rebmit/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
nixos-config/nixos/profiles/services/restic/default.nix

75 lines
2 KiB
Nix
Raw Permalink Blame History

# Portions of this file are sourced from
# https://github.com/NickCao/flakes/blob/3b03efb676ea602575c916b2b8bc9d9cd13b0d85/modules/backup/default.nix
# https://github.com/linyinfeng/dotfiles/blob/b618b0fd16fb9c79ab7199ed51c4c0f98a392cea/nixos/profiles/services/restic/default.nix
{ config, hostData, ... }:
{
sops.secrets."b2_backup_application_key_id" = {
opentofu = {
enable = true;
useHostOutput = true;
};
restartUnits = [ "restic-backups-b2.service" ];
};
sops.secrets."b2_backup_application_key" = {
opentofu = {
enable = true;
useHostOutput = true;
};
restartUnits = [ "restic-backups-b2.service" ];
};
sops.secrets."restic_password" = {
opentofu = {
enable = true;
useHostOutput = true;
};
restartUnits = [ "restic-backups-b2.service" ];
};
sops.templates."restic_b2_envs".content = ''
B2_ACCOUNT_ID="${config.sops.placeholder."b2_backup_application_key_id"}"
B2_ACCOUNT_KEY="${config.sops.placeholder."b2_backup_application_key"}"
'';
services.restic.backups.b2 = {
repository = "b2:${hostData.b2_backup_bucket_name}";
environmentFile = config.sops.templates."restic_b2_envs".path;
passwordFile = config.sops.secrets."restic_password".path;
initialize = true;
extraBackupArgs = [
"--one-file-system"
"--exclude-caches"
"--no-scan"
"--retry-lock 2h"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
];
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "4h";
FixedRandomDelay = true;
Persistent = true;
};
};
preservation.preserveAt."/persist".directories = [
{
directory = "/var/cache/restic-backups-b2";
mode = "0755";
user = "root";
group = "root";
}
];
services.restic.backups.b2.paths = [
"/persist/etc/machine-id"
"/persist${config.sops.age.keyFile}"
"/persist/var/lib/nixos"
];
systemd.services.restic-backups-b2.serviceConfig.Environment = [ "GOGC=20" ];
}
Reference in a new issue View git blame Copy permalink