diff options
Diffstat (limited to 'profiles')
| -rw-r--r-- | profiles/storage-media.nix | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/profiles/storage-media.nix b/profiles/storage-media.nix new file mode 100644 index 0000000..30fb9e4 --- /dev/null +++ b/profiles/storage-media.nix @@ -0,0 +1,61 @@ +{ pkgs, config, ... }: +let + syncJobs = [ + { + name = "movies"; + source = "/data/media/movies/"; + destination = "/volume1/media/movies/"; + } + { + name = "videos"; + source = "/data/media/videos/"; + destination = "/volume1/media/videos/"; + } + ]; + remoteHost = "192.168.1.68"; + remoteUser = "nas"; +in +{ + age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + + systemd.timers = pkgs.lib.listToAttrs ( + map (job: { + name = "rsync-backup-${job.name}"; + value = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + RandomizedDelaySec = "1h"; + }; + }; + }) syncJobs + ); + + systemd.services = pkgs.lib.listToAttrs ( + map (job: { + name = "rsync-backup-${job.name}"; + value = { + description = "Rsync backup for ${job.name}"; + + serviceConfig = { + Type = "oneshot"; + DynamicUser = true; + LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}"; + PrivateTmp = true; + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + + ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" '' + ${pkgs.rsync}/bin/rsync \ + -avz \ + -e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \ + ${job.source} \ + ${remoteUser}@${remoteHost}:${job.destination} + ''; + }; + }; + }) syncJobs + ); +} |