96 lines
2.7 KiB
Nix
96 lines
2.7 KiB
Nix
{
|
|
config,
|
|
keys,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
storagebox-user = "u422292-sub1";
|
|
storagebox-host = "${storagebox-user}.your-storagebox.de";
|
|
storagebox-nightly-backup-name = "storagebox-nightly";
|
|
storagebox-weekly-home-backup-name = "storagebox-weekly-home";
|
|
in
|
|
{
|
|
environment.systemPackages = [
|
|
pkgs.sshpass
|
|
];
|
|
|
|
age.secrets.restic-genepi-storagebox-key.file = ../../secrets/restic-genepi-storagebox-key.age;
|
|
age.secrets.restic-genepi-storagebox-password.file = ../../secrets/restic-genepi-storagebox-password.age;
|
|
|
|
programs.ssh.knownHosts = {
|
|
"${storagebox-host}".publicKey = keys.hosts.storagebox-rsa;
|
|
};
|
|
|
|
services.restic.backups."${storagebox-nightly-backup-name}" = {
|
|
initialize = true;
|
|
paths = [
|
|
"/persist"
|
|
];
|
|
exclude = [
|
|
"/persist/@backup-snapshot"
|
|
];
|
|
passwordFile = config.age.secrets.restic-genepi-storagebox-key.path;
|
|
repository = "sftp://${storagebox-user}@${storagebox-host}/";
|
|
extraOptions = [
|
|
"sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'"
|
|
];
|
|
timerConfig = {
|
|
OnCalendar = "03:00";
|
|
RandomizedDelaySec = "1h";
|
|
};
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 5"
|
|
"--keep-monthly 12"
|
|
"--keep-yearly 10"
|
|
];
|
|
backupPrepareCommand = ''
|
|
set -Eeuxo pipefail
|
|
# clean old snapshot
|
|
if btrfs subvolume delete /persist/@backup-snapshot; then
|
|
echo "WARNING: previous run did not cleanly finish, removing old snapshot"
|
|
fi
|
|
|
|
btrfs subvolume snapshot -r /persist /persist/@backup-snapshot
|
|
|
|
umount /persist
|
|
mount -t btrfs -o subvol=/persist/@backup-snapshot /dev/disk/by-partlabel/disk-main-root /persist
|
|
'';
|
|
backupCleanupCommand = ''
|
|
btrfs subvolume delete /persist/@backup-snapshot
|
|
'';
|
|
};
|
|
|
|
systemd.services."restic-backups-${storagebox-nightly-backup-name}" = {
|
|
path = with pkgs; [
|
|
btrfs-progs
|
|
umount
|
|
mount
|
|
];
|
|
serviceConfig.privateMounts = true;
|
|
};
|
|
|
|
# Backup home
|
|
services.restic.backups."${storagebox-weekly-home-backup-name}" = {
|
|
initialize = true;
|
|
paths = [
|
|
"/home/rpqt"
|
|
];
|
|
passwordFile = config.age.secrets.restic-genepi-storagebox-key.path;
|
|
repository = "sftp://${storagebox-user}@${storagebox-host}/";
|
|
extraOptions = [
|
|
"sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'"
|
|
];
|
|
timerConfig = {
|
|
OnCalendar = "Sat 03:30";
|
|
RandomizedDelaySec = "1h";
|
|
};
|
|
pruneOpts = [
|
|
"--keep-weekly 1"
|
|
"--keep-monthly 12"
|
|
"--keep-yearly 10"
|
|
];
|
|
};
|
|
}
|