Compare commits

...

2 commits

Author SHA1 Message Date
0845808f39
hosts: init restic
Some checks failed
flake check / check (push) Successful in 10m2s
fmt check / check (push) Has been cancelled
2023-12-31 12:51:49 -05:00
444b259880
sops: add restic & b2 paths 2023-12-31 12:51:02 -05:00
20 changed files with 253 additions and 17 deletions

View file

@ -6,4 +6,12 @@ creation_rules:
- path_regex: secrets/[^/]+\.yaml$
key_groups:
- age:
- *notoh
- *notoh
- path_regex: secrets/b2/[^/]+\.yaml$
key_groups:
- age:
- *notoh
- path_regex: secrets/restic/[^/]+\.yaml$
key_groups:
- age:
- *notoh

View file

@ -17,6 +17,11 @@
fsType = "ext4";
};
fileSystems."/nas/restic" = {
device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/arashi";
fsType = "nfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140";}
];

View file

@ -1,5 +1,6 @@
_: {
imports = [
./restic.nix
./postgresql.nix
./redis.nix
];

View file

@ -49,4 +49,11 @@
"vaultwarden"
];
};
services.postgresqlBackup = {
enable = true;
databases = ["forgejo" "hedgedoc" "grafana" "authelia" "vaultwarden"];
compression = "zstd";
compressionLevel = 4;
startAt = "daily";
};
}

View file

@ -0,0 +1,33 @@
{
pkgs,
config,
...
}: {
sops.secrets.restic-arashi = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [pkgs.restic];
services.restic = {
backups = {
arashi = {
user = "root";
paths = [
"/var/backup/"
];
pruneOpts = [
"--keep-daily=7"
"--keep-weekly=6"
"--keep-monthly=5"
];
initialize = true;
repository = "/nas/restic";
passwordFile = config.sops.secrets.restic-arashi.path;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "20m";
Persistent = true;
};
};
};
};
}

View file

@ -27,6 +27,11 @@
fsType = "nfs";
};
fileSystems."/nas/restic" = {
device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/kariru";
fsType = "nfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/f28bad28-ae14-4aa7-85c5-47abe46bae56";}
];

View file

@ -1,5 +1,6 @@
{...}: {
imports = [
./restic.nix
./traefik.nix
./torrent.nix
];

View file

@ -0,0 +1,36 @@
{
pkgs,
config,
...
}: {
sops.secrets.restic-kariru = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [pkgs.restic];
services.restic = {
backups = {
kariru = {
user = "root";
paths = [
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/whisparr"
"/var/lib/private/prowlarr"
];
pruneOpts = [
"--keep-daily=7"
"--keep-weekly=6"
"--keep-monthly=5"
];
initialize = true;
repository = "/nas/restic";
passwordFile = config.sops.secrets.restic-kariru.path;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "20m";
Persistent = true;
};
};
};
};
}

View file

@ -16,14 +16,21 @@
device = "/dev/disk/by-uuid/db3e4722-35a6-44fb-8e4d-a75166b845cb";
fsType = "ext4";
};
fileSystems."/home/notoh/justlog/logs" = {
device = "192.168.1.199:/mnt/Sutoreji/twitchlogs";
fsType = "nfs";
};
fileSystems."/nas/restic" = {
device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/sakura";
fsType = "nfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/c5afba13-f1af-4e7f-994b-f565c52d92fc";}
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,5 +1,6 @@
{...}: {
imports = [
./restic.nix
./authelia.nix
./forgejo.nix
./rustypaste.nix

View file

@ -0,0 +1,39 @@
{
pkgs,
config,
...
}: {
sops.secrets.restic-sakura = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [pkgs.restic];
services.restic = {
backups = {
sakura = {
user = "root";
paths = [
"/home/notoh/justlog"
"/var/lib/rustypaste"
"/var/lib/forgejo"
];
exclude = [
"/home/notoh/justlog/logs"
"/var/lib/rustypaste/uploads"
];
pruneOpts = [
"--keep-daily=7"
"--keep-weekly=6"
"--keep-monthly=5"
];
initialize = true;
repository = "/nas/restic";
passwordFile = config.sops.secrets.restic-sakura.path;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "20m";
Persistent = true;
};
};
};
};
}

