lots of stuff:
Moved syncthing to system service Restic actually works now removed some old system configs. formatting.
This commit is contained in:
parent
c42e33770e
commit
f9632c8fc3
18 changed files with 99 additions and 291 deletions
|
|
@ -7,21 +7,28 @@
|
|||
}: let
|
||||
port = "8090";
|
||||
in {
|
||||
services.restic.server = {
|
||||
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
|
||||
enable = true;
|
||||
appendOnly = true;
|
||||
dataDir = "/backup/restic";
|
||||
extraFlags = [
|
||||
"--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}"
|
||||
"--private-repos"
|
||||
];
|
||||
listenAddress = "127.0.0.1:${port}";
|
||||
};
|
||||
services.nginx.virtualHosts."restic.gabevenberg.com" = {
|
||||
services.nginx.virtualHosts."restic.venberg.xyz" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${port}";
|
||||
};
|
||||
};
|
||||
sops = lib.mkIf (inputs ? nix-secrets) {
|
||||
secrets.restic-server-credentials = {
|
||||
sopsFile = "${inputs.nix-secrets}/restic-server";
|
||||
format = "binary";
|
||||
path = "/backup/restic/.htpasswd";
|
||||
owner="restic";
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
restic
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue