Add restic backups

hosts/franz/default.nix

@@ -23,6 +23,7 @@ in {
     ../common/optional/docker.nix
     ../common/optional/vsftpd.nix
     ./sops.nix
+    ./restic.nix
     ./arion
   ];
 

hosts/franz/restic.nix

@@ -0,0 +1,147 @@
+{
+  pkgs,
+  config,
+  ...
+}: let
+  vars = import ../../vars.nix;
+  arionPath = "/home/${vars.user}/.setup/hosts/franz/arion";
+in {
+  systemd.timers."restic-cron" = {
+    wantedBy = ["timers.target"];
+    timerConfig = {
+      OnBootSec = "5m";
+      OnUnitActiveSec = "5m";
+      Unit = "restic-cron.service";
+    };
+  };
+
+  systemd.services."restic-cron" = {
+    script = ''
+      set -eu
+      ${pkgs.autorestic}/bin/autorestic -c /home/ghoscht/.autorestic.yml --restic-bin ${pkgs.restic}/bin/restic --ci cron > /tmp/autorestic.log 2>&1
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+  environment.systemPackages = with pkgs; [autorestic restic];
+
+  sops.secrets."autorestic/zfs_key" = {
+    owner = vars.user;
+  };
+  sops.secrets."autorestic/ssd_key" = {
+    owner = vars.user;
+  };
+
+  sops.templates.".autorestic.yml" = {
+    path = "/home/${vars.user}/.autorestic.yml";
+    owner = vars.user;
+    mode = "0775";
+    content = ''
+      version: 2
+      global:
+        forget:
+          keep-weekly: 7
+          keep-monthly: 12
+      locations:
+        dashboard:
+          from: /storage/dataset/docker/dashboard
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * 0' # Every Sunday at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix start
+        dns:
+          from: /storage/dataset/docker/dns
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * 0' # Every Sunday at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix start
+        feed:
+          from: /storage/dataset/docker/feed
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * 0' # Every Sunday at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix start
+        git:
+          from: /storage/dataset/docker/git
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * *' # Every Day at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix start
+        media:
+          from: /storage/dataset/docker/media
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * 0' # Every Sunday at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
+        nextcloud:
+          from: /storage/dataset/docker/nextcloud
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * *' # Every Day at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix start
+        smarthome:
+          from: /storage/dataset/docker/smarthome
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * 0' # Every Sunday at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix start
+        passwords:
+          from: /storage/dataset/docker/passwords
+          to:
+            - zfs
+            - ssd
+          cron: '0 3 * * *' # Every Day at 3:00
+          hooks:
+            before:
+              - sudo arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
+            after:
+              - sudo arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
+      backends:
+        zfs:
+          type: local
+          path: /storage/dataset/backups
+          key: '${config.sops.placeholder."autorestic/zfs_key"}'
+        ssd:
+          type: local
+          path: /home/ghoscht/Backups
+          key: '${config.sops.placeholder."autorestic/ssd_key"}'
+    '';
+  };
+}

secrets/franz.yaml

@@ -27,6 +27,9 @@ unpackerr:
     lidarr_api_key: ENC[AES256_GCM,data:WZzb/Is7qdIq9qPEYt0FFXSucUx3qCv/isWwUyxDrB0=,iv:k0CFPUU4UmTmW0R/5sWgptbsfdLlglKze3EAyNi6t1E=,tag:aXUZd43krL9qKvs1uvJ4AA==,type:str]
 ttrss:
     db_password: ENC[AES256_GCM,data:Yp44TDA=,iv:3eurDNE37mf2qDunCJczIyq26ttWwX9J6OhxMydEiq4=,tag:+Ce6sV40xn3VzgacEAY5NQ==,type:str]
+autorestic:
+    zfs_key: ENC[AES256_GCM,data:HyZBD202BoG6ncw37Tg9LPvfvQPnOaLJKk+gMvdZflt+XZ/7lx6TZOp/loiDhSSBTMusAXaI/aDkAFx2a7yDUQ==,iv:nQAHi9TyUXamSlFq99NYvWLOBSuZstuYNJLgVpxF1JU=,tag:mIS/E4Wr6IdWsZtehNY7UA==,type:str]
+    ssd_key: ENC[AES256_GCM,data:xgJCpNkmIn8VU+jG++0kLW8WM9RbTBmsZeOuOz1WWmc4sOdN4lWfPvLjcTAHZDIXFvX7NodEcGAYDmcWNw7QBw==,iv:wGJcz7CEjhwsUlVEyuHOBcayzE97PfWi2f0TvITzafg=,tag:wpaJFcQBd/kAmExfD6fwJQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -42,8 +45,8 @@ sops:
             VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
             EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-15T20:30:02Z"
+    lastmodified: "2024-03-31T17:08:14Z"
-    mac: ENC[AES256_GCM,data:sdxHWMIA4KwVNVSBe/oh5LrR4W11NES3qt5HVlAvVqmpEnLfSRMXCtGXnyBk0eN8O9hW6Zi135ZBQeyrVIQlsXU55LXLfQeWBK6VdLIfLScVDmJJ5MAMMl9ExhDr7XZ5tfmMkHsLnUSz7AM0tXmmbj5uwC40NDlyXZgOxo1fV8g=,iv:c0SaijwURfAJ1k0u/hed7jtBIV+4dqHSs8cGftEOmNU=,tag:sGBse6Um0LgUbOF207ZZCQ==,type:str]
+    mac: ENC[AES256_GCM,data:6OqfSgn6/9hf9x62HflJy1meERaPx9rXflgOQR+gzKsr0FA5q4iC7Gdyebpw7EA/nMIN/XXEGNQXvCaGMMccZ2D8gQ0S6O5JgeDAKukl4T7+qXYXwAdrVjsjLZZV61LJSEU4x9Z2/U9jtbwB4KFwgmppJeipO2D75EzJngKZn80=,iv:4Ap89WlXicBLMptqFiEgg3L/koDIXunscdcayfL/JJk=,tag:D1o9sOZ/pyTaAY2ai8HViA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1