From 93addfef26a6a40dcb8978823610ba3e009dc309 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 7 Jul 2025 16:50:41 -0700
Subject: store backups locally and remotely

It might be useful to have a local backup so that I don't need to pull
it from the remote bucket. It is useful to be able to quickly browse and
see what's in the backup, and having to go to GCS for that is a waste of
resources.

Export environment variables to make it easier to interact with the
local repository.
---
 nix/machines/vm-synology/backups.nix | 43 +++++++++++++++++++++++++++++++-----
 1 file changed, 38 insertions(+), 5 deletions(-)

(limited to 'nix/machines/vm-synology/backups.nix')

diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix
index 69dcb6e..cf3c65b 100644
--- a/nix/machines/vm-synology/backups.nix
+++ b/nix/machines/vm-synology/backups.nix
@@ -1,22 +1,45 @@
 {
-  pkgs,
   config,
+  pkgs,
   ...
 }:
 let
   environmentFile = toString (
     pkgs.writeText "restic-gcs-env" ''
-      GOOGLE_PROJECT_ID=fcuny-backups-464518
+      GOOGLE_PROJECT_ID=fcuny-infra
       GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path}
     ''
   );
 in
 {
-  # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix
-  services.restic.backups.git = {
+  services.restic.backups.local = {
+    passwordFile = config.age.secrets.restic_password.path;
+    repository = "/srv/data/backups/";
+    initialize = true;
+    paths = [ "/var/lib/gitolite" ];
+    exclude = [
+      "/var/lib/gitolite/.bash_history"
+      "/var/lib/gitolite/.ssh"
+      "/var/lib/gitolite/.viminfo"
+    ];
+    extraBackupArgs = [
+      "--exclude-caches"
+      "--compression=max"
+    ];
+    timerConfig = {
+      OnCalendar = "daily";
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 3"
+    ];
+  };
+
+  services.restic.backups.gcs = {
     passwordFile = config.age.secrets.restic_password.path;
     environmentFile = environmentFile;
-    repository = "gs:fcuny-backup:/vm-synology";
+    repository = "gs:fcuny-infra-backups:/vm-synology/";
     initialize = true;
     paths = [ "/var/lib/gitolite" ];
     exclude = [
@@ -37,4 +60,14 @@ in
       "--keep-monthly 3"
     ];
   };
+
+  environment = {
+    sessionVariables = {
+      RESTIC_REPOSITORY = "/srv/data/backups";
+      RESTIC_PASSWORD_FILE = config.age.secrets.restic_password.path;
+    };
+    systemPackages = with pkgs; [
+      restic
+    ];
+  };
 }
-- 
cgit v1.2.3