Set up restic
This commit is contained in:
parent
89f328de62
commit
c7106f2bb8
SSH key fingerprint:
SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
67
hosts/nixos/common/optional/services/restic/default.nix
Normal file
67
hosts/nixos/common/optional/services/restic/default.nix
Normal file
|
|
@ -0,0 +1,67 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
backupUrl = lib.removeSuffix "\n" (builtins.readFile ./url.txt);
|
||||||
|
|
||||||
|
# {{{ Backup helper
|
||||||
|
createBackup = { name, paths, exclude, pruneOpts }: {
|
||||||
|
inherit pruneOpts paths;
|
||||||
|
|
||||||
|
initialize = true;
|
||||||
|
repository = "sftp:${backupUrl}:backups/${config.networking.hostName}/${name}";
|
||||||
|
passwordFile = config.sops.secrets.backup_password.path;
|
||||||
|
extraOptions = [ "sftp.args='-i ${config.users.users.pilot.home}/.ssh/id_ed25519'" ];
|
||||||
|
|
||||||
|
exclude = [
|
||||||
|
# Syncthing / direnv / git stuff
|
||||||
|
".direnv"
|
||||||
|
".git"
|
||||||
|
".stfolder"
|
||||||
|
".stversions"
|
||||||
|
] ++ exclude;
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sops.secrets.backup_password.sopsFile = ../../../secrets.yaml;
|
||||||
|
|
||||||
|
services.restic.backups = {
|
||||||
|
# {{{ Data
|
||||||
|
data = createBackup {
|
||||||
|
name = "data";
|
||||||
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 4"
|
||||||
|
"--keep-monthly 12"
|
||||||
|
"--keep-yearly 0"
|
||||||
|
];
|
||||||
|
|
||||||
|
paths = [ "/persist/data" ];
|
||||||
|
exclude = [
|
||||||
|
# Projects are available on github and in my own forge already
|
||||||
|
"/persist/data${config.users.users.pilot.home}/projects"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ State
|
||||||
|
state = createBackup {
|
||||||
|
name = "state";
|
||||||
|
pruneOpts = [
|
||||||
|
"--keep-daily 3"
|
||||||
|
"--keep-weekly 1"
|
||||||
|
"--keep-monthly 1"
|
||||||
|
"--keep-yearly 0"
|
||||||
|
];
|
||||||
|
|
||||||
|
paths = [ "/persist/state" ];
|
||||||
|
exclude =
|
||||||
|
let home = "/persist/state/${config.users.users.pilot.home}";
|
||||||
|
in
|
||||||
|
[
|
||||||
|
"${home}/discord" # There's lots of cache stored in here
|
||||||
|
"${home}/steam" # Games can be quite big
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
1
hosts/nixos/common/optional/services/restic/url.txt
Normal file
1
hosts/nixos/common/optional/services/restic/url.txt
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
zh4347@zh4347.rsync.net
|
||||||
|
|
@ -4,3 +4,4 @@ wireless: |
|
||||||
...
|
...
|
||||||
pilot_password: ...
|
pilot_password: ...
|
||||||
cloudflare_dns_api_token: ...
|
cloudflare_dns_api_token: ...
|
||||||
|
backup_password: ...
