diff --git a/sys/machines/hopper/lab/default.nix b/sys/machines/hopper/lab/default.nix index 0170d78..09366e3 100644 --- a/sys/machines/hopper/lab/default.nix +++ b/sys/machines/hopper/lab/default.nix @@ -363,4 +363,31 @@ in { }; }; systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path; + + services.restic.backups.hopper = { + initialize = true; + inhibitsSleep = true; + repository = "rest:http://nixdesk:8000/hopper"; + passwordFile = config.sops.secrets.restic-password.path; + timerConfig = { + OnCalendar = "18:00"; + Persistent = true; + RandomizedDelaySec = "1h"; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 2" + ]; + paths = [ + "/var/lib/navidrome" + "/var/lib/jellyfin/data" + "/var/lib/jellyfin/config" + "/media/library/music" + ]; + exclude = [ + "/var/lib/navidrome/cache" + ]; + }; } diff --git a/sys/machines/nixdesk/default.nix b/sys/machines/nixdesk/default.nix index dbdfb0a..802a9ca 100644 --- a/sys/machines/nixdesk/default.nix +++ b/sys/machines/nixdesk/default.nix @@ -12,6 +12,7 @@ ./hibernate-boot.nix ./samba-mount.nix ./wireguard.nix + ./restic-server.nix inputs.stylix.nixosModules.stylix diff --git a/sys/machines/nixdesk/restic-server.nix b/sys/machines/nixdesk/restic-server.nix new file mode 100644 index 0000000..5a8978f --- /dev/null +++ b/sys/machines/nixdesk/restic-server.nix @@ -0,0 +1,7 @@ +{ + services.restic.server = { + enable = true; + dataDir = "/srv/backup"; + extraFlags = ["--no-auth"]; + }; +} diff --git a/sys/profiles/secrets/hopper/default.nix b/sys/profiles/secrets/hopper/default.nix index 22e6161..b0b56c7 100644 --- a/sys/profiles/secrets/hopper/default.nix +++ b/sys/profiles/secrets/hopper/default.nix @@ -21,5 +21,9 @@ format = "binary"; sopsFile = ./navidrome; }; + restic-password = { + format = "binary"; + sopsFile = ./restic-password; + }; }; } diff --git a/sys/profiles/secrets/hopper/restic-password b/sys/profiles/secrets/hopper/restic-password new file mode 100644 index 0000000..0aa2a55 --- /dev/null +++ b/sys/profiles/secrets/hopper/restic-password @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:XNhDpv4BlJnVqP9j+acQb7UFOQMOBlbloZpt7u1otfrqcVL2N7ck2o8PRt3GjQmhLfF/pQSOoTiTVE4HhvlnzkU=,iv:8wlR+AqmKV332vbh4UnpUj8CLt0yafYQQOGxfQVcDiQ=,tag:lZ6tS69CAaG5Pn+mKek/Yw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2a0xtSy94alIrdjhEMjhu\nQW9sZGkzL3FQQlZkZ2ZyaUVlVFVKaVp6VjAwCm11dkJMZUhuQUY3QW1ORmJVZkJX\nU1g1VmdOUDcwMGlBQzFJTGx2ODlXaUUKLS0tIE9UQ0d2NVNpS1laQ0k5Ymp2QlBF\nSnZnZ2FORW9NdjBXU1lzVktFWmJvYzgKBRBg6T/jh3UqoHw76WrFQ0nWDdwm76aF\nglZ8Za23EHl+ZYO2h7rVLmpWp4QLJP1QlK21DWgV27km53lcnhL9Rg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRytVdS9hQmJFVUlxMDdU\nS0grVnpnOWlScXdhUG5KcEZSVWZ6VCsxcjBrCkR6aHFVVlVBTC9IbTVlQWhsNzRG\nMlVOSkdBYXJaRlZ4aXV6L0NFUFFwSDgKLS0tIEJoL1BPd01xa0hySE1yM0ZVamlx\nWGJzbFZWM3BDYjI4SEROUTlCV253eW8K139SG4amnHMID+deqyJ0bj1rG2GEgcus\nZPC3BpscpLopk1IAzniWqUE2jF9+b38WywxFAcTCPs/LEcp50RuaKg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-02-20T22:29:48Z", + "mac": "ENC[AES256_GCM,data:aKTE3BimqzIqj1c1a+fQZUP3bPaJx2xIDOu7zyZmGtwNk2bmlgqa7f8DN0Pu9LdDcVepSXMFBCM8NmuYGVh3700JV1OkF+YzlCNL1zHsGBHJIbw0ljbVgPmhDskXdl/btyCP8uX5vu1xDVOtNK5d6bDuZ1E9mBbz3C6+0CgnWXE=,iv:CblhoFr0+pmTtTb5GepPp78SfuP+h2uMfPIiBltYxB0=,tag:78zZxclVipkloBZkW9SFzg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file