_GCM,data:xfGpi1SHYNVgTpGE4OK78MsPQZI=,iv:Ri3WD0PmMpQ/a5ny3lesR/Z6DzwMShGRzYFbVMuGi9g=,tag:ocTJY5zH5+2Z/C2QGL1TZw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWkl0WWx0STFUVHlhaXgy
|
||||
WjJYcEdJOHd0aW8rN1kwbnVjeHh2a0RUWTBBCjZFRUE1K3RFYmZMcDJMVDVOdnV6
|
||||
VDF5bEEwVE4vRTQvNVJLRkhOdXJhMjQKLS0tIG9iVTVOeHRUbVdySjc2T2dkRnhh
|
||||
bjEwK0ludjR2NHpWYk1LUFUyWkVPaEUK4szqvropJKPnF4exnoJM1x3YSnQB2axH
|
||||
JoQZkeO4y1wBqh/JDb5Xlw+3lziH6tlwqMYI5Mj0ACbpy/y0gPrG3Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadndrd0tMNHBYMnExaEpn
|
||||
Y2dVbWxmVWRDaUdnK1gwVUJ5VlVNNzJ4b20wClBCSkova2dxN0d5d05wUzhIUkc2
|
||||
bXJoRXZ5alY3N29KRlEvK0V6MG1PSFkKLS0tIGFVY2xTMVZTZU9VRXViNkQrOHlT
|
||||
UTJzRWxnWW9wZVo0K0xiaE9PTGhlTWcKpHkPLrMCYcLPDNSMQnPDfOXh3fQdgc/O
|
||||
VMLhplZ0CcrAbDii0AMqqen+qStGpfFvMpW1fqWy3guNTxZMTKIjrA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSWJUZFNoaEZOTVNvSjRW
|
||||
aEQrRzNKKzhKM1ROcDFzd2xBS010MkY3a0c0CnlycnJmZHUveUFGUUxacVN4WTdE
|
||||
VVZSdGw3UjV3RXdhd2ZrWnA0ZUVIczgKLS0tIFV6Mm5rajVFSHh1Z0IydWpGUHBE
|
||||
TEVvL0pZUXpRcjl4Z3JmQTF3QmNpNmMKMpCHx3vqOBXyvM4gcQctLpmE4ypC/Oqj
|
||||
9PqfcAADPzGFZMH1v5chBXpMD/FZ9yr8KfFVz3VD3MTEqQBYqTlZ0A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBU1FXNXhuWHZJMk02RnQ2
|
||||
clRtL3hhd1dTbXlOWHF2bkRFb2hhYUo2bTBNCm1vNWZiU1IzdGI3aEdaZEcvUmdQ
|
||||
ZXN5SU5ZZ0w4VkEyaGcra1hsQW9BaG8KLS0tIG9ieWF4cG5IVk1XVmxsTkt1bURQ
|
||||
VXlvWkhVYTY2aWpwOHZUSDFkbHN4cUUKIHdWPdwqb9JjH8K91CaNqxH5qyP7tmdj
|
||||
HVjFUz5AGE6E5oi8oZcru3m3WviuBsTxT8lYiCPd9xO99/7Zkswtsw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-12T09:14:08Z"
|
||||
mac: ENC[AES256_GCM,data:g9grCtq75gKHxM4kKzbvg/XcWUtIXkWGHEfvYbseTsXxdR1WuIXonSs/VX/1Oni6kvalnvUGaR0IflPhXYr7bEhyAWPqDRVditt6yeb/UbwWONSlxtnJVTxAJ3RRVjZZaQJnwuu1UIEZRz3JS/EKXqQjma6A5WtN0WNMEJkw8No=,iv:VkKHUFF9s56iu+Tk2qzhu3s7rJs2NGO/08OICwmds0c=,tag:eI89jJCTF7rkRJ/QNyt62g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
Loading…
Reference in a new issue