diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-11-15 11:34:36 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-11-15 11:34:36 -0800 |
| commit | efbdc2d49135be41ef17cfc7edfe18a03543b63a (patch) | |
| tree | 2e3d59cfe477000845179a522eb9376f6fb0bbae /profiles | |
| parent | use cgit package (diff) | |
| download | infra-efbdc2d49135be41ef17cfc7edfe18a03543b63a.tar.gz | |
simplify the backups
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/git-server.nix | 2 | ||||
| -rw-r--r-- | profiles/restic-backup.nix | 66 |
2 files changed, 68 insertions, 0 deletions
diff --git a/profiles/git-server.nix b/profiles/git-server.nix index 6c18ab0..327bbbb 100644 --- a/profiles/git-server.nix +++ b/profiles/git-server.nix @@ -65,4 +65,6 @@ root-desc = "source code of my various projects"; }; }; + + services.restic.backups.local.paths = [ "/var/lib/gitolite/repositories" ]; } diff --git a/profiles/restic-backup.nix b/profiles/restic-backup.nix new file mode 100644 index 0000000..be65da6 --- /dev/null +++ b/profiles/restic-backup.nix @@ -0,0 +1,66 @@ +{ config, pkgs, ... }: +let + restic-local = pkgs.writeShellScriptBin "restic-local" '' + export RESTIC_REPOSITORY="/data/backups/${config.networking.hostName}" + export RESTIC_PASSWORD_FILE="${config.age.secrets.restic-local-pw.path}" + exec ${pkgs.restic}/bin/restic "$@" + ''; +in +{ + age = { + secrets = { + restic-local-pw = { + file = ../secrets/restic-pw.age; + }; + nas-client = { + file = ../secrets/nas_client.age; + }; + }; + }; + + boot.kernelModules = [ + "cifs" + "cmac" + "sha256" + ]; + + environment.systemPackages = [ + pkgs.cifs-utils + pkgs.restic + restic-local + ]; + + systemd.mounts = [ + { + description = "Mount for NAS volume"; + what = "//192.168.1.68/backups"; + where = "/data/backups/"; + unitConfig = { + Type = "cifs"; + }; + type = "cifs"; + options = "credentials=${config.age.secrets.nas-client.path},uid=1000,gid=1000,rw"; + } + ]; + systemd.automounts = [ + { + description = "Automount for NAS volume backups"; + where = "/data/backups"; + wantedBy = [ "multi-user.target" ]; + } + ]; + + services.restic = { + backups = { + local = { + paths = [ ]; + passwordFile = config.age.secrets.restic-local-pw.path; + repository = "/data/backups/${config.networking.hostName}"; + initialize = true; + timerConfig.OnCalendar = "*-*-* *:00:00"; + timerConfig.RandomizedDelaySec = "5m"; + extraBackupArgs = [ ]; + }; + }; + }; +} |