alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

talos: setup restic backups

Browse source
This commit is contained in:
Antoine Martin 2024-03-05 05:07:46 +01:00
parent 7be4514da3
commit cd715f1a03
5 changed files with 54 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
hosts/talos/default.nix
View file

@ -75,6 +75,49 @@
}; };
pipewire.enable = true; pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:talos-backup";
passwordFile = config.age.secrets."restic-backup/talos-password".path;
environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
}; };
my.gui.enable = true; my.gui.enable = true;

4
hosts/talos/secrets.nix
View file

@ -13,8 +13,8 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
#"restic-backup/hephaestus-credentials" = {}; "restic-backup/talos-credentials" = {};
#"restic-backup/hephaestus-password" = {}; "restic-backup/talos-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};

7
modules/secrets/restic-backup/talos-credentials.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw WWJQxqfxQzLmBFPpTzuKBMhAl+ZxnQdvnaDvfpwxR00
tEsf6xSw/MP/qJnr/SyLlkEEf/LaI7IxjVzaxRwh5FI
-> ssh-ed25519 nh0dAQ yRu0VZqx+DuB3SSQaVtg+txuRu9OyJDfLDNCKg9XYk0
xTpucapaejG2EMrZLIDt46JD3QYM4XXT1Y2F77HPQO8
--- uZjO0dDIFesU2B/GkjpqrOJas1+K6hGbQAdFV/t1GOk
BV͵Ç\Õ 8 Û‘¾ºý[%<25>½l^>9<>\Eö5¹šþ¿Új(6èÜgå;(I7CS4èv6ièÉÐþSªÐXïC»ï`OòT™ŒÓÚ\ô;I·Ýœò6ƒ<36>_k˜éy-‡±¹½qKl†¾ôKþÓ hŠ?tô

BIN
modules/secrets/restic-backup/talos-password.age Normal file
View file

Binary file not shown.

2
modules/secrets/secrets.nix
View file

@ -35,6 +35,8 @@ in {
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
"restic-backup/talos-password.age".publicKeys = [alarsyo talos];
"restic-backup/talos-credentials.age".publicKeys = [alarsyo talos];
"users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo];
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];