services: setup restic backups service
This commit is contained in:
parent
1a0f0da28d
commit
a763e0549f
|
@ -66,9 +66,9 @@ in
|
|||
websocketPort = 3012;
|
||||
};
|
||||
|
||||
borg-backup = {
|
||||
restic-backup = {
|
||||
enable = true;
|
||||
repo = secrets.borg-backup.poseidon-repo;
|
||||
repo = secrets.restic-backup.poseidon-repo;
|
||||
};
|
||||
|
||||
fail2ban = {
|
||||
|
|
|
@ -17,6 +17,7 @@ with lib;
|
|||
gandiKey = lib.fileContents ./gandi-api-key.secret;
|
||||
|
||||
borg-backup = import ./borg-backup { inherit lib; };
|
||||
restic-backup = import ./restic-backup { inherit lib; };
|
||||
|
||||
matrixEmailConfig = import ./matrix-email-config.nix;
|
||||
};
|
||||
|
|
4
secrets/restic-backup/default.nix
Normal file
4
secrets/restic-backup/default.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{ lib }:
|
||||
{
|
||||
poseidon-repo = lib.fileContents ./poseidon-repo.secret;
|
||||
}
|
BIN
secrets/restic-backup/poseidon-repo.secret
Normal file
BIN
secrets/restic-backup/poseidon-repo.secret
Normal file
Binary file not shown.
|
@ -20,6 +20,7 @@
|
|||
./pipewire.nix
|
||||
./postgresql-backup.nix
|
||||
./postgresql.nix
|
||||
./restic-backup.nix
|
||||
./tailscale.nix
|
||||
./tgv.nix
|
||||
./transmission.nix
|
||||
|
|
83
services/restic-backup.nix
Normal file
83
services/restic-backup.nix
Normal file
|
@ -0,0 +1,83 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.my.services.restic-backup;
|
||||
secrets = config.my.secrets;
|
||||
excludeArg = with builtins; with pkgs;
|
||||
"--exclude-file=" + (writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude));
|
||||
makePruneOpts = pruneOpts:
|
||||
attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts;
|
||||
in {
|
||||
options.my.services.restic-backup = {
|
||||
enable = mkEnableOption "Enable Restic backups for this host";
|
||||
|
||||
repo = mkOption {
|
||||
type = types.str;
|
||||
default = null;
|
||||
example = "/mnt/hdd";
|
||||
description = "Restic backup repo";
|
||||
|
||||
};
|
||||
|
||||
paths = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ ];
|
||||
example = [
|
||||
"/var/lib"
|
||||
"/home"
|
||||
];
|
||||
description = "Paths to backup";
|
||||
};
|
||||
|
||||
exclude = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ ];
|
||||
example = [
|
||||
# very large paths
|
||||
"/var/lib/docker"
|
||||
"/var/lib/systemd"
|
||||
"/var/lib/libvirt"
|
||||
|
||||
# temporary files created by `cargo` and `go build`
|
||||
"**/target"
|
||||
"/home/*/go/bin"
|
||||
"/home/*/go/pkg"
|
||||
];
|
||||
description = "Paths to exclude from backup";
|
||||
};
|
||||
|
||||
prune = mkOption {
|
||||
type = types.attrs;
|
||||
default = {
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.restic ];
|
||||
|
||||
services.restic.backups.backblaze = {
|
||||
initialize = true;
|
||||
|
||||
paths = cfg.paths;
|
||||
|
||||
repository = cfg.repo;
|
||||
passwordFile = "/root/restic/password";
|
||||
s3CredentialsFile = "/root/restic/creds";
|
||||
|
||||
extraBackupArgs = [ ]
|
||||
++ optional (builtins.length cfg.exclude != 0) excludeArg;
|
||||
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
};
|
||||
|
||||
pruneOpts = makePruneOpts cfg.prune;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue