nixos: add restic
This commit is contained in:
parent
2721eaeecf
commit
d784867779
6 changed files with 92 additions and 0 deletions
|
@ -17,6 +17,12 @@ creation_rules:
|
|||
- age:
|
||||
- *guanranwang
|
||||
- *tyo0
|
||||
- path_regex: ^nixos/profiles/restic/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *guanranwang
|
||||
- *dust
|
||||
- *sin0
|
||||
- path_regex: ^nixos/profiles/sing-box/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
{
|
||||
imports =
|
||||
[
|
||||
../../nixos/profiles/restic
|
||||
../../nixos/profiles/sing-box
|
||||
../../nixos/profiles/wireless
|
||||
|
||||
|
@ -231,4 +232,6 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.restic.backups.persist.exclude = [ "/persist/home/guanranwang/.local/share/Steam" ];
|
||||
}
|
||||
|
|
|
@ -12,6 +12,8 @@
|
|||
|
||||
./disko.nix
|
||||
./preservation.nix
|
||||
|
||||
../../../nixos/profiles/restic
|
||||
]
|
||||
++ (with inputs; [
|
||||
disko.nixosModules.disko
|
||||
|
|
|
@ -30,3 +30,6 @@ module "vultr" {
|
|||
script = vultr_startup_script.script.id
|
||||
}
|
||||
|
||||
resource "vultr_object_storage" "storage" {
|
||||
cluster_id = 4 # sgp1.vultrobjects.com
|
||||
}
|
||||
|
|
27
nixos/profiles/restic/default.nix
Normal file
27
nixos/profiles/restic/default.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
sops.secrets = builtins.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) {
|
||||
"restic/environment" = { };
|
||||
"restic/password" = { };
|
||||
"restic/repository" = { };
|
||||
};
|
||||
|
||||
services.restic.backups.persist = {
|
||||
environmentFile = config.sops.secrets."restic/environment".path;
|
||||
passwordFile = config.sops.secrets."restic/password".path;
|
||||
repositoryFile = config.sops.secrets."restic/repository".path;
|
||||
paths = [ "/persist" ];
|
||||
extraBackupArgs = [
|
||||
"--one-file-system"
|
||||
"--exclude-caches"
|
||||
"--no-scan"
|
||||
"--retry-lock 2h"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
RandomizedDelaySec = "4h";
|
||||
FixedRandomDelay = true;
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
}
|
51
nixos/profiles/restic/secrets.yaml
Normal file
51
nixos/profiles/restic/secrets.yaml
Normal file
|
@ -0,0 +1,51 @@
|
|||
restic:
|
||||
environment: ENC[AES256_GCM,data:7XdLf6C3ojLWxQJtQv+Fkof5GUZDpRhgsdwtMFKGJYwHQKhPfmmghlEWxXMi7HuWHCBxlvEKDU/8L9RnsWPHBG8yiZbuaqQWJna/PH0M69i2ZMHgXqRf433zxUAkCY8ULl2UGH7P,iv:hx9k/6gGTuC353j8JL2qHRgKFHY4/b7nA+ILjxXTbB0=,tag:dTFrmwIJLrcn4Ga6lzZQmQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:79+ZXif/zXiQ/0xJJxW4v5NOcOnAIFM+QeYNd9HVlBgF,iv:0W02zdfR6aS/E/vnEXdqQd7NF21VY5osdpP8s5muM6c=,tag:k+5ObQGcam67NWkiuE6Eaw==,type:str]
|
||||
repository: ENC[AES256_GCM,data:jbeQ8oQrcT/q89vvI7tZs3WMsKK78jHEGqbuhf5v4KBz9voVHOVVPSLxXrk=,iv:a01YaOfIYldkFYFpY2KdDW4yzQij1JrdLMMbn/MkW9g=,tag:nZlGzftlnqHGJ+kDLllQXw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3bTRYdi84N1VrcXhFZzRQ
|
||||
ZGVBV3pMUkxxTjZWcTBEVllhZzJCMkhtaGg4CjZYakRGODhLa3Rkb3lDQy9oVjFV
|
||||
SCtJUGtMcFMybGRIbmhIQUNQQ2I0dGMKLS0tIFAyZURTVFNQZml1d0JGYWZYQS84
|
||||
bnkrVUZvY3YwTVpUZHlzcTFvR1pNbkUKcVP66FDXJFN8tsprjwx7E+eSCb/qCe+F
|
||||
7HxC1Aele3vdu3GpJinArWblpXBoc66P6+5UHHop/O6c4p3dEjrCRQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjT2swWFRaZnJyZW5XanNj
|
||||
VUE1OVNCOGRjRytab0g4MDdXRnVXdHIwSkVVCk1CNXlIVkU5WVRBQlg1cmtIS3dy
|
||||
MlkvUzkxTGtWOTBMRWs3MmJPV2tGWEEKLS0tIEl4a0N2NUdscnNlWEc2TmNzNGUr
|
||||
bFNTcHFWU2hlTXBjK0Rha2ZFNTFCcncKyI2b4FGDX3XI0jw9Wj6Skv/VfiFi8Upu
|
||||
HXCUovZqdWZBCtmNIXQSKjjTYizKAoTFK6YFqA8CKzNcRrq3vBRhcw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsczZ6QVpRQUtqVDhnYjJF
|
||||
dlRnT1pvWXdGaW9Ta1NZODJTTXU3aktrZUcwCm01V1RnR0RCcmZXYkRGN2U0M3k4
|
||||
WnhJbXl3UkNKcEtjaGkzellsUW84aGMKLS0tIEQweVdZTDFMZHlFT21LbDgva0x5
|
||||
NTlFcjArSzhYRzNCMG9EbmR2d1lVaXcKxvQMdsDAVSwStg1cr6sA55bkWIIEdhjj
|
||||
TObLtnZMdXskrcm7vRU8h8JpacTntSkjtQPYd04pBIItRIunE0DJJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12un5sgwu73ufgtd3e439fttek5yfem3m9twq9p7wx95kakmz3cyq5gm3et
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYnQ3OFZCcmVPTXZ3djBJ
|
||||
NTJvd0pobzh5TzNxN0pneExwcExEQzRSbEVnCjVtTTdRSk85YzVhVDFBWmYrdk0x
|
||||
RHNmUlREOEppWm1OQnR5eENPeFV2UWMKLS0tIGYxZ0RmTGRLaTBCdTkyMXk2MVUr
|
||||
VFFJTFRQWnFFV0MxbWpSUGNyUy83dHcKbl2wtGFCvh4m0/aKGQneWSV3cKdU7AbT
|
||||
11piv6jq54GNdq6QtbuX4MlbOsDO18jm29WZ2sbbHANnU70jyybIIA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-22T05:18:57Z"
|
||||
mac: ENC[AES256_GCM,data:NaA8s3PRyhD9oVQr2DhsjuMVxT97SFwmH7hzRmq9eNXenwAsuJtJLV1MS9O9MW94rQo9aMeA5e//1jodTlkOgznnDoebX1m1cjXD88HMI3+NXu7f509HSlTKMopjst2PpOPGRq3Vt+SPHc9hV363O/rQBXiohCQ1o/YII1PBm1c=,iv:oqIeyit/UeISNrS6M6KZxJnzyk6f07NOa7dPK/VrtyM=,tag:CUEYuuNuvQeFJvat6tOpeQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
Loading…
Reference in a new issue