about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-04-24 13:46:18 -0700
committerFranck Cuny <franck@fcuny.net>2022-04-24 13:46:18 -0700
commit94f8172f0f5a6d5568b5204d88c5d45e77a20f69 (patch)
treea4a11722232dc2e015e2c32eeebf12be4fd5f53f
parenttmux: start windows at 1 (diff)
downloadworld-94f8172f0f5a6d5568b5204d88c5d45e77a20f69.tar.gz
backups: do backups for the laptop
From the laptop I only backup /home/fcuny, as the rest should be
straightforward to rebuild with nix.

I run that backup as my own user, since I need my ssh key to use the
remote repository (which is on the NAS). I also need a new secret for
it (I might have been able to use `pass' for this, but well, that's easy
enough).

For the NAS, I update the list of directories to backup to include home,
this will be on the systems backup.
-rw-r--r--hosts/aptos/default.nix1
-rw-r--r--hosts/aptos/secrets/restic/repo-users.age9
-rw-r--r--hosts/aptos/secrets/secrets.nix5
-rw-r--r--hosts/aptos/services.nix19
-rw-r--r--hosts/tahoe/services.nix3
-rw-r--r--modules/services/backup/default.nix11
6 files changed, 46 insertions, 2 deletions
diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix
index 5887d46..04d45ee 100644
--- a/hosts/aptos/default.nix
+++ b/hosts/aptos/default.nix
@@ -7,6 +7,7 @@
     ./networking.nix
     ./profile.nix
     ./home.nix
+    ./services.nix
   ];
 
   virtualisation.docker = { enable = true; };
diff --git a/hosts/aptos/secrets/restic/repo-users.age b/hosts/aptos/secrets/restic/repo-users.age
new file mode 100644
index 0000000..59c435a
--- /dev/null
+++ b/hosts/aptos/secrets/restic/repo-users.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg 5MAt41NmpX7UB+6zxI8NHrXpjvsn0iiEaUDwgt4RWDQ
+40RuB49FnH8WkPptwfiC4Es5b8JkI5PT6eau0f2wtOI
+-> ssh-ed25519 +LF+iw kchufYdtZ4Zp3fT58mFxbe033PLCPHXvMBwdR+xTTFM
+Kya9nVBHiVuDD5DJPQfsl3c5V64uCJb2nbPhWfbFqnA
+-> '-grease a3~x=^
+bn2D2ZS3fW4a42Au7J95HAQPE9IBGOULmNKH6XFWKNi+BzWiG3yo37MOog
+--- jvVR43MbkXMwylmHM3IrKwGjfnL8TdnWRoIrUergBC4
+Us9'`}m)N=~/}TDQMuv$
\ No newline at end of file
diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
index 425a15f..05e9662 100644
--- a/hosts/aptos/secrets/secrets.nix
+++ b/hosts/aptos/secrets/secrets.nix
@@ -15,4 +15,9 @@ in {
     publicKeys = [ fcuny aptos ];
     owner = "fcuny";
   };
+
+  "restic/repo-users.age" = {
+    publicKeys = [ fcuny aptos ];
+    owner = "fcuny";
+  };
 }
diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix
new file mode 100644
index 0000000..a2210e2
--- /dev/null
+++ b/hosts/aptos/services.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+let secrets = config.age.secrets;
+in {
+  my.services = {
+    backup = {
+      enable = true;
+      user = "fcuny";
+      repository = "sftp:192.168.0.107:/data/slow/backups/users/fcuny";
+      exclude = [
+        "/home/fcuny/.cache"
+        "/home/fcuny/downloads"
+        "/home/fcuny/workspace/linux.git"
+      ];
+      timerConfig = { OnCalendar = "06:30"; };
+      passwordFile = secrets."restic/repo-users".path;
+      paths = [ "/home/fcuny" ];
+    };
+  };
+}
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 7de94f6..9bd7162 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -43,7 +43,8 @@ in {
       repository = "/data/slow/backups/systems";
       timerConfig = { OnCalendar = "00:15"; };
       passwordFile = secrets."restic/repo-systems".path;
-      paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ];
+      paths =
+        [ "/home" "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ];
     };
   };
 }
diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix
index aefd383..2db1aa8 100644
--- a/modules/services/backup/default.nix
+++ b/modules/services/backup/default.nix
@@ -67,6 +67,15 @@ in {
         When to run the backup. See man systemd.timer for details.
       '';
     };
+
+    user = mkOption {
+      type = types.str;
+      default = "root";
+      description = ''
+        As which user the backup should run.
+      '';
+      example = "postgresql";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -76,7 +85,7 @@ in {
       extraBackupArgs = [ "--verbose=2" ];
       # Take care of creating the repository if it doesn't exist
       initialize = true;
-      inherit (cfg) passwordFile pruneOpts timerConfig repository;
+      inherit (cfg) passwordFile pruneOpts timerConfig repository user;
     };
   };
 }