nixos: add restic
This commit is contained in:
parent
2721eaeecf
commit
d784867779
6 changed files with 92 additions and 0 deletions
|
@ -17,6 +17,12 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *guanranwang
|
- *guanranwang
|
||||||
- *tyo0
|
- *tyo0
|
||||||
|
- path_regex: ^nixos/profiles/restic/secrets.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *guanranwang
|
||||||
|
- *dust
|
||||||
|
- *sin0
|
||||||
- path_regex: ^nixos/profiles/sing-box/secrets.yaml$
|
- path_regex: ^nixos/profiles/sing-box/secrets.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
../../nixos/profiles/restic
|
||||||
../../nixos/profiles/sing-box
|
../../nixos/profiles/sing-box
|
||||||
../../nixos/profiles/wireless
|
../../nixos/profiles/wireless
|
||||||
|
|
||||||
|
@ -231,4 +232,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.restic.backups.persist.exclude = [ "/persist/home/guanranwang/.local/share/Steam" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,8 @@
|
||||||
|
|
||||||
./disko.nix
|
./disko.nix
|
||||||
./preservation.nix
|
./preservation.nix
|
||||||
|
|
||||||
|
../../../nixos/profiles/restic
|
||||||
]
|
]
|
||||||
++ (with inputs; [
|
++ (with inputs; [
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
|
|
|
@ -30,3 +30,6 @@ module "vultr" {
|
||||||
script = vultr_startup_script.script.id
|
script = vultr_startup_script.script.id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "vultr_object_storage" "storage" {
|
||||||
|
cluster_id = 4 # sgp1.vultrobjects.com
|
||||||
|
}
|
||||||
|
|
27
nixos/profiles/restic/default.nix
Normal file
27
nixos/profiles/restic/default.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
sops.secrets = builtins.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) {
|
||||||
|
"restic/environment" = { };
|
||||||
|
"restic/password" = { };
|
||||||
|
"restic/repository" = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.backups.persist = {
|
||||||
|
environmentFile = config.sops.secrets."restic/environment".path;
|
||||||
|
passwordFile = config.sops.secrets."restic/password".path;
|
||||||
|
repositoryFile = config.sops.secrets."restic/repository".path;
|
||||||
|
paths = [ "/persist" ];
|
||||||
|
extraBackupArgs = [
|
||||||
|
"--one-file-system"
|
||||||
|
"--exclude-caches"
|
||||||
|
"--no-scan"
|
||||||
|
"--retry-lock 2h"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "daily";
|
||||||
|
RandomizedDelaySec = "4h";
|
||||||
|
FixedRandomDelay = true;
|
||||||
|
Persistent = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
51
nixos/profiles/restic/secrets.yaml
Normal file
51
nixos/profiles/restic/secrets.yaml
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
