From 28a9f7427b54d44922adf0b89d56c46807e5736d Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 15 Dec 2025 18:37:46 -0800 Subject: rsync some medias to the NAS --- profiles/storage-media.nix | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 profiles/storage-media.nix (limited to 'profiles') diff --git a/profiles/storage-media.nix b/profiles/storage-media.nix new file mode 100644 index 0000000..30fb9e4 --- /dev/null +++ b/profiles/storage-media.nix @@ -0,0 +1,61 @@ +{ pkgs, config, ... }: +let + syncJobs = [ + { + name = "movies"; + source = "/data/media/movies/"; + destination = "/volume1/media/movies/"; + } + { + name = "videos"; + source = "/data/media/videos/"; + destination = "/volume1/media/videos/"; + } + ]; + remoteHost = "192.168.1.68"; + remoteUser = "nas"; +in +{ + age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age; + + systemd.timers = pkgs.lib.listToAttrs ( + map (job: { + name = "rsync-backup-${job.name}"; + value = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + RandomizedDelaySec = "1h"; + }; + }; + }) syncJobs + ); + + systemd.services = pkgs.lib.listToAttrs ( + map (job: { + name = "rsync-backup-${job.name}"; + value = { + description = "Rsync backup for ${job.name}"; + + serviceConfig = { + Type = "oneshot"; + DynamicUser = true; + LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}"; + PrivateTmp = true; + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + + ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" '' + ${pkgs.rsync}/bin/rsync \ + -avz \ + -e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \ + ${job.source} \ + ${remoteUser}@${remoteHost}:${job.destination} + ''; + }; + }; + }) syncJobs + ); +} -- cgit v1.2.3