hephaestus: setup restic backups
This commit is contained in:
parent
3ffeed96fc
commit
715e31fa88
|
@ -45,6 +45,49 @@
|
||||||
my.services = {
|
my.services = {
|
||||||
tailscale.enable = true;
|
tailscale.enable = true;
|
||||||
pipewire.enable = true;
|
pipewire.enable = true;
|
||||||
|
|
||||||
|
restic-backup = {
|
||||||
|
enable = true;
|
||||||
|
repo = "b2:hephaestus-backup";
|
||||||
|
passwordFile = config.age.secrets."restic-backup/hephaestus-password".path;
|
||||||
|
environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path;
|
||||||
|
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
|
||||||
|
};
|
||||||
|
|
||||||
|
paths = [
|
||||||
|
"/home/alarsyo"
|
||||||
|
];
|
||||||
|
exclude = [
|
||||||
|
"/home/alarsyo/Downloads"
|
||||||
|
|
||||||
|
# Rust builds using half my storage capacity
|
||||||
|
"/home/alarsyo/**/target"
|
||||||
|
"/home/alarsyo/work/rust/build"
|
||||||
|
|
||||||
|
# don't backup nixpkgs
|
||||||
|
"/home/alarsyo/work/nixpkgs"
|
||||||
|
|
||||||
|
"/home/alarsyo/go"
|
||||||
|
|
||||||
|
# C build crap
|
||||||
|
"*.a"
|
||||||
|
"*.o"
|
||||||
|
"*.so"
|
||||||
|
|
||||||
|
".direnv"
|
||||||
|
|
||||||
|
# test vms
|
||||||
|
"*.qcow2"
|
||||||
|
|
||||||
|
# secrets stay offline
|
||||||
|
"/home/alarsyo/**/secrets"
|
||||||
|
|
||||||
|
# ignore all dotfiles as .config and .cache can become quite big
|
||||||
|
"/home/alarsyo/.*"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
|
@ -13,6 +13,9 @@
|
||||||
// attrs;
|
// attrs;
|
||||||
in
|
in
|
||||||
lib.mapAttrs toSecret {
|
lib.mapAttrs toSecret {
|
||||||
|
"restic-backup/hephaestus-credentials" = {};
|
||||||
|
"restic-backup/hephaestus-password" = {};
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
||||||
|
|
9
modules/secrets/restic-backup/hephaestus-credentials.age
Normal file
9
modules/secrets/restic-backup/hephaestus-credentials.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk
|
||||||
|
xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E
|
||||||
|
-> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels
|
||||||
|
Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw
|
||||||
|
-> j-c8-grease
|
||||||
|
WeQ
|
||||||
|
--- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs
|
||||||
|
ü8Êâ5œ¢|<7C>ŒòQx_5':Á½È´A?îÎÚ¡ÄÛ ØŠ¾þèoA‘x‰)rýd!Š(´®”èѨ5£¸ìô~ý\†ŽLd"^ÑZ¨Z^®…Vï/‡§5Ë•¶¢¨Ý¦<C39D>a诲áḷo]O/®Eueà†
|
9
modules/secrets/restic-backup/hephaestus-password.age
Normal file
9
modules/secrets/restic-backup/hephaestus-password.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c
|
||||||
|
Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro
|
||||||
|
-> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M
|
||||||
|
SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs
|
||||||
|
-> !!6BS-grease Gs<Om0
|
||||||
|
d7WvJNMg3OX9CwWvGNWCuViu1X+e9oFE5vZQixfaJI3xKax2lTNh
|
||||||
|
--- QICRX2ve/1CFNHjnVXDpue3DRlFbTftu9yrWw745gVk
|
||||||
|
|†`F…3Þ°˜¤VEû²ÊósßK³ÞQwÿÙ$ùÉŒ{‘¨¯†>¹Hˆ7Þh™î”Ä©Û’2ÅïÂÈÆcH^¸“×÷Ÿ© X_ñæzv'¢ÄÐ!Zkš_„þÉ0Ë}Yo•je§¼<icé{SkÁ|1Ÿalé*ü7ÓÖ3ÅŒF«Þ9j¬\§X{¢¾#H7ÑŒ¢!><.^¸¿[ï£q4åpP
|
|
@ -31,6 +31,8 @@ in {
|
||||||
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
|
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
|
||||||
"restic-backup/hades-password.age".publicKeys = [alarsyo hades];
|
"restic-backup/hades-password.age".publicKeys = [alarsyo hades];
|
||||||
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
|
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
|
||||||
|
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
|
||||||
|
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
|
||||||
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
|
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
|
||||||
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
|
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
|
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];
|
||||||
|
|
Loading…
Reference in a new issue