xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

backups hopper -> nixdesk with restic & restic-server

Browse source
This commit is contained in:
xunuwu 2025-02-20 23:55:27 +01:00
parent 382df4af88
commit 3da5ded7dd
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
5 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

27
sys/machines/hopper/lab/default.nix
View file

@ -363,4 +363,31 @@ in {
}; };
}; };
systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path; systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path;
services.restic.backups.hopper = {
initialize = true;
inhibitsSleep = true;
repository = "rest:http://nixdesk:8000/hopper";
passwordFile = config.sops.secrets.restic-password.path;
timerConfig = {
OnCalendar = "18:00";
Persistent = true;
RandomizedDelaySec = "1h";
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 2"
];
paths = [
"/var/lib/navidrome"
"/var/lib/jellyfin/data"
"/var/lib/jellyfin/config"
"/media/library/music"
];
exclude = [
"/var/lib/navidrome/cache"
];
};
} }

1
sys/machines/nixdesk/default.nix
View file

@ -12,6 +12,7 @@
./hibernate-boot.nix ./hibernate-boot.nix
./samba-mount.nix ./samba-mount.nix
./wireguard.nix ./wireguard.nix
./restic-server.nix
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix

7
sys/machines/nixdesk/restic-server.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.restic.server = {
enable = true;
dataDir = "/srv/backup";
extraFlags = ["--no-auth"];
};
}

4
sys/profiles/secrets/hopper/default.nix
View file

@ -21,5 +21,9 @@
format = "binary"; format = "binary";
sopsFile = ./navidrome; sopsFile = ./navidrome;
}; };
restic-password = {
format = "binary";
sopsFile = ./restic-password;
};
}; };
} }

24
sys/profiles/secrets/hopper/restic-password Normal file
View file

@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:XNhDpv4BlJnVqP9j+acQb7UFOQMOBlbloZpt7u1otfrqcVL2N7ck2o8PRt3GjQmhLfF/pQSOoTiTVE4HhvlnzkU=,iv:8wlR+AqmKV332vbh4UnpUj8CLt0yafYQQOGxfQVcDiQ=,tag:lZ6tS69CAaG5Pn+mKek/Yw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2a0xtSy94alIrdjhEMjhu\nQW9sZGkzL3FQQlZkZ2ZyaUVlVFVKaVp6VjAwCm11dkJMZUhuQUY3QW1ORmJVZkJX\nU1g1VmdOUDcwMGlBQzFJTGx2ODlXaUUKLS0tIE9UQ0d2NVNpS1laQ0k5Ymp2QlBF\nSnZnZ2FORW9NdjBXU1lzVktFWmJvYzgKBRBg6T/jh3UqoHw76WrFQ0nWDdwm76aF\nglZ8Za23EHl+ZYO2h7rVLmpWp4QLJP1QlK21DWgV27km53lcnhL9Rg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRytVdS9hQmJFVUlxMDdU\nS0grVnpnOWlScXdhUG5KcEZSVWZ6VCsxcjBrCkR6aHFVVlVBTC9IbTVlQWhsNzRG\nMlVOSkdBYXJaRlZ4aXV6L0NFUFFwSDgKLS0tIEJoL1BPd01xa0hySE1yM0ZVamlx\nWGJzbFZWM3BDYjI4SEROUTlCV253eW8K139SG4amnHMID+deqyJ0bj1rG2GEgcus\nZPC3BpscpLopk1IAzniWqUE2jF9+b38WywxFAcTCPs/LEcp50RuaKg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-02-20T22:29:48Z",
"mac": "ENC[AES256_GCM,data:aKTE3BimqzIqj1c1a+fQZUP3bPaJx2xIDOu7zyZmGtwNk2bmlgqa7f8DN0Pu9LdDcVepSXMFBCM8NmuYGVh3700JV1OkF+YzlCNL1zHsGBHJIbw0ljbVgPmhDskXdl/btyCP8uX5vu1xDVOtNK5d6bDuZ1E9mBbz3C6+0CgnWXE=,iv:CblhoFr0+pmTtTb5GepPp78SfuP+h2uMfPIiBltYxB0=,tag:78zZxclVipkloBZkW9SFzg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}