From 4f94d01226d977ad3124f06c85e9575256421247 Mon Sep 17 00:00:00 2001
From: notohh <github@notohh.dev>
Date: Tue, 13 Jun 2023 12:11:08 -0400
Subject: [PATCH] hosts: move stash -> yuki, init yuki restic

---
 hosts/sakura/hardware-configuration.nix   |  6 ++--
 hosts/sakura/services/default.nix         |  1 -
 hosts/sakura/services/traefik.nix         |  6 ----
 hosts/yuki/hardware-configuration.nix     | 10 +++++++
 hosts/yuki/services/default.nix           |  2 ++
 hosts/yuki/services/restic.nix            | 36 +++++++++++++++++++++++
 hosts/{sakura => yuki}/services/stash.nix |  0
 hosts/yuki/services/traefik.nix           |  7 +++++
 8 files changed, 57 insertions(+), 11 deletions(-)
 create mode 100644 hosts/yuki/services/restic.nix
 rename hosts/{sakura => yuki}/services/stash.nix (100%)

diff --git a/hosts/sakura/hardware-configuration.nix b/hosts/sakura/hardware-configuration.nix
index 11bf19f..03eb9ed 100644
--- a/hosts/sakura/hardware-configuration.nix
+++ b/hosts/sakura/hardware-configuration.nix
@@ -16,14 +16,12 @@
     device = "/dev/disk/by-uuid/db3e4722-35a6-44fb-8e4d-a75166b845cb";
     fsType = "ext4";
   };
-  fileSystems."/home/notoh/docker/stash/data" = {
-    device = "192.168.1.71:/volume1/stash";
-    fsType = "nfs";
-  };
+
   fileSystems."/media" = {
     device = "192.168.1.71:/volume1/media";
     fsType = "nfs";
   };
+
   swapDevices = [
     {device = "/dev/disk/by-uuid/c5afba13-f1af-4e7f-994b-f565c52d92fc";}
   ];
diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix
index 19ed261..3e918d4 100644
--- a/hosts/sakura/services/default.nix
+++ b/hosts/sakura/services/default.nix
@@ -4,7 +4,6 @@
     ./homepage.nix
     ./searxng.nix
     ./hugo.nix
-    ./stash.nix
     ./foundryvtt.nix
     ./forgejo.nix
     ./jellyfin.nix
diff --git a/hosts/sakura/services/traefik.nix b/hosts/sakura/services/traefik.nix
index cffb130..ef79515 100644
--- a/hosts/sakura/services/traefik.nix
+++ b/hosts/sakura/services/traefik.nix
@@ -29,11 +29,6 @@
             entrypoints = ["web"];
             service = "searxng";
           };
-          stash = {
-            rule = "Host(`stash.home.arpa`)";
-            entrypoints = ["web"];
-            service = "stash";
-          };
           jellyfin = {
             rule = "Host(`jellyfin.home.arpa`)";
             entrypoints = ["web"];
@@ -93,7 +88,6 @@
           homepage.loadBalancer.servers = [{url = "http://localhost:3005";}];
           searxng.loadBalancer.servers = [{url = "http://localhost:8085";}];
           hugo.loadBalancer.servers = [{url = "http://localhost:1313";}];
-          stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
           jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}];
           foundryvtt.loadBalancer.servers = [{url = "http://localhost:30000";}];
           gitea.loadBalancer.servers = [{url = "http://localhost:3200";}];
diff --git a/hosts/yuki/hardware-configuration.nix b/hosts/yuki/hardware-configuration.nix
index 4feca47..e65022c 100644
--- a/hosts/yuki/hardware-configuration.nix
+++ b/hosts/yuki/hardware-configuration.nix
@@ -23,6 +23,16 @@
     fsType = "vfat";
   };
 
+  fileSystems."/nas" = {
+    device = "192.168.1.71:/volume1/yuki";
+    fsType = "nfs";
+  };
+
+  fileSystems."/home/notoh/docker/stash/data" = {
+    device = "192.168.1.71:/volume1/stash";
+    fsType = "nfs";
+  };
+
   swapDevices = [
     {device = "/dev/disk/by-uuid/34a9e234-35da-4140-b231-2bb983a5204b";}
   ];
diff --git a/hosts/yuki/services/default.nix b/hosts/yuki/services/default.nix
index 2e414b5..a21f51d 100644
--- a/hosts/yuki/services/default.nix
+++ b/hosts/yuki/services/default.nix
@@ -1,6 +1,8 @@
 {...}: {
   imports = [
+    ./restic.nix
     ./traefik.nix
     ./kanboard.nix
+    ./stash.nix
   ];
 }
diff --git a/hosts/yuki/services/restic.nix b/hosts/yuki/services/restic.nix
new file mode 100644
index 0000000..5a83a1e
--- /dev/null
+++ b/hosts/yuki/services/restic.nix
@@ -0,0 +1,36 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  sops.secrets.restic-repo-pwd = {};
+  environment.systemPackages = [pkgs.restic];
+  services.restic = {
+    backups = {
+      ame = {
+        paths = [
+          "/home"
+        ];
+        exclude = [
+          "*.qcow2"
+          "*.iso"
+          "/home/*/Downloads"
+          "/home/*/.cache"
+          "/home/*/.local/share/Trash"
+          "/home/*/.local/share/.var"
+        ];
+        pruneOpts = [
+          "--keep-daily=4"
+          "--keep-weekly=3"
+          "--keep-monthly=2"
+        ];
+        initialize = true;
+        repository = "/nas/home";
+        passwordFile = config.sops.secrets.restic-repo-pwd.path;
+        timerConfig = {
+          OnCalendar = "daily";
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/sakura/services/stash.nix b/hosts/yuki/services/stash.nix
similarity index 100%
rename from hosts/sakura/services/stash.nix
rename to hosts/yuki/services/stash.nix
diff --git a/hosts/yuki/services/traefik.nix b/hosts/yuki/services/traefik.nix
index 3bc8811..008b3db 100644
--- a/hosts/yuki/services/traefik.nix
+++ b/hosts/yuki/services/traefik.nix
@@ -1,4 +1,5 @@
 _: {
+  networking.firewall.allowedTCPPorts = [80 443];
   services.traefik = {
     enable = true;
     dynamicConfigOptions = {
@@ -14,9 +15,15 @@ _: {
             entryPoints = ["web"];
             service = "kanboard";
           };
+          stash = {
+            rule = "Host(`stash.home.arpa`)";
+            entrypoints = ["web"];
+            service = "stash";
+          };
         };
         services = {
           kanboard.loadBalancer.servers = [{url = "http://localhost:8080";}];
+          stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
         };
       };
     };