backups

flake.nix

@@ -17,7 +17,10 @@
 
     mkSystem = name: class:
       nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs;};
+        specialArgs = {
+          inherit inputs;
+          attrName = name;
+        };
         modules = [
           inputs.impermanence.nixosModules.impermanence
           inputs.agenix.nixosModules.default

hosts/abacus/nextcloud.nix

@@ -9,20 +9,6 @@
     group = "nextcloud";
   };
 
-  system.fsPackages = [pkgs.sshfs];
-  fileSystems."${config.services.nextcloud.home}/data/${config.services.nextcloud.config.adminuser}/files/remote" = {
-    device = "u385962@u385962.your-storagebox.de:/";
-    fsType = "sshfs";
-    options = [
-      "allow_other"
-      "IdentityFile=/persist/etc/ssh/ssh_host_ed25519_key"
-      "_netdev"
-      "reconnect"
-      "ServerAliveInterval=15"
-      "x-systemd.automount"
-    ];
-  };
-
   services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud28;

hosts/glacier/default.nix

@@ -1,4 +1,5 @@
 {
+  attrName,
   inputs,
   modulesPath,
   ...

hosts/vessel/backup.nix

@@ -1,8 +1,12 @@
 {
-  pkgs,
+  attrName,
+  config,
   lib,
+  pkgs,
   ...
-}: {
+}: let
+  safePath = "/srv/storage/safe";
+in {
   systemd.timers.local-backup = {
     description = "Local rsync Backup";
     wantedBy = ["timers.target"];
@@ -17,7 +21,7 @@
     description = "Local rsync Backup";
     serviceConfig = {
       Type = "oneshot";
-      ExecStart = ''${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/'';
+      ExecStart = "${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/";
       User = "root";
       Group = "root";
     };
@@ -28,4 +32,23 @@
     fsType = "btrfs";
     options = ["subvol=main" "compress=zstd" "noatime"];
   };
+
+  age.secrets."restic-${attrName}".file = ../../secrets/restic-lukas.age;
+
+  services.restic.backups.${attrName} = {
+    repostiory = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
+    initialize = true;
+    paths = [safePath];
+    passwordFile = config.age.secrets."restic-${attrName}".path;
+    pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
+    extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key'"];
+  };
+
+  systemd.tmpfiles.settings = {
+    "10-storage-safe".${safePath}.d = {
+      user = "root";
+      group = "root";
+      mode = "0755";
+    };
+  };
 }

hosts/vessel/default.nix

@@ -10,24 +10,18 @@
     inputs.hardware.nixosModules.common-gpu-intel
     inputs.hardware.nixosModules.common-pc-ssd
 
-    ./backup.nix
+    # ./backup.nix
-    ./blocky.nix
+    # ./blocky.nix
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
   boot = {
-    initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
+    initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
     kernelModules = ["kvm-intel"];
   };
 
   system.stateVersion = "24.05";
 
-  powerManagement.cpuFreqGovernor = "performance";
+  powerManagement.cpuFreqGovernor = "powersave";
-
-  fileSystems."/srv/storage" = {
-    device = "/dev/disk/by-label/storage";
-    fsType = "btrfs";
-    options = ["subvol=main" "compress=zstd" "noatime"];
-  };
 }

secrets/secrets.nix

@@ -17,4 +17,5 @@ in {
   "mail-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
   "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
   "nextcloud-lukas.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
+  "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
 }