feat: added restic

2025-12-06 21:17:14 -06:00 · 2025-11-22 03:14:50 -06:00 · 2025-11-22 03:14:50 -06:00 · 56fa5bbf5c
commit 56fa5bbf5c
parent 81af972cca
3 changed files with 83 additions and 12 deletions
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -55,26 +55,18 @@ in
      imports = builtins.attrValues {
        inherit (modules)
          acme
-          # audiobookshelf
          caddy
+          ceresOpenCloud
          comfyui
-          # filesorter
          firefly-iii
          forgejo
-          # glance
          jellyfin
-          # logrotate
          mastodon
          microvm
-          # midnight
          minecraft
-          # ollamaCeres
-          ceresOpenCloud
-          # postgresCeres
          projectSite
-          # prompter
+          restic
          sambaCeres
-          # searx
          vaultwarden
          website
          zookeeper
--- a/modules/nixos/services/restic/default.nix
+++ b/modules/nixos/services/restic/default.nix
@ -0,0 +1,75 @@
+{
+  config,
+  flake,
+  pkgs,
+  ...
+}:
+let
+  inherit (flake.config.services) instances;
+  inherit (flake.config.people) user0;
+  envFile = "backblaze/env";
+  repoFile = "backblaze/repo";
+  passFile = "restic-pass";
+in
+{
+  services.restic = {
+    backups = {
+      remote = {
+        environmentFile = config.sops.secrets.${envFile}.path;
+        initialize = true;
+        passwordFile = config.sops.secrets.${passFile}.path;
+        repositoryFile = config.sops.secrets.${repoFile}.path;
+        timerConfig = {
+          OnCalendar = "0/4:00";
+          Persistent = true;
+        };
+        paths = [
+          "/home/${user0}/.ssh"
+          instances.firefly-iii.mntPaths.path0
+          instances.forgejo.mntPaths.path0
+          instances.mastodon.mntPaths.path0
+          instances.minecraft.mntPaths.path0
+          instances.opencloud.mntPaths.path0
+          instances.vaultwarden.mntPaths.path0
+          "${instances.jellyfin.mntPaths.path0}/cache"
+          "${instances.jellyfin.mntPaths.path0}/data"
+          "${instances.jellyfin.mntPaths.path0}/media/Music"
+        ];
+      };
+    };
+  };
+
+  sops = {
+    secrets = builtins.listToAttrs (
+      map
+        (secret: {
+          name = secret;
+          value = {
+            path = "/run/secrets/${secret}";
+            owner = "root";
+            group = "root";
+            mode = "0600";
+          };
+        })
+        [
+          envFile
+          repoFile
+          passFile
+        ]
+    );
+  };
+
+  environment = {
+    variables = {
+      # AWS_ACCESS_KEY_ID = "";
+      # AWS_SECRET_ACCESS_KEY = "";
+      # RESTIC_PASSWORD_FILE = "pass.txt";
+      # RESTIC_REPOSITORY = "";
+    };
+    systemPackages = builtins.attrValues {
+      inherit (pkgs)
+        restic
+        ;
+    };
+  };
+}
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -54,6 +54,10 @@ firefly-iii:
    pass: ENC[AES256_GCM,data:WjHcoTuEzEq9pfw4QoqRjI4jhu5VPEMOXlHL0olg9dqUj4EGa1Shv5T/kIxdRFuao0y3zQ==,iv:4/fmFOxxDLzplsNGpSJMQOeoNviZw2c2pFlB1ZkRu+o=,tag:7TQ2q/kEFDU4tZxPx53ebw==,type:str]
    data: ENC[AES256_GCM,data:921LhcRTWVk24eEAQoDMV+RllSP3PbSXCCIDXlQA80Mq,iv:YXEgas77DgdyPTnBZa/ySjcERBIwmdDZJbijeNKNF24=,tag:Wj25wA7tLJ2bZ/faG9DUhg==,type:str]
    smtp: ENC[AES256_GCM,data:+e4MiRZ2WOZyWYpMf+By1Eb45ih4TA+svLI2+00yQk82,iv:+52+kJouMwkOSDEaOCA8V80+wT/VzNxgtCkOO68SCdk=,tag:YrtrJAXIhQpsUTEeYvrVwQ==,type:str]
+backblaze:
+    env: ENC[AES256_GCM,data:cdOYt77KocuGB3aqYz13oBokoLkEIgI1AW+cYC5uutgZYujG3PqoLEh6Gvbpzn3O+0OWg1/4UAYr4f2v7oCsgwFzPWS3HrhqC5+kIBjrPCyAnxDxlu2xaQ9hR+ogFh5UTDo=,iv:6+jx4Dj5CNV72DAss6NNYm44f9gSHco/EUBvL2o2CNI=,tag:6/cx84MgTDqQJxu/zINEeA==,type:str]
+    repo: ENC[AES256_GCM,data:sRae9XELIfkWPaXelCdgEXIDbLTHVqGcRO0o+WA9aBfB8MUw92JjRCYgMgGXT0Apy38eszyuEHFB3XPpRmtQ7g==,iv:EilVA9zdHm6B9pTIhNxyj6Th1248nXvh0kpnEqZJ5HI=,tag:q9ASAgx5vgY0IePws4rT5Q==,type:str]
+restic-pass: ENC[AES256_GCM,data:WtVFKDBKIdSAgPCsgpSGIMxIjFD2itFUVxzr9T5zWyk=,iv:KEgauoBqD9Htemfznm7n2ImH3HyB3ivYL/etGZHIcC0=,tag:mzJsu5QzqDMTuvulKAxtOA==,type:str]
 password-user0: ENC[AES256_GCM,data:VKrySmPAKh3UwCQXJS0EnOPPLDrigWtw5g4WMbSGz/VRtbzlQxMIgs42c/8NnHiqr98ifWy7u9c280oo7SrHhQmEOOvxfITQ9A==,iv:toGkVKCjsmtPP5Ukk/q8kPSmJo3FcTAyj2vcIEkHmU0=,tag:Nhucsk1kgx7zDZZQKycKZQ==,type:str]
 sops:
    age:
@ -66,7 +70,7 @@ sops:
            bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
            aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-21T10:16:47Z"
-    mac: ENC[AES256_GCM,data:cgsHkgbaVkMYIaWPugPjX9yRbV6eBPcMmQnD1qRJbp647c/FF+KA4qJhB8eQD5/yA+u76in1LSEopRuKaXEGX9LRNzpUKknih/QN8bjHbbwpC2zKm/cxgkkING9Or5Fk821+RPhAb4ezZoUOl+lSG3LUl66GoDcbNAW3qxZhwO8=,iv:3rKoaAKKTskY47IqxZuKUDXeNFC58Av45nk/P/xYIzg=,tag:vfWE0td8UHxCquWW6WlqBg==,type:str]
+    lastmodified: "2025-11-22T08:22:22Z"
+    mac: ENC[AES256_GCM,data:aGtZuHEsxcUZCfMdiYoX0oHd71XNIEG5UgxtoSqIr1ICqnjGV1hrNeLu+coSslkvYjAteYkgDBk8lHiO1kBY7G3d9fn0cRnR7wpgcaiFDCPaKdjXlrZmDdbsN+4NF62Y1LkclvGOWGEvM4pR+HxnNxK3nVEU0e10TaZ0r9/b0+o=,iv:MCid50yHr9Sk8hzsbu8wBQwW4vnERxaCEuivq1TUvhA=,tag:T7F2lS5lWY7zncWOY4VSbA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0