backups

2024-02-26 19:27:27 +01:00 · 2024-02-26 19:27:27 +01:00 · 550ce08e41
parent 1f7771ec3f
commit 550ce08e41
7 changed files with 36 additions and 28 deletions
--- a/flake.nix
+++ b/flake.nix
@ -17,7 +17,10 @@

    mkSystem = name: class:
      nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs;};
+        specialArgs = {
+          inherit inputs;
+          attrName = name;
+        };
        modules = [
          inputs.impermanence.nixosModules.impermanence
          inputs.agenix.nixosModules.default
--- a/hosts/abacus/nextcloud.nix
+++ b/hosts/abacus/nextcloud.nix
@ -9,20 +9,6 @@
    group = "nextcloud";
  };

-  system.fsPackages = [pkgs.sshfs];
-  fileSystems."${config.services.nextcloud.home}/data/${config.services.nextcloud.config.adminuser}/files/remote" = {
-    device = "u385962@u385962.your-storagebox.de:/";
-    fsType = "sshfs";
-    options = [
-      "allow_other"
-      "IdentityFile=/persist/etc/ssh/ssh_host_ed25519_key"
-      "_netdev"
-      "reconnect"
-      "ServerAliveInterval=15"
-      "x-systemd.automount"
-    ];
-  };
-
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud28;
--- a/hosts/glacier/default.nix
+++ b/hosts/glacier/default.nix
@ -1,4 +1,5 @@
 {
+  attrName,
  inputs,
  modulesPath,
  ...
--- a/hosts/vessel/backup.nix
+++ b/hosts/vessel/backup.nix
@ -1,8 +1,12 @@
 {
-  pkgs,
+  attrName,
+  config,
  lib,
+  pkgs,
  ...
-}: {
+}: let
+  safePath = "/srv/storage/safe";
+in {
  systemd.timers.local-backup = {
    description = "Local rsync Backup";
    wantedBy = ["timers.target"];
@ -17,7 +21,7 @@
    description = "Local rsync Backup";
    serviceConfig = {
      Type = "oneshot";
-      ExecStart = ''${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/'';
+      ExecStart = "${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/";
      User = "root";
      Group = "root";
    };
@ -28,4 +32,23 @@
    fsType = "btrfs";
    options = ["subvol=main" "compress=zstd" "noatime"];
  };
+
+  age.secrets."restic-${attrName}".file = ../../secrets/restic-lukas.age;
+
+  services.restic.backups.${attrName} = {
+    repostiory = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
+    initialize = true;
+    paths = [safePath];
+    passwordFile = config.age.secrets."restic-${attrName}".path;
+    pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
+    extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key'"];
+  };
+
+  systemd.tmpfiles.settings = {
+    "10-storage-safe".${safePath}.d = {
+      user = "root";
+      group = "root";
+      mode = "0755";
+    };
+  };
 }
--- a/hosts/vessel/default.nix
+++ b/hosts/vessel/default.nix
@ -10,24 +10,18 @@
    inputs.hardware.nixosModules.common-gpu-intel
    inputs.hardware.nixosModules.common-pc-ssd

-    ./backup.nix
-    ./blocky.nix
+    # ./backup.nix
+    # ./blocky.nix
  ];

  nixpkgs.hostPlatform = "x86_64-linux";

  boot = {
-    initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
    kernelModules = ["kvm-intel"];
  };

  system.stateVersion = "24.05";

-  powerManagement.cpuFreqGovernor = "performance";
-
-  fileSystems."/srv/storage" = {
-    device = "/dev/disk/by-label/storage";
-    fsType = "btrfs";
-    options = ["subvol=main" "compress=zstd" "noatime"];
-  };
+  powerManagement.cpuFreqGovernor = "powersave";
 }
--- a/secrets/restic-vessel.age
+++ b/secrets/restic-vessel.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -17,4 +17,5 @@ in {
  "mail-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
  "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
  "nextcloud-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
+  "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
 }