From 93addfef26a6a40dcb8978823610ba3e009dc309 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 7 Jul 2025 16:50:41 -0700
Subject: store backups locally and remotely

It might be useful to have a local backup so that I don't need to pull
it from the remote bucket. It is useful to be able to quickly browse and
see what's in the backup, and having to go to GCS for that is a waste of
resources.

Export environment variables to make it easier to interact with the
local repository.
---
 nix/machines/vm-synology/backups.nix | 43 +++++++++++++++++++++++++++++++-----
 nix/users/fcuny/shell.nix            |  1 +
 2 files changed, 39 insertions(+), 5 deletions(-)

(limited to 'nix')

diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix
index 69dcb6e..cf3c65b 100644
--- a/nix/machines/vm-synology/backups.nix
+++ b/nix/machines/vm-synology/backups.nix
@@ -1,22 +1,45 @@
 {
-  pkgs,
   config,
+  pkgs,
   ...
 }:
 let
   environmentFile = toString (
     pkgs.writeText "restic-gcs-env" ''
-      GOOGLE_PROJECT_ID=fcuny-backups-464518
+      GOOGLE_PROJECT_ID=fcuny-infra
       GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path}
     ''
   );
 in
 {
-  # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/backup/restic.nix
-  services.restic.backups.git = {
+  services.restic.backups.local = {
+    passwordFile = config.age.secrets.restic_password.path;
+    repository = "/srv/data/backups/";
+    initialize = true;
+    paths = [ "/var/lib/gitolite" ];
+    exclude = [
+      "/var/lib/gitolite/.bash_history"
+      "/var/lib/gitolite/.ssh"
+      "/var/lib/gitolite/.viminfo"
+    ];
+    extraBackupArgs = [
+      "--exclude-caches"
+      "--compression=max"
+    ];
+    timerConfig = {
+      OnCalendar = "daily";
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 3"
+    ];
+  };
+
+  services.restic.backups.gcs = {
     passwordFile = config.age.secrets.restic_password.path;
     environmentFile = environmentFile;
-    repository = "gs:fcuny-backup:/vm-synology";
+    repository = "gs:fcuny-infra-backups:/vm-synology/";
     initialize = true;
     paths = [ "/var/lib/gitolite" ];
     exclude = [
@@ -37,4 +60,14 @@ in
       "--keep-monthly 3"
     ];
   };
+
+  environment = {
+    sessionVariables = {
+      RESTIC_REPOSITORY = "/srv/data/backups";
+      RESTIC_PASSWORD_FILE = config.age.secrets.restic_password.path;
+    };
+    systemPackages = with pkgs; [
+      restic
+    ];
+  };
 }
diff --git a/nix/users/fcuny/shell.nix b/nix/users/fcuny/shell.nix
index d54e7e0..994570b 100644
--- a/nix/users/fcuny/shell.nix
+++ b/nix/users/fcuny/shell.nix
@@ -19,6 +19,7 @@ in
       jless # jless - a better cat
       jq # jq - a better json
       procs # procs - a better ps
+      restic # to manage backups
       ripgrep # ripgrep - a better grep
       shellcheck # shell script linter
       tree # tree - a better ls
-- 
cgit v1.2.3