From efbdc2d49135be41ef17cfc7edfe18a03543b63a Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 15 Nov 2025 11:34:36 -0800
Subject: simplify the backups

---
 profiles/git-server.nix    |  2 ++
 profiles/restic-backup.nix | 66 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 profiles/restic-backup.nix

(limited to 'profiles')

diff --git a/profiles/git-server.nix b/profiles/git-server.nix
index 6c18ab0..327bbbb 100644
--- a/profiles/git-server.nix
+++ b/profiles/git-server.nix
@@ -65,4 +65,6 @@
       root-desc = "source code of my various projects";
     };
   };
+
+  services.restic.backups.local.paths = [ "/var/lib/gitolite/repositories" ];
 }
diff --git a/profiles/restic-backup.nix b/profiles/restic-backup.nix
new file mode 100644
index 0000000..be65da6
--- /dev/null
+++ b/profiles/restic-backup.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+let
+  restic-local = pkgs.writeShellScriptBin "restic-local" ''
+    export RESTIC_REPOSITORY="/data/backups/${config.networking.hostName}"
+    export RESTIC_PASSWORD_FILE="${config.age.secrets.restic-local-pw.path}"
+    exec ${pkgs.restic}/bin/restic "$@"
+  '';
+in
+{
+  age = {
+    secrets = {
+      restic-local-pw = {
+        file = ../secrets/restic-pw.age;
+      };
+      nas-client = {
+        file = ../secrets/nas_client.age;
+      };
+    };
+  };
+
+  boot.kernelModules = [
+    "cifs"
+    "cmac"
+    "sha256"
+  ];
+
+  environment.systemPackages = [
+    pkgs.cifs-utils
+    pkgs.restic
+    restic-local
+  ];
+
+  systemd.mounts = [
+    {
+      description = "Mount for NAS volume";
+      what = "//192.168.1.68/backups";
+      where = "/data/backups/";
+      unitConfig = {
+        Type = "cifs";
+      };
+      type = "cifs";
+      options = "credentials=${config.age.secrets.nas-client.path},uid=1000,gid=1000,rw";
+    }
+  ];
+  systemd.automounts = [
+    {
+      description = "Automount for NAS volume backups";
+      where = "/data/backups";
+      wantedBy = [ "multi-user.target" ];
+    }
+  ];
+
+  services.restic = {
+    backups = {
+      local = {
+        paths = [ ];
+        passwordFile = config.age.secrets.restic-local-pw.path;
+        repository = "/data/backups/${config.networking.hostName}";
+        initialize = true;
+        timerConfig.OnCalendar = "*-*-* *:00:00";
+        timerConfig.RandomizedDelaySec = "5m";
+        extraBackupArgs = [ ];
+      };
+    };
+  };
+}
-- 
cgit v1.2.3