setup restic backups for genepi
This commit is contained in:
parent
e4d192ce6c
commit
34a3c831e8
6 changed files with 53 additions and 3 deletions
40
hosts/genepi/backup.nix
Normal file
40
hosts/genepi/backup.nix
Normal file
|
|
@ -0,0 +1,40 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
keys,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
storagebox-user = "u422292-sub1";
|
||||||
|
storagebox-host = "${storagebox-user}.your-storagebox.de";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.sshpass
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets.restic-genepi-storagebox-key.file = ../../secrets/restic-genepi-storagebox-key.age;
|
||||||
|
age.secrets.restic-genepi-storagebox-password.file = ../../secrets/restic-genepi-storagebox-password.age;
|
||||||
|
|
||||||
|
programs.ssh.knownHosts = {
|
||||||
|
"${storagebox-host}".publicKey = keys.hosts.storagebox;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.backups = {
|
||||||
|
storagebox-nightly = {
|
||||||
|
initialize = true;
|
||||||
|
paths = [
|
||||||
|
"/persist"
|
||||||
|
];
|
||||||
|
passwordFile = config.age.secrets.restic-genepi-storagebox-key.path;
|
||||||
|
repository = "sftp://${storagebox-user}@${storagebox-host}";
|
||||||
|
extraOptions = [
|
||||||
|
"sftp.command='${pkgs.sshpass}/bin/sshpass -f ${config.age.secrets.restic-genepi-storagebox-password.path} -- ssh ${storagebox-host} -l ${storagebox-user} -s sftp'"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "03:00";
|
||||||
|
RandomizedDelaySec = "1h";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
inputs.agenix.nixosModules.default
|
inputs.agenix.nixosModules.default
|
||||||
inputs.impermanence.nixosModules.impermanence
|
inputs.impermanence.nixosModules.impermanence
|
||||||
./acme.nix
|
./acme.nix
|
||||||
|
./backup.nix
|
||||||
./boot.nix
|
./boot.nix
|
||||||
./disk.nix
|
./disk.nix
|
||||||
./dns.nix
|
./dns.nix
|
||||||
|
|
|
||||||
|
|
@ -3,5 +3,6 @@
|
||||||
|
|
||||||
hosts = {
|
hosts = {
|
||||||
genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
|
genepi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQUzjid5mfMYginIUCVWTF7rWvWz0mUZBZsl5EhDIDl root@genepi";
|
||||||
|
storagebox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
BIN
secrets/restic-genepi-storagebox-key.age
Normal file
BIN
secrets/restic-genepi-storagebox-key.age
Normal file
Binary file not shown.
BIN
secrets/restic-genepi-storagebox-password.age
Normal file
BIN
secrets/restic-genepi-storagebox-password.age
Normal file
Binary file not shown.
|
|
@ -1,9 +1,17 @@
|
||||||
let
|
let
|
||||||
keys = import ../parts/keys.nix;
|
keys = import ../parts/keys.nix;
|
||||||
in
|
|
||||||
{
|
keysForGenepi = [
|
||||||
"gandi.age".publicKeys = [
|
|
||||||
keys.hosts.genepi
|
keys.hosts.genepi
|
||||||
keys.rpqt.haze
|
keys.rpqt.haze
|
||||||
];
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"gandi.age".publicKeys = keysForGenepi;
|
||||||
|
|
||||||
|
# Storagebox sub-account password
|
||||||
|
"restic-genepi-storagebox-password.age".publicKeys = keysForGenepi;
|
||||||
|
|
||||||
|
# Restic repository key
|
||||||
|
"restic-genepi-storagebox-key.age".publicKeys = keysForGenepi;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue