Add restic backups

This commit is contained in:
GHOSCHT 2024-03-31 22:04:51 +02:00
parent bb38367685
commit db57f01f8b
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
3 changed files with 153 additions and 2 deletions

View file

@ -23,6 +23,7 @@ in {
../common/optional/docker.nix ../common/optional/docker.nix
../common/optional/vsftpd.nix ../common/optional/vsftpd.nix
./sops.nix ./sops.nix
./restic.nix
./arion ./arion
]; ];

147
hosts/franz/restic.nix Normal file
View file

@ -0,0 +1,147 @@
{
pkgs,
config,
...
}: let
vars = import ../../vars.nix;
arionPath = "/home/${vars.user}/.setup/hosts/franz/arion";
in {
systemd.timers."restic-cron" = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "restic-cron.service";
};
};
systemd.services."restic-cron" = {
script = ''
set -eu
${pkgs.autorestic}/bin/autorestic -c /home/ghoscht/.autorestic.yml --restic-bin ${pkgs.restic}/bin/restic --ci cron > /tmp/autorestic.log 2>&1
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
environment.systemPackages = with pkgs; [autorestic restic];
sops.secrets."autorestic/zfs_key" = {
owner = vars.user;
};
sops.secrets."autorestic/ssd_key" = {
owner = vars.user;
};
sops.templates.".autorestic.yml" = {
path = "/home/${vars.user}/.autorestic.yml";
owner = vars.user;
mode = "0775";
content = ''
version: 2
global:
forget:
keep-weekly: 7
keep-monthly: 12
locations:
dashboard:
from: /storage/dataset/docker/dashboard
to:
- zfs
- ssd
cron: '0 3 * * 0' # Every Sunday at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix start
dns:
from: /storage/dataset/docker/dns
to:
- zfs
- ssd
cron: '0 3 * * 0' # Every Sunday at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix start
feed:
from: /storage/dataset/docker/feed
to:
- zfs
- ssd
cron: '0 3 * * 0' # Every Sunday at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix start
git:
from: /storage/dataset/docker/git
to:
- zfs
- ssd
cron: '0 3 * * *' # Every Day at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix start
media:
from: /storage/dataset/docker/media
to:
- zfs
- ssd
cron: '0 3 * * 0' # Every Sunday at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
nextcloud:
from: /storage/dataset/docker/nextcloud
to:
- zfs
- ssd
cron: '0 3 * * *' # Every Day at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix start
smarthome:
from: /storage/dataset/docker/smarthome
to:
- zfs
- ssd
cron: '0 3 * * 0' # Every Sunday at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix start
passwords:
from: /storage/dataset/docker/passwords
to:
- zfs
- ssd
cron: '0 3 * * *' # Every Day at 3:00
hooks:
before:
- sudo arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
after:
- sudo arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
backends:
zfs:
type: local
path: /storage/dataset/backups
key: '${config.sops.placeholder."autorestic/zfs_key"}'
ssd:
type: local
path: /home/ghoscht/Backups
key: '${config.sops.placeholder."autorestic/ssd_key"}'
'';
};
}

View file

@ -27,6 +27,9 @@ unpackerr:
lidarr_api_key: ENC[AES256_GCM,data:WZzb/Is7qdIq9qPEYt0FFXSucUx3qCv/isWwUyxDrB0=,iv:k0CFPUU4UmTmW0R/5sWgptbsfdLlglKze3EAyNi6t1E=,tag:aXUZd43krL9qKvs1uvJ4AA==,type:str] lidarr_api_key: ENC[AES256_GCM,data:WZzb/Is7qdIq9qPEYt0FFXSucUx3qCv/isWwUyxDrB0=,iv:k0CFPUU4UmTmW0R/5sWgptbsfdLlglKze3EAyNi6t1E=,tag:aXUZd43krL9qKvs1uvJ4AA==,type:str]
ttrss: ttrss:
db_password: ENC[AES256_GCM,data:Yp44TDA=,iv:3eurDNE37mf2qDunCJczIyq26ttWwX9J6OhxMydEiq4=,tag:+Ce6sV40xn3VzgacEAY5NQ==,type:str] db_password: ENC[AES256_GCM,data:Yp44TDA=,iv:3eurDNE37mf2qDunCJczIyq26ttWwX9J6OhxMydEiq4=,tag:+Ce6sV40xn3VzgacEAY5NQ==,type:str]
autorestic:
zfs_key: ENC[AES256_GCM,data:HyZBD202BoG6ncw37Tg9LPvfvQPnOaLJKk+gMvdZflt+XZ/7lx6TZOp/loiDhSSBTMusAXaI/aDkAFx2a7yDUQ==,iv:nQAHi9TyUXamSlFq99NYvWLOBSuZstuYNJLgVpxF1JU=,tag:mIS/E4Wr6IdWsZtehNY7UA==,type:str]
ssd_key: ENC[AES256_GCM,data:xgJCpNkmIn8VU+jG++0kLW8WM9RbTBmsZeOuOz1WWmc4sOdN4lWfPvLjcTAHZDIXFvX7NodEcGAYDmcWNw7QBw==,iv:wGJcz7CEjhwsUlVEyuHOBcayzE97PfWi2f0TvITzafg=,tag:wpaJFcQBd/kAmExfD6fwJQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -42,8 +45,8 @@ sops:
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-15T20:30:02Z" lastmodified: "2024-03-31T17:08:14Z"
mac: ENC[AES256_GCM,data:sdxHWMIA4KwVNVSBe/oh5LrR4W11NES3qt5HVlAvVqmpEnLfSRMXCtGXnyBk0eN8O9hW6Zi135ZBQeyrVIQlsXU55LXLfQeWBK6VdLIfLScVDmJJ5MAMMl9ExhDr7XZ5tfmMkHsLnUSz7AM0tXmmbj5uwC40NDlyXZgOxo1fV8g=,iv:c0SaijwURfAJ1k0u/hed7jtBIV+4dqHSs8cGftEOmNU=,tag:sGBse6Um0LgUbOF207ZZCQ==,type:str] mac: ENC[AES256_GCM,data:6OqfSgn6/9hf9x62HflJy1meERaPx9rXflgOQR+gzKsr0FA5q4iC7Gdyebpw7EA/nMIN/XXEGNQXvCaGMMccZ2D8gQ0S6O5JgeDAKukl4T7+qXYXwAdrVjsjLZZV61LJSEU4x9Z2/U9jtbwB4KFwgmppJeipO2D75EzJngKZn80=,iv:4Ap89WlXicBLMptqFiEgg3L/koDIXunscdcayfL/JJk=,tag:D1o9sOZ/pyTaAY2ai8HViA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1