View file

@ -1,10 +1,10 @@
{...}: {
imports = [
./restic.nix
./traefik.nix
./uptimekuma.nix
./ntfy-sh.nix
./tailscale.nix
./restic.nix
./factorio.nix
# ./minecraft.nix
# ./foundryvtt.nix

View file

@ -4,8 +4,12 @@
...
}: {
sops.secrets = {
restic-repo-pwd-sora = {};
sora-b2 = {};
restic-sora = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
sora-b2 = {
sopsFile = ../../../secrets/b2/secrets.yaml;
};
};
environment.systemPackages = [pkgs.restic];
services.restic = {
@ -13,17 +17,17 @@
sora = {
user = "root";
paths = [
"/var/lib/uptime-kuma"
"/var/lib/ntfy-sh"
"/var/lib/private/uptime-kuma"
"/var/lib/private/ntfy-sh"
];
pruneOpts = [
"--keep-daily=8"
"--keep-daily=7"
"--keep-weekly=6"
"--keep-monthly=5"
];
repository = "b2:sora-b2";
initialize = true;
passwordFile = config.sops.secrets.restic-repo-pwd-sora.path;
passwordFile = config.sops.secrets.restic-sora.path;
environmentFile = config.sops.secrets.sora-b2.path;
timerConfig = {
OnCalendar = "daily";

View file

@ -3,7 +3,7 @@
config,
...
}: {
sops.secrets.restic-repo-pwd = {};
sops.secrets.restic-tsuki = {sopsFile = ../../../secrets/restic/secrets.yaml;};
environment.systemPackages = [pkgs.restic];
services.restic = {
backups = {
@ -34,13 +34,13 @@
"/home/*/.local/share/.var"
];
pruneOpts = [
"--keep-daily=8"
"--keep-daily=7"
"--keep-weekly=6"
"--keep-monthly=5"
];
initialize = true;
repository = "/nas/home";
passwordFile = config.sops.secrets.restic-repo-pwd.path;
passwordFile = config.sops.secrets.restic-tsuki.path;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "10m";

View file

@ -27,9 +27,15 @@
fsType = "nfs";
};
fileSystems."/nas/restic" = {
device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/yuki";
fsType = "nfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/bd7ccb73-6f85-4b3d-b37f-5cff58a6ab59";}
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,5 +1,6 @@
{...}: {
imports = [
./restic.nix
./traefik.nix
./stash.nix
./jellyfin.nix

View file

@ -0,0 +1,39 @@
{
pkgs,
config,
...
}: {
sops.secrets.restic-yuki = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [pkgs.restic];
services.restic = {
backups = {
yuki = {
user = "root";
paths = [
"/home/notoh/docker"
"/var/lib/jellyfin"
"/var/lib/private/jellyseerr"
"/var/lib/private/homepage-dashboard"
];
exclude = [
"/home/notoh/docker/stash/data"
];
pruneOpts = [
"--keep-daily=7"
"--keep-weekly=6"
"--keep-monthly=5"
];
initialize = true;
repository = "/nas/restic";
passwordFile = config.sops.secrets.restic-yuki.path;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "20m";
Persistent = true;
};
};
};
};
}

