feat: add paperless and radicale backups to hetzner

2024-01-20 03:02:26 +01:00 · 2024-01-20 03:02:26 +01:00 · 78ecdd2780
commit 78ecdd2780
parent f9e1247b8a
12 changed files with 128 additions and 67 deletions
--- a/hosts/sire/guests/samba.nix
+++ b/hosts/sire/guests/samba.nix
@ -246,7 +246,7 @@ in {
            "/shares/users/${user}-paperless".d = {
              user = "paperless";
              group = "paperless";
-              mode = "0750";
+              mode = "0550";
            };
            "/paperless/consume/${user}".d = {
              user = "paperless";
@ -347,37 +347,9 @@ in {
    }
    // lib.mapAttrs (_: cfg: {gid = cfg.id;}) (smbUsers // smbGroups);

-  # Backups
-  # ========================================================================
-
-  age.secrets.restic-encryption-password.generator.script = "alnum";
-  age.secrets.restic-ssh-privkey.generator.script = "ssh-ed25519";
-
-  services.restic.backups.main = {
-    hetznerStorageBox = let
-      box = config.repo.secrets.global.hetzner.storageboxes.dusk;
-    in {
-      enable = true;
-      inherit (box) mainUser;
-      inherit (box.users.samba) subUid path;
-      sshAgeSecret = "restic-ssh-privkey";
-    };
-
-    # We need to backup stuff from other users, so run as root.
+  backups.storageBoxes.dusk = {
+    subuser = "samba";
    user = "root";
-    timerConfig = {
-      OnCalendar = "06:15";
-      RandomizedDelaySec = "3h";
-      Persistent = true;
-    };
-    initialize = true;
-    passwordFile = config.age.secrets.restic-encryption-password.path;
    paths = ["/bunker"];
-    pruneOpts = [
-      "--keep-daily 14"
-      "--keep-weekly 7"
-      "--keep-monthly 12"
-      "--keep-yearly 75"
-    ];
  };
 }