sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add restic hetzner module, script still wip

Browse source
This commit is contained in:
oddlama 2024-01-14 18:01:35 +01:00
parent 1165dc44aa
commit a464c99fb8
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
7 changed files with 106 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

33
hosts/sire/guests/samba.nix
View file

@ -209,4 +209,37 @@ in {
];
users.groups = lib.mapAttrs (_: cfg: {gid = cfg.id;}) (smbUsers // smbGroups);
# Backups
# ========================================================================
age.secrets.restic-encryption-password.generator.script = "alnum";
age.secrets.restic-ssh-privkey.generator.script = "ssh-ed25519";
services.restic.backups.main = {
hetznerStorageBox = let
box = config.repo.secrets.global.hetzner.storageboxes.dusk;
in {
enable = true;
inherit (box) mainUser;
inherit (box.users.samba) subUid path;
sshPrivateKeyFile = config.age.secrets.restic-ssh-privkey.path;
};
user = "root";
timerConfig = {
OnCalendar = "06:15";
RandomizedDelaySec = "3h";
Persistent = true;
};
initialize = true;
passwordFile = config.age.secrets.restic-encryption-password.path;
paths = ["/bunker"];
pruneOpts = [
"--keep-daily 14"
"--keep-weekly 7"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
}