21
secrets/b2/secrets.yaml Normal file
View file

@ -0,0 +1,21 @@
sora-b2: ENC[AES256_GCM,data:gdV/m+QogdmKZjW/YPqtp8F7lx4xXNVErX+81hiBDF7t7PBOtmfTepnSy43L/dBA3m65ODXvW7/df4JVnCqMyRQccEaauD4HtZDSMmTOED1xVX6X/Hl5,iv:T8ID+98vVKtB/uxf5OmkJmOn7vX5wYi0x36P4Ti1YN4=,tag:tWqGW3vZzg/WwCsGga4aXg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK1BKNjcwZWFxVU9EeXRR
c1FvVi9uT1NGajMrZzRaSFIwK0ZadUE5UGxJCnVCR3kycU02aHVMajJQUzJVeEt4
VmhSMWZrSmtFK1RQMTZ2M0ZsSVBlZGMKLS0tIDVTWmlUN3p0dFNESGpmUlZMYVRo
bE85dXI2VVN1Z2c0ZFQvdkQwM3FGbUkKWy5O+mqHTokLVV5FQ4UziVBadxpymX9D
BHUoDve8WgKFkRCY46ibnYofIumJqYRiHXPSUN46QQMg0GDma3jWRA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-31T16:07:07Z"
mac: ENC[AES256_GCM,data:+VXs1T4n60eBzCFmgWFit5A65lCvIdBcuFoflFr62nJQuLMj0NkPhpE5605f8pfSK3iZQgknljixNs4yfp18jtH8Wr6g5X6e/UcYVGKwt464Zh0b18NHOoxv/7m/jBPgskNWdvEhFUnfh27KQaisfZbFKksaNA3QAHe6sM0dTlU=,iv:LjUufX0VnGT3SMYUn3hpKL+YMEgvMBj5LAvLbzxMaCY=,tag:CnrpJvp9UQef8nkS4NMLzA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -0,0 +1,26 @@
restic-tsuki: ENC[AES256_GCM,data:MPCPYbFm4SR8CJvEjmmt+vPSJu3w4SUlXRRkijW01po=,iv:FClVeZGKlPD8MXqQm2zj2cTBJGLJSv3ZlmdQEocJG5Q=,tag:YQzuhQAKAd/9GXihKOSQQw==,type:str]
restic-sakura: ENC[AES256_GCM,data:KCv4kj0G8eUIo7vhe8TUmuL0m35J9NnxKcBiJh0VC6Q=,iv:C8XgTJfjvAM4bV1SMgmx8QWzhKln9nV4nYZUkopuz4w=,tag:zBREioxOV8U9ujeBAuHV9Q==,type:str]
restic-sora: ENC[AES256_GCM,data:frxiGhrodKFn9gfHYCz0AUDik5hdjGW3McJNFerMFWU=,iv:Gek/eBEqFB9llsUveSgSHiz5YQsFPfepMuWMFspiwb4=,tag:XrLAAEtgjr/UH3JTvFOV8Q==,type:str]
restic-yuki: ENC[AES256_GCM,data:fvGrVXKQ5cLXVfgb1nCWhxV9yuRG6FdyE2WvB1rlOyA=,iv:CQ1LkIthrh9iPg4dJJr4fKceMc0/w25rlRzo0So+5GU=,tag:/LrWhz/dtGoVOPnpXrV2yw==,type:str]
restic-arashi: ENC[AES256_GCM,data:L2GuxUCfbUlWg9un3h6cSp9UAtA5auYiQiIIS0TvWRE=,iv:XJZBGrNurnLDmZyQaePaRUu6ahjqgwUap/vP9bPKHmE=,tag:Dk2Ior6IDt9HbM2IRwKe+A==,type:str]
restic-kariru: ENC[AES256_GCM,data:ghG6DnPdt6j1A6qZdmcaG5HGDGSHiAU7CJAiA7GLoAU=,iv:+6/vu7lPYPbVndSlrv9yLlOTGM9dzP+7lkIqBodQMWw=,tag:70yx7peJSmE6H8rtrloiaw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTDQ5R1Z1eTZtSnJvNjJN