restic:
|
||||||
|
environment: ENC[AES256_GCM,data:7XdLf6C3ojLWxQJtQv+Fkof5GUZDpRhgsdwtMFKGJYwHQKhPfmmghlEWxXMi7HuWHCBxlvEKDU/8L9RnsWPHBG8yiZbuaqQWJna/PH0M69i2ZMHgXqRf433zxUAkCY8ULl2UGH7P,iv:hx9k/6gGTuC353j8JL2qHRgKFHY4/b7nA+ILjxXTbB0=,tag:dTFrmwIJLrcn4Ga6lzZQmQ==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:79+ZXif/zXiQ/0xJJxW4v5NOcOnAIFM+QeYNd9HVlBgF,iv:0W02zdfR6aS/E/vnEXdqQd7NF21VY5osdpP8s5muM6c=,tag:k+5ObQGcam67NWkiuE6Eaw==,type:str]
|
||||||
|
repository: ENC[AES256_GCM,data:jbeQ8oQrcT/q89vvI7tZs3WMsKK78jHEGqbuhf5v4KBz9voVHOVVPSLxXrk=,iv:a01YaOfIYldkFYFpY2KdDW4yzQij1JrdLMMbn/MkW9g=,tag:nZlGzftlnqHGJ+kDLllQXw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bTRYdi84N1VrcXhFZzRQ
|
||||||
|
ZGVBV3pMUkxxTjZWcTBEVllhZzJCMkhtaGg4CjZYakRGODhLa3Rkb3lDQy9oVjFV
|
||||||
|
SCtJUGtMcFMybGRIbmhIQUNQQ2I0dGMKLS0tIFAyZURTVFNQZml1d0JGYWZYQS84
|
||||||
|
bnkrVUZvY3YwTVpUZHlzcTFvR1pNbkUKcVP66FDXJFN8tsprjwx7E+eSCb/qCe+F
|
||||||
|
7HxC1Aele3vdu3GpJinArWblpXBoc66P6+5UHHop/O6c4p3dEjrCRQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT2swWFRaZnJyZW5XanNj
|
||||||
|
VUE1OVNCOGRjRytab0g4MDdXRnVXdHIwSkVVCk1CNXlIVkU5WVRBQlg1cmtIS3dy
|
||||||
|
MlkvUzkxTGtWOTBMRWs3MmJPV2tGWEEKLS0tIEl4a0N2NUdscnNlWEc2TmNzNGUr
|
||||||
|
bFNTcHFWU2hlTXBjK0Rha2ZFNTFCcncKyI2b4FGDX3XI0jw9Wj6Skv/VfiFi8Upu
|
||||||
|
HXCUovZqdWZBCtmNIXQSKjjTYizKAoTFK6YFqA8CKzNcRrq3vBRhcw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsczZ6QVpRQUtqVDhnYjJF
|
||||||
|
dlRnT1pvWXdGaW9Ta1NZODJTTXU3aktrZUcwCm01V1RnR0RCcmZXYkRGN2U0M3k4
|
||||||
|
WnhJbXl3UkNKcEtjaGkzellsUW84aGMKLS0tIEQweVdZTDFMZHlFT21LbDgva0x5
|
||||||
|
NTlFcjArSzhYRzNCMG9EbmR2d1lVaXcKxvQMdsDAVSwStg1cr6sA55bkWIIEdhjj
|
||||||
|
TObLtnZMdXskrcm7vRU8h8JpacTntSkjtQPYd04pBIItRIunE0DJJA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12un5sgwu73ufgtd3e439fttek5yfem3m9twq9p7wx95kakmz3cyq5gm3et
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYnQ3OFZCcmVPTXZ3djBJ
|
||||||
|
NTJvd0pobzh5TzNxN0pneExwcExEQzRSbEVnCjVtTTdRSk85YzVhVDFBWmYrdk0x
|
||||||
|
RHNmUlREOEppWm1OQnR5eENPeFV2UWMKLS0tIGYxZ0RmTGRLaTBCdTkyMXk2MVUr
|
||||||
|
VFFJTFRQWnFFV0MxbWpSUGNyUy83dHcKbl2wtGFCvh4m0/aKGQneWSV3cKdU7AbT
|
||||||
|
11piv6jq54GNdq6QtbuX4MlbOsDO18jm29WZ2sbbHANnU70jyybIIA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-22T05:18:57Z"
|
||||||
|
mac: ENC[AES256_GCM,data:NaA8s3PRyhD9oVQr2DhsjuMVxT97SFwmH7hzRmq9eNXenwAsuJtJLV1MS9O9MW94rQo9aMeA5e//1jodTlkOgznnDoebX1m1cjXD88HMI3+NXu7f509HSlTKMopjst2PpOPGRq3Vt+SPHc9hV363O/rQBXiohCQ1o/YII1PBm1c=,iv:oqIeyit/UeISNrS6M6KZxJnzyk6f07NOa7dPK/VrtyM=,tag:CUEYuuNuvQeFJvat6tOpeQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.0
|
Loading…
Reference in a new issue