312 lines
11 KiB
Nix
312 lines
11 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: let
|
|
vars = import ../../vars.nix;
|
|
arionPath = "/home/${vars.user}/.setup/hosts/franz/arion";
|
|
cfg = config.virtualisation.arion;
|
|
in {
|
|
# systemd.timers."restic-cron" = {
|
|
# wantedBy = ["timers.target"];
|
|
# timerConfig = {
|
|
# OnBootSec = "1m";
|
|
# OnUnitActiveSec = "1m";
|
|
# Unit = "restic-cron.service";
|
|
# };
|
|
# };
|
|
#
|
|
# systemd.services."restic-cron" = {
|
|
# path = [
|
|
# cfg.docker.client.package
|
|
# cfg.package
|
|
# pkgs.nix
|
|
# pkgs.restic
|
|
# pkgs.autorestic
|
|
# ];
|
|
# script = ''
|
|
# source /etc/profile
|
|
# autorestic -c /home/ghoscht/.autorestic.yml --verbose cron >> /tmp/autorestic.log 2>&1
|
|
# '';
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# User = "root";
|
|
# };
|
|
# };
|
|
|
|
services.cron = {
|
|
enable = true;
|
|
systemCronJobs = [
|
|
"*/5 * * * * root . /etc/profile; autorestic -c /home/ghoscht/.autorestic.yml --ci cron > /var/log/autorestic-bin.log"
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [autorestic restic];
|
|
|
|
sops.secrets."autorestic/zfs_key" = {
|
|
owner = vars.user;
|
|
};
|
|
sops.secrets."autorestic/ssd_key" = {
|
|
owner = vars.user;
|
|
};
|
|
sops.secrets."autorestic/eustachius_key" = {
|
|
owner = vars.user;
|
|
};
|
|
sops.secrets."autorestic/ntfy_access_token" = {
|
|
owner = vars.user;
|
|
};
|
|
|
|
sops.templates.".autorestic.yml" = {
|
|
path = "/home/${vars.user}/.autorestic.yml";
|
|
owner = vars.user;
|
|
mode = "0775";
|
|
content = ''
|
|
version: 2
|
|
global:
|
|
forget:
|
|
keep-last: 5
|
|
keep-weekly: 1
|
|
keep-monthly: 12
|
|
keep-yearly: 7
|
|
keep-within: '14d'
|
|
|
|
extras:
|
|
default_hooks: &default_hooks
|
|
success:
|
|
- echo "Backup of $AUTORESTIC_LOCATION successful! Added $AUTORESTIC_FILES_ADDED_0 files and changed $AUTORESTIC_FILES_CHANGED_0 files with a total size of $AUTORESTIC_ADDED_SIZE_0. Processed $AUTORESTIC_PROCESSED_FILES_0 files with total size $AUTORESTIC_PROCESSED_SIZE_0 in $AUTORESTIC_PROCESSED_DURATION_0. Snapshot $AUTORESTIC_SNAPSHOT_ID_0" >> /var/log/autorestic-backup.log
|
|
failure:
|
|
- echo "Backup of $AUTORESTIC_LOCATION failed" >> /var/log/autorestic.log
|
|
- 'curl -H "Authorization: Bearer ${config.sops.placeholder."autorestic/ntfy_access_token"}" -H "X-Tags: warning" -H "X-Title: Backup Failure" -d "Backup of location $AUTORESTIC_LOCATION failed" https://push.ghoscht.com/autorestic'
|
|
|
|
locations:
|
|
dashboard:
|
|
from: /home/ghoscht/.docker/dashboard
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '0 4 * * 0' # Every Sunday at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix start
|
|
dns:
|
|
from: /home/ghoscht/.docker/dns
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '0 4 * * 0' # Every Sunday at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix start
|
|
feed:
|
|
from: /home/ghoscht/.docker/feed
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '0 4 * * 0' # Every Sunday at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix start
|
|
git:
|
|
from: /home/ghoscht/.docker/git
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
cron: '0 4 * * *' # Every Day at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix start
|
|
media:
|
|
from: /home/ghoscht/.docker/media
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
cron: '0 4 * * *' # Every Day at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
|
|
nextcloud:
|
|
from:
