diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-07-07 16:50:41 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-07-07 16:50:41 -0700 |
| commit | 93addfef26a6a40dcb8978823610ba3e009dc309 (patch) | |
| tree | fd9ade15410463c5c069f94a1dece5eab7a9f98b /nix/machines | |
| parent | add scripts related to terraform (diff) | |
| download | infra-93addfef26a6a40dcb8978823610ba3e009dc309.tar.gz | |
store backups locally and remotely
It might be useful to have a local backup so that I don't need to pull
it from the remote bucket. It is useful to be able to quickly browse and
see what's in the backup, and having to go to GCS for that is a waste of
resources.
Export environment variables to make it easier to interact with the
local repository.
Diffstat (limited to 'nix/machines')
| -rw-r--r-- | nix/machines/vm-synology/backups.nix | 43 |
1 files changed, 38 insertions, 5 deletions
diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix index 69dcb6e..cf3c65b 100644 --- a/nix/machines/vm-synology/backups.nix +++ b/nix/machines/vm-synology/backups.nix @@ -1,22 +1,45 @@ { - pkgs, config, + pkgs, ... }: let environmentFile = toString ( pkgs.writeText "restic-gcs-env" '' - GOOGLE_PROJECT_ID=fcuny-backups-464518 + GOOGLE_PROJECT_ID=fcuny-infra GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path} '' ); in { - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix - services.restic.backups.git = { + services.restic.backups.local = { + passwordFile = config.age.secrets.restic_password.path; + repository = "/srv/data/backups/"; + initialize = true; + paths = [ "/var/lib/gitolite" ]; + exclude = [ + "/var/lib/gitolite/.bash_history" + "/var/lib/gitolite/.ssh" + "/var/lib/gitolite/.viminfo" + ]; + extraBackupArgs = [ + "--exclude-caches" + "--compression=max" + ]; + timerConfig = { + OnCalendar = "daily"; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; + + services.restic.backups.gcs = { passwordFile = config.age.secrets.restic_password.path; environmentFile = environmentFile; - repository = "gs:fcuny-backup:/vm-synology"; + repository = "gs:fcuny-infra-backups:/vm-synology/"; initialize = true; paths = [ "/var/lib/gitolite" ]; exclude = [ @@ -37,4 +60,14 @@ in "--keep-monthly 3" ]; }; + + environment = { + sessionVariables = { + RESTIC_REPOSITORY = "/srv/data/backups"; + RESTIC_PASSWORD_FILE = config.age.secrets.restic_password.path; + }; + systemPackages = with pkgs; [ + restic + ]; + }; } |