2024-09-28 08:14:40 -05:00
|
|
|
{
|
|
|
|
inputs,
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
port = "8090";
|
|
|
|
in {
|
2024-09-30 09:06:17 -05:00
|
|
|
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
|
2024-09-28 08:14:40 -05:00
|
|
|
enable = true;
|
|
|
|
appendOnly = true;
|
|
|
|
dataDir = "/backup/restic";
|
|
|
|
extraFlags = [
|
2024-09-30 09:06:17 -05:00
|
|
|
# "--htpasswd-file ${config.sops.secrets.restic-server-credentials.path}"
|
|
|
|
# "--private-repos"
|
2024-09-28 08:14:40 -05:00
|
|
|
];
|
|
|
|
listenAddress = "127.0.0.1:${port}";
|
|
|
|
};
|
2024-09-30 09:06:17 -05:00
|
|
|
services.nginx.virtualHosts."restic.venberg.xyz" = {
|
2024-09-28 08:14:40 -05:00
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://localhost:${port}";
|
|
|
|
};
|
|
|
|
};
|
2024-09-30 09:06:17 -05:00
|
|
|
sops = lib.mkIf (inputs ? nix-secrets) {
|
|
|
|
secrets.restic-server-credentials = {
|
|
|
|
sopsFile = "${inputs.nix-secrets}/restic-server";
|
|
|
|
format = "binary";
|
|
|
|
path = "/backup/restic/.htpasswd";
|
|
|
|
owner="restic";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
restic
|
|
|
|
];
|
2024-09-28 08:14:40 -05:00
|
|
|
}
|