diff --git a/hosts/arashi/hardware.nix b/hosts/arashi/hardware.nix index 04af3d4..c32d3ca 100644 --- a/hosts/arashi/hardware.nix +++ b/hosts/arashi/hardware.nix @@ -17,6 +17,11 @@ fsType = "ext4"; }; + fileSystems."/nas/restic" = { + device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/arashi"; + fsType = "nfs"; + }; + swapDevices = [ {device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140";} ]; diff --git a/hosts/arashi/services/default.nix b/hosts/arashi/services/default.nix index f3c8b4a..6946ce7 100644 --- a/hosts/arashi/services/default.nix +++ b/hosts/arashi/services/default.nix @@ -1,5 +1,6 @@ _: { imports = [ + ./restic.nix ./postgresql.nix ./redis.nix ]; diff --git a/hosts/arashi/services/postgresql.nix b/hosts/arashi/services/postgresql.nix index 76f235a..53e1e11 100644 --- a/hosts/arashi/services/postgresql.nix +++ b/hosts/arashi/services/postgresql.nix @@ -49,4 +49,11 @@ "vaultwarden" ]; }; + services.postgresqlBackup = { + enable = true; + databases = ["forgejo" "hedgedoc" "grafana" "authelia" "vaultwarden"]; + compression = "zstd"; + compressionLevel = 4; + startAt = "daily"; + }; } diff --git a/hosts/arashi/services/restic.nix b/hosts/arashi/services/restic.nix new file mode 100644 index 0000000..57410d4 --- /dev/null +++ b/hosts/arashi/services/restic.nix @@ -0,0 +1,33 @@ +{ + pkgs, + config, + ... +}: { + sops.secrets.restic-arashi = { + sopsFile = ../../../secrets/restic/secrets.yaml; + }; + environment.systemPackages = [pkgs.restic]; + services.restic = { + backups = { + arashi = { + user = "root"; + paths = [ + "/var/backup/" + ]; + pruneOpts = [ + "--keep-daily=7" + "--keep-weekly=6" + "--keep-monthly=5" + ]; + initialize = true; + repository = "/nas/restic"; + passwordFile = config.sops.secrets.restic-arashi.path; + timerConfig = { + OnCalendar = "daily"; + RandomizedDelaySec = "20m"; + Persistent = true; + }; + }; + }; + }; +} diff --git a/hosts/kariru/hardware.nix b/hosts/kariru/hardware.nix index 8c82a4e..ccc714e 100644 --- a/hosts/kariru/hardware.nix +++ b/hosts/kariru/hardware.nix @@ -27,6 +27,11 @@ fsType = "nfs"; }; + fileSystems."/nas/restic" = { + device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/kariru"; + fsType = "nfs"; + }; + swapDevices = [ {device = "/dev/disk/by-uuid/f28bad28-ae14-4aa7-85c5-47abe46bae56";} ]; diff --git a/hosts/kariru/services/default.nix b/hosts/kariru/services/default.nix index 5ea6c26..d872884 100644 --- a/hosts/kariru/services/default.nix +++ b/hosts/kariru/services/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./restic.nix ./traefik.nix ./torrent.nix ]; diff --git a/hosts/kariru/services/restic.nix b/hosts/kariru/services/restic.nix new file mode 100644 index 0000000..31d924f --- /dev/null +++ b/hosts/kariru/services/restic.nix @@ -0,0 +1,36 @@ +{ + pkgs, + config, + ... +}: { + sops.secrets.restic-kariru = { + sopsFile = ../../../secrets/restic/secrets.yaml; + }; + environment.systemPackages = [pkgs.restic]; + services.restic = { + backups = { + kariru = { + user = "root"; + paths = [ + "/var/lib/radarr" + "/var/lib/sonarr" + "/var/lib/whisparr" + "/var/lib/private/prowlarr" + ]; + pruneOpts = [ + "--keep-daily=7" + "--keep-weekly=6" + "--keep-monthly=5" + ]; + initialize = true; + repository = "/nas/restic"; + passwordFile = config.sops.secrets.restic-kariru.path; + timerConfig = { + OnCalendar = "daily"; + RandomizedDelaySec = "20m"; + Persistent = true; + }; + }; + }; + }; +} diff --git a/hosts/sakura/hardware.nix b/hosts/sakura/hardware.nix index d079188..0bdd1b6 100644 --- a/hosts/sakura/hardware.nix +++ b/hosts/sakura/hardware.nix @@ -16,14 +16,21 @@ device = "/dev/disk/by-uuid/db3e4722-35a6-44fb-8e4d-a75166b845cb"; fsType = "ext4"; }; + fileSystems."/home/notoh/justlog/logs" = { device = "192.168.1.199:/mnt/Sutoreji/twitchlogs"; fsType = "nfs"; }; + + fileSystems."/nas/restic" = { + device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/sakura"; + fsType = "nfs"; + }; swapDevices = [ {device = "/dev/disk/by-uuid/c5afba13-f1af-4e7f-994b-f565c52d92fc";} ]; + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix index 9d80170..c3155fe 100644 --- a/hosts/sakura/services/default.nix +++ b/hosts/sakura/services/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./restic.nix ./authelia.nix ./forgejo.nix ./rustypaste.nix diff --git a/hosts/sakura/services/restic.nix b/hosts/sakura/services/restic.nix new file mode 100644 index 0000000..ba88b77 --- /dev/null +++ b/hosts/sakura/services/restic.nix @@ -0,0 +1,39 @@ +{ + pkgs, + config, + ... +}: { + sops.secrets.restic-sakura = { + sopsFile = ../../../secrets/restic/secrets.yaml; + }; + environment.systemPackages = [pkgs.restic]; + services.restic = { + backups = { + sakura = { + user = "root"; + paths = [ + "/home/notoh/justlog" + "/var/lib/rustypaste" + "/var/lib/forgejo" + ]; + exclude = [ + "/home/notoh/justlog/logs" + "/var/lib/rustypaste/uploads" + ]; + pruneOpts = [ + "--keep-daily=7" + "--keep-weekly=6" + "--keep-monthly=5" + ]; + initialize = true; + repository = "/nas/restic"; + passwordFile = config.sops.secrets.restic-sakura.path; + timerConfig = { + OnCalendar = "daily"; + RandomizedDelaySec = "20m"; + Persistent = true; + }; + }; + }; + }; +} diff --git a/hosts/sora/services/default.nix b/hosts/sora/services/default.nix index 04a02fe..314e881 100644 --- a/hosts/sora/services/default.nix +++ b/hosts/sora/services/default.nix @@ -1,10 +1,10 @@ {...}: { imports = [ + ./restic.nix ./traefik.nix ./uptimekuma.nix ./ntfy-sh.nix ./tailscale.nix - ./restic.nix ./factorio.nix # ./minecraft.nix # ./foundryvtt.nix diff --git a/hosts/sora/services/restic.nix b/hosts/sora/services/restic.nix index 9803932..904404e 100644 --- a/hosts/sora/services/restic.nix +++ b/hosts/sora/services/restic.nix @@ -4,8 +4,12 @@ ... }: { sops.secrets = { - restic-repo-pwd-sora = {}; - sora-b2 = {}; + restic-sora = { + sopsFile = ../../../secrets/restic/secrets.yaml; + }; + sora-b2 = { + sopsFile = ../../../secrets/b2/secrets.yaml; + }; }; environment.systemPackages = [pkgs.restic]; services.restic = { @@ -13,17 +17,17 @@ sora = { user = "root"; paths = [ - "/var/lib/uptime-kuma" - "/var/lib/ntfy-sh" + "/var/lib/private/uptime-kuma" + "/var/lib/private/ntfy-sh" ]; pruneOpts = [ - "--keep-daily=8" + "--keep-daily=7" "--keep-weekly=6" "--keep-monthly=5" ]; repository = "b2:sora-b2"; initialize = true; - passwordFile = config.sops.secrets.restic-repo-pwd-sora.path; + passwordFile = config.sops.secrets.restic-sora.path; environmentFile = config.sops.secrets.sora-b2.path; timerConfig = { OnCalendar = "daily"; diff --git a/hosts/tsuki/services/restic.nix b/hosts/tsuki/services/restic.nix index 7136bf2..9ed37c6 100644 --- a/hosts/tsuki/services/restic.nix +++ b/hosts/tsuki/services/restic.nix @@ -3,7 +3,7 @@ config, ... }: { - sops.secrets.restic-repo-pwd = {}; + sops.secrets.restic-tsuki = {sopsFile = ../../../secrets/restic/secrets.yaml;}; environment.systemPackages = [pkgs.restic]; services.restic = { backups = { @@ -34,13 +34,13 @@ "/home/*/.local/share/.var" ]; pruneOpts = [ - "--keep-daily=8" + "--keep-daily=7" "--keep-weekly=6" "--keep-monthly=5" ]; initialize = true; repository = "/nas/home"; - passwordFile = config.sops.secrets.restic-repo-pwd.path; + passwordFile = config.sops.secrets.restic-tsuki.path; timerConfig = { OnCalendar = "daily"; RandomizedDelaySec = "10m"; diff --git a/hosts/yuki/hardware.nix b/hosts/yuki/hardware.nix index 94dd9af..1a4667d 100644 --- a/hosts/yuki/hardware.nix +++ b/hosts/yuki/hardware.nix @@ -27,9 +27,15 @@ fsType = "nfs"; }; + fileSystems."/nas/restic" = { + device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/yuki"; + fsType = "nfs"; + }; + swapDevices = [ {device = "/dev/disk/by-uuid/bd7ccb73-6f85-4b3d-b37f-5cff58a6ab59";} ]; + networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/yuki/services/default.nix b/hosts/yuki/services/default.nix index ede521f..afd6cbd1 100644 --- a/hosts/yuki/services/default.nix +++ b/hosts/yuki/services/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./restic.nix ./traefik.nix ./stash.nix ./jellyfin.nix diff --git a/hosts/yuki/services/restic.nix b/hosts/yuki/services/restic.nix new file mode 100644 index 0000000..8e32696 --- /dev/null +++ b/hosts/yuki/services/restic.nix @@ -0,0 +1,39 @@ +{ + pkgs, + config, + ... +}: { + sops.secrets.restic-yuki = { + sopsFile = ../../../secrets/restic/secrets.yaml; + }; + environment.systemPackages = [pkgs.restic]; + services.restic = { + backups = { + yuki = { + user = "root"; + paths = [ + "/home/notoh/docker" + "/var/lib/jellyfin" + "/var/lib/private/jellyseerr" + "/var/lib/private/homepage-dashboard" + ]; + exclude = [ + "/home/notoh/docker/stash/data" + ]; + pruneOpts = [ + "--keep-daily=7" + "--keep-weekly=6" + "--keep-monthly=5" + ]; + initialize = true; + repository = "/nas/restic"; + passwordFile = config.sops.secrets.restic-yuki.path; + timerConfig = { + OnCalendar = "daily"; + RandomizedDelaySec = "20m"; + Persistent = true; + }; + }; + }; + }; +}