restic setup

2023-07-02 12:52:06 +02:00 · 2023-07-02 12:52:06 +02:00 · 96290797cc
commit 96290797cc
parent a4756c8466
2 changed files with 45 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/secrets/
--- a/nixos/machines/srv01-home/configuration.nix
+++ b/nixos/machines/srv01-home/configuration.nix
@ -193,6 +193,50 @@
      ];
    };
  };
+
+  users.users.restic = {
+    isNormalUser = true;
+  };
+  
+  security.wrappers.restic = {
+    source = "${pkgs.restic.out}/bin/restic";
+    owner = "restic";
+    group = "users";
+    permissions = "u=rwx,g=,o=";
+    capabilities = "cap_dac_read_search=+ep";
+  };
+
+  services.restic.backups.srv01-home = {
+    user = "restic";
+    paths = [ "/srv" ];
+    exclude = [];
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 5"
+      "--keep-monthly 12"
+      "--keep-yearly 75"
+    ];
+    repositoryFile = "/etc/dotfiles-nixos/secrets/restic-repository-srv01-home";
+    initialize = true;
+    timerConfig = {
+      OnCalendar = "02:00";
+      Persistent = true;
+    };
+    passwordFile = "/etc/dotfiles-nixos/secrets/restic-password-srv01-home";
+  };
+
+  systemd.services.restic-backups-srv01-home = {
+    serviceConfig = {
+      EnvironmentFile = "/etc/dotfiles-nixos/secrets/b2.env";
+    };
+  };
+
+  # environment = {
+  #   B2_ACCOUNT_ID = "my_account_id_abc123";
+  #   B2_ACCOUNT_KEY = "my_account_key_def456";
+  # };
+
+
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave