alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

hephaestus: setup restic backups

Browse source
This commit is contained in:
Antoine Martin 2023-09-26 17:39:47 +02:00
parent 3ffeed96fc
commit 715e31fa88
5 changed files with 66 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
hosts/hephaestus/default.nix
View file

@ -45,6 +45,49 @@
my.services = { my.services = {
tailscale.enable = true; tailscale.enable = true;
pipewire.enable = true; pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:hephaestus-backup";
passwordFile = config.age.secrets."restic-backup/hephaestus-password".path;
environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
}; };
virtualisation.docker.enable = true; virtualisation.docker.enable = true;

3
hosts/hephaestus/secrets.nix
View file

@ -13,6 +13,9 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"restic-backup/hephaestus-credentials" = {};
"restic-backup/hephaestus-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
}; };

9
modules/secrets/restic-backup/hephaestus-credentials.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk
xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E
-> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels
Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw
-> j-c8-grease
WeQ
--- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs
 ü8Êâ5œ¢|<7C>ŒòQx_5':Á½È ´A?îÎÚ¡ÄÛ ­ØŠ¾þèoAx‰)rýd!Š(´®”èѨ5£¸ìô~ý\†ŽLd"^ÑZ¨Z^®…Vï/‡§5Ë•¶¢¨Ý¦<C39D>a诲áḷo]O/®Eueà†

9
modules/secrets/restic-backup/hephaestus-password.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c
Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro
-> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M
SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs
-> !!6BS-grease Gs<Om0
d7WvJNMg3OX9CwWvGNWCuViu1X+e9oFE5vZQixfaJI3xKax2lTNh
--- QICRX2ve/1CFNHjnVXDpue3DRlFbTftu9yrWw745gVk
|†`F…3Þ°˜¤VEû²ÊósßK³ÞQwÿÙ$ùÉŒ{‘¨¯†>¹Hˆ7Þh™î”Ä©Û2ÅïÂÈÆcH^¸×÷Ÿ© X_ñæzv'¢ÄÐ!Zkš_„þÉ0Ë}Yo•je§¼<icé{SkÁ|1Ÿalé*ü7ÓÖŒF«Þ9j¬\§X{¢¾#H7ÑŒ¢!><.^¸¿[ï£q4åpP

2
modules/secrets/secrets.nix
View file

@ -31,6 +31,8 @@ in {
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
"restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades];
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon]; "restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
"restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus]; "restic-backup/zephyrus-password.age".publicKeys = [alarsyo zephyrus];