NjF3R2JGZTIvU1Y5N1cwWEg4UFl3ZkF3N1NJCkZzT0dQcGFyVWhlWkU1anhwSHcy
dGJTaWh6QUduS1ZvT2I4UmlSVWdUQVkKLS0tIDRkakMxd0hveHRqaG43SUZtNEw3
NmQ4UythUU03bWMvRmZMaVJGM1FkMU0Km33/zUXSLWuEQqxIFklI0JToLXARlV3m
EB18XYH+m/9VoYy2sN5dMoUdSflPqjGgxAPxuX5TU+F7MAsVkpdOVg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-31T17:30:09Z"
mac: ENC[AES256_GCM,data:kqH4dYqR17PvcifBLAcfHogN9LDj71QF+kj4TZHBlc6UVjnygtnJWFDUS6rQHVuKDmOucFb0TYFPk5FcGEnwSb752UlbmQTb+1/XC0trOqMZzjlySmRkZfJt7ejDy7PutkTSNfmr0QsKAw1YP7duhuE0VQas6s2LQmnFvSv/7xs=,iv:hd3abxF2U6DuntH4YLt2kNYTdJx5SqMjTvqKyYNJcTw=,tag:9YnrBRGRKdXTKOWyMpPFAg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -2,9 +2,6 @@ foundry-username: ENC[AES256_GCM,data:YYZ5Q6UlWPqbH8iYhqoR6pYFmQ3NAjY=,iv:pRjblo
foundry-password: ENC[AES256_GCM,data:c6cO1vV/thC7U1ha/1FiVVzk0KtvUnTRgJ9ysyO35uYhVK2ggyLUMAqBaXUduf4CXQ==,iv:jdnuyZyoaLN4waGI9MlU0coWg1adDIShrQykfuBq3UM=,tag:HNkaY/8k7JKQVCjjPlkO/w==,type:str]
cloudflare-api-key: ENC[AES256_GCM,data:ZEYzFht24xogGov/Dkk9MQm0CZ/GPHvVgC7manQ2hOp1ljUOPrlHlShnNZnXctkv0VSwkQUARddCFQbAno79bUM=,iv:V54QifTBvy+5Q5JErfv2IRW0wpBn7q9KozAogy94gwU=,tag:1tz/0lNHLUTiYOH4V1jkDA==,type:str]
rusty-auth-token: ENC[AES256_GCM,data:FZ1bC6wijkHPII2AlYnDq9P6pFq2qWVo,iv:92ZH8N52sml8ZkvfuXf472Jj/JbnaWfy38AX6GTvszA=,tag:Suq7P86MhjUx0WmPuGpCUA==,type:str]
restic-repo-pwd: ENC[AES256_GCM,data:wan4U/w6417NWnbTTe7ID4y6Dv+bs0D3Fvw9ur6gIdU=,iv:4B5ihL5/QiNObqZwLwo4Sd33zx4pqRWszdzdutvK6a0=,tag:KqU5sSpPG8n6qHxxJUpDTg==,type:str]
restic-repo-pwd-sora: ENC[AES256_GCM,data:Uehs6DdpjqEk46MmchPyNnxr0Zkdo4ciavb4S/BqZmg=,iv:SCnmy2kNOpOndgRdQzkugEnwi6ZvvdOGu/Kc5yqp8Oo=,tag:AZKRBvD0EGpFAveyw8SQNQ==,type:str]
sora-b2: ENC[AES256_GCM,data:l2q9nZtAlgrNpY6G3pY9u/aV6xXIy4tZrN5NvQbE2zo4ZVnajQVU8PIP9T4Lx11VsiFhNkI51g4qo3XOntciVLSr5sxNZGyGl456/2HFREGAx2u9HrBi,iv:FgX+2thp9GuHSNEvmZlX4eZR5jtwoMbYpPO3r2WnHGs=,tag:J1MMc8SKjPG0FQPub06BWA==,type:str]
