1 files changed, 66 insertions, 0 deletions

diff --git a/profiles/restic-backup.nix b/profiles/restic-backup.nix
new file mode 100644
index 0000000..be65da6
--- /dev/null
+++ b/profiles/restic-backup.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+let
+  restic-local = pkgs.writeShellScriptBin "restic-local" ''
+    export RESTIC_REPOSITORY="/data/backups/${config.networking.hostName}"
+    export RESTIC_PASSWORD_FILE="${config.age.secrets.restic-local-pw.path}"
+    exec ${pkgs.restic}/bin/restic "$@"
+  '';
+in
+{
+  age = {
+    secrets = {
+      restic-local-pw = {
+        file = ../secrets/restic-pw.age;
+      };
+      nas-client = {
+        file = ../secrets/nas_client.age;
+      };
+    };
+  };
+
+  boot.kernelModules = [
+    "cifs"
+    "cmac"
+    "sha256"
+  ];
+
+  environment.systemPackages = [
+    pkgs.cifs-utils
+    pkgs.restic
+    restic-local
+  ];
+
+  systemd.mounts = [
+    {
+      description = "Mount for NAS volume";
+      what = "//192.168.1.68/backups";
+      where = "/data/backups/";
+      unitConfig = {
+        Type = "cifs";
+      };
+      type = "cifs";
+      options = "credentials=${config.age.secrets.nas-client.path},uid=1000,gid=1000,rw";
+    }
+  ];
+  systemd.automounts = [
+    {
+      description = "Automount for NAS volume backups";
+      where = "/data/backups";
+      wantedBy = [ "multi-user.target" ];
+    }
+  ];
+
+  services.restic = {
+    backups = {
+      local = {
+        paths = [ ];
+        passwordFile = config.age.secrets.restic-local-pw.path;
+        repository = "/data/backups/${config.networking.hostName}";
+        initialize = true;
+        timerConfig.OnCalendar = "*-*-* *:00:00";
+        timerConfig.RandomizedDelaySec = "5m";
+        extraBackupArgs = [ ];
+      };
+    };
+  };
+}