rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

setup restic backups for genepi

Browse Source
This commit is contained in:
Romain Paquet
2025-01-30 17:46:00 +01:00
parent e4d192ce6c
commit 34a3c831e8
6 changed files with 53 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
hosts/genepi/backup.nix Normal file
View File

@@ -0,0 +1,40 @@
{
config,
keys,
pkgs,
...
}:
let
storagebox-user = "u422292-sub1";
storagebox-host = "${storagebox-user}.your-storagebox.de";
in
{
environment.systemPackages = [
pkgs.sshpass
];
age.secrets.restic-genepi-storagebox-key.file = ../../secrets/restic-genepi-storagebox-key.age;
age.secrets.restic-genepi-storagebox-password.file = ../../secrets/restic-genepi-storagebox-password.age;
programs.ssh.knownHosts = {
"${storagebox-host}".publicKey = keys.hosts.storagebox;
};
services.restic.backups = {
storagebox-nightly = {
initialize = true;
paths = [
"/persist"
];
passwordFile = config.age.secrets.restic-genepi-storagebox-key.path;
repository = "sftp://${storagebox-user}@${storagebox-host}";
extraOptions = [
"sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'"
];
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "1h";
};
};
};
}

1
hosts/genepi/default.nix
View File

@@ -9,6 +9,7 @@
inputs.agenix.nixosModules.default
inputs.impermanence.nixosModules.impermanence
./acme.nix
./backup.nix
./boot.nix
./disk.nix
./dns.nix

1
parts/keys.nix
View File

@@ -3,5 +3,6 @@
hosts = {
genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
}

BIN
secrets/restic-genepi-storagebox-key.age Normal file
View File

Binary file not shown.

BIN
secrets/restic-genepi-storagebox-password.age Normal file
View File

Binary file not shown.

14
secrets/secrets.nix
View File

@@ -1,9 +1,17 @@
let
keys = import ../parts/keys.nix;
in
{
"gandi.age".publicKeys = [
keysForGenepi = [
keys.hosts.genepi
keys.rpqt.haze
];
in
{
"gandi.age".publicKeys = keysForGenepi;
# Storagebox sub-account password
"restic-genepi-storagebox-password.age".publicKeys = keysForGenepi;
# Restic repository key
"restic-genepi-storagebox-key.age".publicKeys = keysForGenepi;
}