|
|
- /storage/dataset/docker/nextcloud/nextcloud_data/data
|
|
- /home/ghoscht/.docker/nextcloud/
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
cron: '0 4 * * *' # Every Day at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix start
|
|
smarthome:
|
|
from: /home/ghoscht/.docker/smarthome
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '0 4 * * 0' # Every Sunday at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix start
|
|
passwords:
|
|
from: /home/ghoscht/.docker/passwords
|
|
to:
|
|
- zfs
|
|
# - ssd
|
|
- eustachius
|
|
cron: '0 4 * * *' # Every Day at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
|
|
matrix:
|
|
from: /home/ghoscht/.docker/matrix
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '0 4 * * 0' # Every Sunday at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
|
|
music:
|
|
from: /storage/dataset/data/media/music
|
|
to:
|
|
- eustachius
|
|
cron: '0 4 * * 0' # Every Sunday at 4:00
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
|
|
headscale:
|
|
from: /home/ghoscht/.docker/headscale
|
|
to:
|
|
- zfs
|
|
forget: prune
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/headscale/arion-compose.nix -p ${arionPath}/headscale/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/headscale/arion-compose.nix -p ${arionPath}/headscale/arion-pkgs.nix start
|
|
auth:
|
|
from: /home/ghoscht/.docker/auth
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/auth/arion-compose.nix -p ${arionPath}/auth/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/auth/arion-compose.nix -p ${arionPath}/auth/arion-pkgs.nix start
|
|
infrastructure:
|
|
from: /home/ghoscht/.docker/infrastructure
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/infrastructure/arion-compose.nix -p ${arionPath}/infrastructure/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/infrastructure/arion-compose.nix -p ${arionPath}/infrastructure/arion-pkgs.nix start
|
|
wiki:
|
|
from: /home/ghoscht/.docker/wiki
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/wiki/arion-compose.nix -p ${arionPath}/wiki/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/wiki/arion-compose.nix -p ${arionPath}/wiki/arion-pkgs.nix start
|
|
stats:
|
|
from: /home/ghoscht/.docker/stats
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
forget: prune
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/stats/arion-compose.nix -p ${arionPath}/stats/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/stats/arion-compose.nix -p ${arionPath}/stats/arion-pkgs.nix start
|
|
minio:
|
|
from: /storage/dataset/docker/minio
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
options:
|
|
backup:
|
|
exclude:
|
|
- '*.pmtiles'
|
|
hooks:
|
|
<<: *default_hooks
|
|
before:
|
|
- arion -f ${arionPath}/minio/arion-compose.nix -p ${arionPath}/minio/arion-pkgs.nix stop
|
|
after:
|
|
- arion -f ${arionPath}/minio/arion-compose.nix -p ${arionPath}/minio/arion-pkgs.nix start
|
|
nas:
|
|
from: /storage/dataset/nas
|
|
to:
|
|
- zfs
|
|
- eustachius
|
|
cron: '55 3 * * *' # Every Day at 3:55
|
|
hooks:
|
|
<<: *default_hooks
|
|
backends:
|
|
zfs:
|
|
type: local
|
|
path: /storage/dataset/backups
|
|
key: '${config.sops.placeholder."autorestic/zfs_key"}'
|
|
# ssd:
|
|
# type: local
|
|
# path: /home/ghoscht/Backups
|
|
# key: '${config.sops.placeholder."autorestic/ssd_key"}'
|
|
eustachius:
|
|
type: rest
|
|
path: http://100.64.0.3:8000/franz
|
|
key: '${config.sops.placeholder."autorestic/eustachius_key"}'
|
|
'';
|
|
};
|
|
}
|