gluetun: ENC[AES256_GCM,data:yL+LOPpwU+CAtbjc7YWbNUOTpDhq4mH3aJOl3hPYxgbFUba6NVJQ73mFt7BF+PXeqA/ilbZJW3GbCfAoXWLDP3qzFYqs9XeEV/FhHznkVHB88xdr+Fbv7cuCEa7PnnYbSiwr/R68EZLsGSr+u99+uu1TH6ABXG9nJna0bkwkTfx6ui/Yc2GndWS+Ew==,iv:rYdMasJS1LqMGvMYFyAdEkoTLtOHrZHGcfBOvbn63bg=,tag:YNcP/pvgKHPYNhAwVGdFHw==,type:str]
authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str]
authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str]
@ -14,7 +11,6 @@ snowflake-runner-token: ENC[AES256_GCM,data:CYtnZeCCd3IbNq95xCAoftYRxYf5QdZk1cw2
basegbot-runner-token: ENC[AES256_GCM,data:US3VkT2+S9sKPJ7zPNNBudV/884/cNfmEZVdmWHnL4WWdvUej5aIbQ==,iv:mEjU7DF4NCX7WwLP4+CxlV3aKZOkL7t6wyM4Mz7sPrg=,tag:JrMiiQ2TT3OET4iyO6pUog==,type:str]
nixgarden-runner-token: ENC[AES256_GCM,data:3XxAKiWHxFLicQPebYwBhqL+fMft8iCkikyveIb9O++X1YuygNFRLw==,iv:DT58z4RvmVQth/4VubcMIT55CyGk1/3j5s7IQ/9Bw8s=,tag:oXDNZPTQ02Ybe9pqN5zHow==,type:str]
searxng-secret: ENC[AES256_GCM,data:SSvspQVRp79zJq0hzaqzuJIWFtVUoaqHGH9PXUViiXb9UKJM34t82o2J5K69RcOSBL7HadqmxcT4Eh8e8ZUJnquD7rrPdWb2Ih4zS7MmG94=,iv:wrQNNU7CjzfePNe1tWEXmN30vC0jTp+PtgfI3/XH22g=,tag:QAt/QL846hLLIMLQZUM3mQ==,type:str]
neko-admin: ENC[AES256_GCM,data:E5goYrVyM2uQ1WLLHdcOzqX8gGO5EXJRqCRtaqAjrbUAeFRDU8A=,iv:Osh2SCeFYIvossZZ1NZH0xMrfhTcYAa6nssJhhmNNP0=,tag:m7shoTDw+Cya6Cg50yWaZg==,type:str]
smtp2go-pwd: ENC[AES256_GCM,data:03OCDnG73T8B2Q3TJLt1kg==,iv:QFI34ZoM88AuGvOwVmxsplkNKWFgwqBn1AFdHNREses=,tag:9YABs0nAh7Cx2vybuIW9sA==,type:str]
sops:
kms: []
@ -31,8 +27,8 @@ sops:
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-31T14:22:09Z"
mac: ENC[AES256_GCM,data:3ErNe8b+tylK8YbiSDrPO8971++wTjKdaqFLCI03j+/0vEWZrSm7kEqyV/2qq/BlUUjeRQJK++dBQh1+KzZCF9ll6nrYk73WvXtCmBSwyzzYrM+Rk0u+7T+PLnGBwJrM31URxfKQKxwEvzwd27hQveoTSid2SFYrntDlxomHstQ=,iv:kHP0OOx78bwKuHLb9KTcdB1YXUj1fBjpyDxqgHNQse0=,tag:gJ9HcmiIyc9hmFwXcSBr+g==,type:str]
lastmodified: "2023-12-31T17:49:39Z"
mac: ENC[AES256_GCM,data:YO6sOYkE6pMRZ30H6N/fkZrT7HK1p7CIN3+HgJUrWDesCMEx+ttrWODST3irAYfud0/gFIMX0amrHqyJqmFd39uic/djnz833ptSc5NhEljMw65mgNGMdpdfI5vWCAd8QZ8Gjamf5I+e0NywQ84IGjfHszDtz1jqbjUIMBq2DjU=,iv:cMdTOXULPdgoJ5RuMr4G7JrBlW9l3ZIWWhDgJm4LUZA=,tag:p1tOEoYYlSNNqbGjVOmRmA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1