diff options
Diffstat (limited to '')
| -rw-r--r-- | nix/machines/vm-synology/backups.nix | 40 | ||||
| -rw-r--r-- | nix/machines/vm-synology/default.nix | 14 | ||||
| -rw-r--r-- | nix/machines/vm-synology/git.nix | 36 |
3 files changed, 53 insertions, 37 deletions
diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix new file mode 100644 index 0000000..69dcb6e --- /dev/null +++ b/nix/machines/vm-synology/backups.nix @@ -0,0 +1,40 @@ +{ + pkgs, + config, + ... +}: +let + environmentFile = toString ( + pkgs.writeText "restic-gcs-env" '' + GOOGLE_PROJECT_ID=fcuny-backups-464518 + GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path} + '' + ); +in +{ + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix + services.restic.backups.git = { + passwordFile = config.age.secrets.restic_password.path; + environmentFile = environmentFile; + repository = "gs:fcuny-backup:/vm-synology"; + initialize = true; + paths = [ "/var/lib/gitolite" ]; + exclude = [ + "/var/lib/gitolite/.bash_history" + "/var/lib/gitolite/.ssh" + "/var/lib/gitolite/.viminfo" + ]; + extraBackupArgs = [ + "--exclude-caches" + "--compression=max" + ]; + timerConfig = { + OnCalendar = "daily"; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; +} diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix index 8ced4e1..dd004f6 100644 --- a/nix/machines/vm-synology/default.nix +++ b/nix/machines/vm-synology/default.nix @@ -1,8 +1,20 @@ { pkgs, ... }: { + age = { + secrets = { + restic_gcs_credentials = { + file = ../../../secrets/restic_gcs_credentials.age; + }; + restic_password = { + file = ../../../secrets/restic_password.age; + }; + }; + }; + imports = [ - ./hardware.nix + ./backups.nix ./git.nix + ./hardware.nix ]; # Use the systemd-boot EFI boot loader. diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix index 6ca6ec7..27eebc7 100644 --- a/nix/machines/vm-synology/git.nix +++ b/nix/machines/vm-synology/git.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { - services.gitolite = { enable = true; adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; @@ -23,39 +22,4 @@ defaultBranch = main ''}" ]; - - # # TODO also rsync the backups to the nas - # # TODO need the ssh key for the nas for rsync ? - # age.secrets.restic = { - # file = ../../../secrets/restic-backups.age; - # owner = "root"; - # group = "root"; - # path = "/etc/restic/secret"; - # mode = "600"; - # }; - - # # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix - # services.restic.backups.git = { - # passwordFile = "/etc/restic/secret"; - # repository = "/srv/backups/git"; - # initialize = true; - # paths = [ "/var/lib/gitolite" ]; - # exclude = [ - # "/var/lib/gitolite/.bash_history" - # "/var/lib/gitolite/.ssh" - # "/var/lib/gitolite/.viminfo" - # ]; - # extraBackupArgs = [ - # "--exclude-caches" - # "--compression=max" - # ]; - # timerConfig = { - # OnCalendar = "daily"; - # }; - # pruneOpts = [ - # "--keep-daily 7" - # "--keep-weekly 4" - # "--keep-monthly 3" - # ]; - # }; } |