1
Fork 0

Set up restic

This commit is contained in:
prescientmoon 2024-05-30 02:35:16 +02:00
parent 89f328de62
commit c7106f2bb8
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
7 changed files with 77 additions and 3 deletions

View file

@ -0,0 +1,67 @@
{ config, lib, ... }:
let
backupUrl = lib.removeSuffix "\n" (builtins.readFile ./url.txt);
# {{{ Backup helper
createBackup = { name, paths, exclude, pruneOpts }: {
inherit pruneOpts paths;
initialize = true;
repository = "sftp:${backupUrl}:backups/${config.networking.hostName}/${name}";
passwordFile = config.sops.secrets.backup_password.path;
extraOptions = [ "sftp.args='-i ${config.users.users.pilot.home}/.ssh/id_ed25519'" ];
exclude = [
# Syncthing / direnv / git stuff
".direnv"
".git"
".stfolder"
".stversions"
] ++ exclude;
};
# }}}
in
{
sops.secrets.backup_password.sopsFile = ../../../secrets.yaml;
services.restic.backups = {
# {{{ Data
data = createBackup {
name = "data";
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 12"
"--keep-yearly 0"
];
paths = [ "/persist/data" ];
exclude = [
# Projects are available on github and in my own forge already
"/persist/data${config.users.users.pilot.home}/projects"
];
};
# }}}
# {{{ State
state = createBackup {
name = "state";
pruneOpts = [
"--keep-daily 3"
"--keep-weekly 1"
"--keep-monthly 1"
"--keep-yearly 0"
];
paths = [ "/persist/state" ];
exclude =
let home = "/persist/state/${config.users.users.pilot.home}";
in
[
"${home}/discord" # There's lots of cache stored in here
"${home}/steam" # Games can be quite big
];
};
# }}}
};
}

View file

@ -0,0 +1 @@
zh4347@zh4347.rsync.net

View file

@ -4,3 +4,4 @@ wireless: |
...
pilot_password: ...
cloudflare_dns_api_token: ...
backup_password: ...

View file

@ -1,6 +1,7 @@
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
pilot_password: ENC[AES256_GCM,data:PiKJCv5x68O9HFM4UvqLnsSPtqFslBLeAg67OkvFAbw7WaqbXh/p5SQblhPHcJ7jQDc4kI3XesOxruZrfJ0aZNDV1g7MWecgKg==,iv:EVs/m83Zfx2NRQMO52cF6pCe1ETpYfaR6lmXg2Na/DI=,tag:dl2x1aTsaTgtHEZYdW2lmg==,type:str]
cloudflare_dns_api_token: ENC[AES256_GCM,data:SAIMCvKOpGb5g9s03Xapc08KpOgLI+qlT5oiH/uNGxV+9JFSX3nvmQ==,iv:HFKcmHRG4EEOuJ8gRD0ZWsE18SLaZjewMSLznboLUeI=,tag:z21GURSxvNmZ4qkbri9mDQ==,type:str]
backup_password: ENC[AES256_GCM,data:Tu7ODTALfQLX7Mbo/BqiM6gaErGv07urwN1iHwGgurKWDuuE1h5NMV5J0cJqW6orTIloVtoZTJgSJ2lZlMcfUQ==,iv:78ha833ZzgEDChIuGjCMVA89U4qY9lWqUmfPCiiQeQM=,tag:u8KWw/060UVP+OOoPhbjRA==,type:str]
sops:
kms: []
gcp_kms: []
@ -34,8 +35,8 @@ sops:
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-20T18:01:20Z"
mac: ENC[AES256_GCM,data:6B+Oo7R2QhfD/1Nv+RMafWvoOTyC6qefFrdgfVu5DjSoAjucWV+8d0l5KgFude3ju4WWDi+Jv4boN/0pGEmgqaztTiSuLStzSoVcqYSUxHxSLjl2XJycqptcFN37GUCqCpyRpN6me1sylaTqbCUtd2acd+v/9Z12bXiGGvNY+Qc=,iv:6VGZmHbMFlCjkKIN8gvkJYQjQsIF0gQZQ1WNpn01UHk=,tag:3uvqMXaG/A/qqq9LRlR27w==,type:str]
lastmodified: "2024-05-29T22:07:18Z"
mac: ENC[AES256_GCM,data:HQJU1hZs8S4b8LAPdAg1/IuIX3VETXHrE/lKzODjCb/ndWV8Qh5v8OKg4X8xFw13PJpEeQqIznh6qplxMHJYGcYnUK/TSTP+399BZ3M0NLGWyF0vfFn1JIKu7zg8iHpi491/T+I6TDy5hp9+Y6V0sjpZ4pEzhZTwPW9t+NieSbQ=,iv:lNu0aLUO2P+2Mq7kVDGt6llshu5wgb++3VMX91w1a+8=,tag:WSoUh4XnRenvhb+vwLUpRg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -3,6 +3,7 @@
../common/global
../common/users/pilot.nix
../common/optional/services/kanata.nix
../common/optional/services/restic
./services/syncthing.nix
./services/whoogle.nix

View file

@ -9,9 +9,10 @@
../common/optional/greetd.nix
../common/optional/quietboot.nix
../common/optional/desktop/steam.nix
../common/optional/services/kanata.nix
../common/optional/desktop/xdg-portal.nix
../common/optional/wayland/hyprland.nix
../common/optional/services/kanata.nix
../common/optional/services/restic
./hardware
./boot.nix

View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
scp ~/.ssh/id_ed25519.pub $(cat ../hosts/nixos/common/optional/services/restic/url.txt):.ssh/authorized_keys