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
|
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
|
||||||
pilot_password: ENC[AES256_GCM,data:PiKJCv5x68O9HFM4UvqLnsSPtqFslBLeAg67OkvFAbw7WaqbXh/p5SQblhPHcJ7jQDc4kI3XesOxruZrfJ0aZNDV1g7MWecgKg==,iv:EVs/m83Zfx2NRQMO52cF6pCe1ETpYfaR6lmXg2Na/DI=,tag:dl2x1aTsaTgtHEZYdW2lmg==,type:str]
|
pilot_password: ENC[AES256_GCM,data:PiKJCv5x68O9HFM4UvqLnsSPtqFslBLeAg67OkvFAbw7WaqbXh/p5SQblhPHcJ7jQDc4kI3XesOxruZrfJ0aZNDV1g7MWecgKg==,iv:EVs/m83Zfx2NRQMO52cF6pCe1ETpYfaR6lmXg2Na/DI=,tag:dl2x1aTsaTgtHEZYdW2lmg==,type:str]
|
||||||
cloudflare_dns_api_token: ENC[AES256_GCM,data:SAIMCvKOpGb5g9s03Xapc08KpOgLI+qlT5oiH/uNGxV+9JFSX3nvmQ==,iv:HFKcmHRG4EEOuJ8gRD0ZWsE18SLaZjewMSLznboLUeI=,tag:z21GURSxvNmZ4qkbri9mDQ==,type:str]
|
cloudflare_dns_api_token: ENC[AES256_GCM,data:SAIMCvKOpGb5g9s03Xapc08KpOgLI+qlT5oiH/uNGxV+9JFSX3nvmQ==,iv:HFKcmHRG4EEOuJ8gRD0ZWsE18SLaZjewMSLznboLUeI=,tag:z21GURSxvNmZ4qkbri9mDQ==,type:str]
|
||||||
|
backup_password: ENC[AES256_GCM,data:Tu7ODTALfQLX7Mbo/BqiM6gaErGv07urwN1iHwGgurKWDuuE1h5NMV5J0cJqW6orTIloVtoZTJgSJ2lZlMcfUQ==,iv:78ha833ZzgEDChIuGjCMVA89U4qY9lWqUmfPCiiQeQM=,tag:u8KWw/060UVP+OOoPhbjRA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -34,8 +35,8 @@ sops:
|
||||||
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
|
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
|
||||||
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
|
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-20T18:01:20Z"
|
lastmodified: "2024-05-29T22:07:18Z"
|
||||||
mac: ENC[AES256_GCM,data:6B+Oo7R2QhfD/1Nv+RMafWvoOTyC6qefFrdgfVu5DjSoAjucWV+8d0l5KgFude3ju4WWDi+Jv4boN/0pGEmgqaztTiSuLStzSoVcqYSUxHxSLjl2XJycqptcFN37GUCqCpyRpN6me1sylaTqbCUtd2acd+v/9Z12bXiGGvNY+Qc=,iv:6VGZmHbMFlCjkKIN8gvkJYQjQsIF0gQZQ1WNpn01UHk=,tag:3uvqMXaG/A/qqq9LRlR27w==,type:str]
|
mac: ENC[AES256_GCM,data:HQJU1hZs8S4b8LAPdAg1/IuIX3VETXHrE/lKzODjCb/ndWV8Qh5v8OKg4X8xFw13PJpEeQqIznh6qplxMHJYGcYnUK/TSTP+399BZ3M0NLGWyF0vfFn1JIKu7zg8iHpi491/T+I6TDy5hp9+Y6V0sjpZ4pEzhZTwPW9t+NieSbQ=,iv:lNu0aLUO2P+2Mq7kVDGt6llshu5wgb++3VMX91w1a+8=,tag:WSoUh4XnRenvhb+vwLUpRg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
../common/global
|
../common/global
|
||||||
../common/users/pilot.nix
|
../common/users/pilot.nix
|
||||||
../common/optional/services/kanata.nix
|
../common/optional/services/kanata.nix
|
||||||
|
../common/optional/services/restic
|
||||||
|
|
||||||
./services/syncthing.nix
|
./services/syncthing.nix
|
||||||
./services/whoogle.nix
|
./services/whoogle.nix
|
||||||
|
|
|
||||||
|
|
@ -9,9 +9,10 @@
|
||||||
../common/optional/greetd.nix
|
../common/optional/greetd.nix
|
||||||
../common/optional/quietboot.nix
|
../common/optional/quietboot.nix
|
||||||
../common/optional/desktop/steam.nix
|
../common/optional/desktop/steam.nix
|
||||||
../common/optional/services/kanata.nix
|
|
||||||
../common/optional/desktop/xdg-portal.nix
|
../common/optional/desktop/xdg-portal.nix
|
||||||
../common/optional/wayland/hyprland.nix
|
../common/optional/wayland/hyprland.nix
|
||||||
|
../common/optional/services/kanata.nix
|
||||||
|
../common/optional/services/restic
|
||||||
|
|
||||||
./hardware
|
./hardware
|
||||||
./boot.nix
|
./boot.nix
|
||||||
|
|
|
||||||
2
scripts/setup-rsync-ssh.sh
Normal file
2
scripts/setup-rsync-ssh.sh
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
scp ~/.ssh/id_ed25519.pub $(cat ../hosts/nixos/common/optional/services/restic/url.txt):.ssh/authorized_keys
|
||||||
Loading…
Reference in a new issue