Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

Restic: made modular backup declerations.

Browse source 
Required tree-wide re-wiring of the host option.
Now, rather than each host having a monolithic restic.nix file,
the hosts restic.nix file just specifies the password and url of the
restic repository. Eatch module then definies specific paths to backup
and any pre and post commands that need to be performed.
Each backed up service gets an independent systemd backup service and
timer.
This commit is contained in:
Gabe Venberg 2025-04-13 15:27:25 +02:00
parent cf33c036dd
commit 48c60629ab
36 changed files with 307 additions and 1476 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hosts/archlaptop-vm/default.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -21,7 +21,6 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
...
}: {
host = {
@ -33,14 +32,14 @@ inputs.nixpkgs.lib.nixosSystem {
networking.hostName = "archlaptop-vm"; # Define your hostname.
# Define a user account. Don't forget to set a password with passwd.
users.users.${config.host.user} = {
users.users.${config.host.details.user} = {
packages = with pkgs; [firefox];
};
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
@ -50,7 +49,7 @@ inputs.nixpkgs.lib.nixosSystem {
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

13
hosts/cirrostratus/default.nix
View file

@ -1,12 +1,12 @@
{
inputs,
configLib,
myLib,
...
}:
# Kapr site server.
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -31,11 +31,10 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
lib,
...
}: {
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = false;
@ -72,18 +71,18 @@ inputs.nixpkgs.lib.nixosSystem {
# virtualisation.docker.daemon.settings.data-root="/storage/docker";
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
nvim.enable-lsp = false;
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

77
hosts/cirrostratus/restic.nix
View file

@ -6,82 +6,37 @@
...
}: let
port = "8090";
# TODO: I should really make restic a custom module at this point, with an enable option, a option for being the host,
# and the ability to add paths and pre/post commands from multiple places.
preBackup = pkgs.writeShellScriptBin "mc-docker-pre-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "say server backing up, expect minor lag"
sleep 10
docker exec minecraft rcon-cli "save-all flush"
docker exec minecraft rcon-cli "save-off"
sleep 10
'';
postBackup = pkgs.writeShellScriptBin "mc-docker-post-backup" ''
set -euxo pipefail
docker exec minecraft rcon-cli "save-on"
docker exec minecraft rcon-cli "say server backup succsessful!"
'';
in {
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
enable = true;
appendOnly = true;
dataDir = "/backup/restic";
listenAddress = "127.0.0.1:${port}";
};
services.nginx.virtualHosts."restic.venberg.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${port}";
};
};
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
path = "/backup/restic/.htpasswd";
owner = "restic";
};
secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
};
environment.systemPackages = with pkgs; [
restic
];
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
local = {
repositoryFile = "/backup/restic/";
passwordFile = config.sops.secrets.restic-password.path;
initialize = true;
backupPrepareCommand = "${preBackup}/bin/mc-docker-pre-backup";
backupCleanupCommand = "${postBackup}/bin/mc-docker-post-backup";
paths = [
"/storage/syncthing"
"/storage/factorio"
"/storage/minecraft"
];
pruneOpts = [
"--keep-within 14d"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
"--keep-yearly 10"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
host.restic = {
enable = true;
repository = "/backup/restic/";
passwordFile = config.sops.secrets.restic-password.path;
server = {
enable = true;
htpasswdPath = config.sops.secrets.restic-server-credentials.path;
domain = "restic.venberg.xyz";
port = port;
repositoryPath = "/backup/restic";
};
};
host.restic.backups.syncthing = {
paths = ["/storage/syncthing"];
};
}

13
hosts/cirrus/default.nix
View file

@ -1,12 +1,12 @@
{
inputs,
configLib,
myLib,
...
}:
# Hetzner cloud multipurpouse server
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
@ -25,11 +25,10 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
lib,
...
}: {
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = false;
@ -61,17 +60,17 @@ inputs.nixpkgs.lib.nixosSystem {
};
};
};
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

35
hosts/cirrus/restic.nix
View file

@ -5,43 +5,20 @@
lib,
...
}: {
environment.systemPackages = with pkgs; [
restic
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
owner = config.host.details.user;
};
};
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
remote = {
repositoryFile = config.sops.secrets.restic-url.path;
passwordFile = config.sops.secrets.restic-password.path;
initialize = true;
backupPrepareCommand = ''
systemctl stop forgejo.service
'';
backupCleanupCommand = ''
systemctl start forgejo.service
'';
paths = [
"/var/lib/radicale"
"/var/lib/forgejo/custom"
"/var/lib/forgejo/data"
"/var/lib/forgejo/repositories"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
};
host.restic = {
enable = true;
passwordFile = config.sops.secrets.restic-password.path;
repositoryFile = config.sops.secrets.restic-url.path;
};
}

7
hosts/home-laptop.nix
View file

@ -1,17 +1,16 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
extraSpecialArgs = {inherit inputs myLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options
@ -25,7 +24,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
workProfile.enable = false;
};
};
host.isLaptop = true;
host.details.isLaptop = true;
targets.genericLinux.enable = true;
home.username = "gabe";

5
hosts/home-personal.nix
View file

@ -1,17 +1,16 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
extraSpecialArgs = {inherit inputs myLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options

1
hosts/rockhole64/adguard.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
inputs,
configLib,
lib,
...
}: {

13
hosts/rockhole64/default.nix
View file

@ -1,11 +1,11 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs configLib;};
specialArgs = {inherit inputs myLib;};
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
@ -19,7 +19,6 @@ inputs.nixpkgs.lib.nixosSystem {
({
config,
pkgs,
configLib,
...
}: {
boot.initrd.kernelModules = [
@ -33,7 +32,7 @@ inputs.nixpkgs.lib.nixosSystem {
"phy_rockchip_pcie"
];
hardware.enableRedistributableFirmware = true;
host = {
host.details = {
user = "gabe";
fullName = "Gabe Venberg";
};
@ -53,17 +52,17 @@ inputs.nixpkgs.lib.nixosSystem {
# home-manager.sharedModules = [
# inputs.sops-nix.homeManagerModules.sops
# ];
home-manager.users.${config.host.user} = {
home-manager.users.${config.host.details.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
host.details = osConfig.host.details;
user = {
git = {
profile = {
name = config.host.fullName;
name = config.host.details.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;

7
hosts/work-laptop.nix
View file

@ -1,17 +1,16 @@
{
inputs,
configLib,
myLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
extraSpecialArgs = {inherit inputs myLib;};
modules = [
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options
@ -28,7 +27,7 @@ inputs.home-manager.lib.homeManagerConfiguration {
};
};
};
host.isLaptop = true;
host.details.isLaptop = true;
targets.genericLinux.enable = true;
home.username = "gabe";