From 94f8172f0f5a6d5568b5204d88c5d45e77a20f69 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 24 Apr 2022 13:46:18 -0700 Subject: backups: do backups for the laptop From the laptop I only backup /home/fcuny, as the rest should be straightforward to rebuild with nix. I run that backup as my own user, since I need my ssh key to use the remote repository (which is on the NAS). I also need a new secret for it (I might have been able to use `pass' for this, but well, that's easy enough). For the NAS, I update the list of directories to backup to include home, this will be on the systems backup. --- hosts/aptos/default.nix | 1 + hosts/aptos/secrets/restic/repo-users.age | 9 +++++++++ hosts/aptos/secrets/secrets.nix | 5 +++++ hosts/aptos/services.nix | 19 +++++++++++++++++++ hosts/tahoe/services.nix | 3 ++- modules/services/backup/default.nix | 11 ++++++++++- 6 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 hosts/aptos/secrets/restic/repo-users.age create mode 100644 hosts/aptos/services.nix diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix index 5887d46..04d45ee 100644 --- a/hosts/aptos/default.nix +++ b/hosts/aptos/default.nix @@ -7,6 +7,7 @@ ./networking.nix ./profile.nix ./home.nix + ./services.nix ]; virtualisation.docker = { enable = true; }; diff --git a/hosts/aptos/secrets/restic/repo-users.age b/hosts/aptos/secrets/restic/repo-users.age new file mode 100644 index 0000000..59c435a --- /dev/null +++ b/hosts/aptos/secrets/restic/repo-users.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 dtgBNg 5MAt41NmpX7UB+6zxI8NHrXpjvsn0iiEaUDwgt4RWDQ +40RuB49FnH8WkPptwfiC4Es5b8JkI5PT6eau0f2wtOI +-> ssh-ed25519 +LF+iw kchufYdtZ4Zp3fT58mFxbe033PLCPHXvMBwdR+xTTFM +Kya9nVBHiVuDD5DJPQfsl3c5V64uCJb2nbPhWfbFqnA +-> '-grease a3~x=^ +bn2D2ZS3fW4a42Au7J95HAQPE9IBGOULmNKH6XFWKNi+BzWiG3yo37MOog +--- jvVR43MbkXMwylmHM3IrKwGjfnL8TdnWRoIrUergBC4 +Us9'`}m)N=~/}TDQMuv$ \ No newline at end of file diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix index 425a15f..05e9662 100644 --- a/hosts/aptos/secrets/secrets.nix +++ b/hosts/aptos/secrets/secrets.nix @@ -15,4 +15,9 @@ in { publicKeys = [ fcuny aptos ]; owner = "fcuny"; }; + + "restic/repo-users.age" = { + publicKeys = [ fcuny aptos ]; + owner = "fcuny"; + }; } diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix new file mode 100644 index 0000000..a2210e2 --- /dev/null +++ b/hosts/aptos/services.nix @@ -0,0 +1,19 @@ +{ config, ... }: +let secrets = config.age.secrets; +in { + my.services = { + backup = { + enable = true; + user = "fcuny"; + repository = "sftp:192.168.0.107:/data/slow/backups/users/fcuny"; + exclude = [ + "/home/fcuny/.cache" + "/home/fcuny/downloads" + "/home/fcuny/workspace/linux.git" + ]; + timerConfig = { OnCalendar = "06:30"; }; + passwordFile = secrets."restic/repo-users".path; + paths = [ "/home/fcuny" ]; + }; + }; +} diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index 7de94f6..9bd7162 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -43,7 +43,8 @@ in { repository = "/data/slow/backups/systems"; timerConfig = { OnCalendar = "00:15"; }; passwordFile = secrets."restic/repo-systems".path; - paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ]; + paths = + [ "/home" "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ]; }; }; } diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix index aefd383..2db1aa8 100644 --- a/modules/services/backup/default.nix +++ b/modules/services/backup/default.nix @@ -67,6 +67,15 @@ in { When to run the backup. See man systemd.timer for details. ''; }; + + user = mkOption { + type = types.str; + default = "root"; + description = '' + As which user the backup should run. + ''; + example = "postgresql"; + }; }; config = lib.mkIf cfg.enable { @@ -76,7 +85,7 @@ in { extraBackupArgs = [ "--verbose=2" ]; # Take care of creating the repository if it doesn't exist initialize = true; - inherit (cfg) passwordFile pruneOpts timerConfig repository; + inherit (cfg) passwordFile pruneOpts timerConfig repository user; }; }; } -- cgit 1.4.1