sj-srv1: set up restic backup

2024-01-19 22:21:14 +01:00 · 2024-01-19 22:21:14 +01:00 · 93778b1f21
commit 93778b1f21
parent 411896973a
3 changed files with 46 additions and 12 deletions
--- a/nix/os/devices/sj-srv1/configuration.nix
+++ b/nix/os/devices/sj-srv1/configuration.nix
@ -1,10 +1,9 @@
-{
-  nodeName,
-  config,
-  pkgs,
-  ...
+{ nodeName
+, config
+, pkgs
+, ...
 }: {
-  disabledModules = [];
+  disabledModules = [ ];
  imports = [
    ../../profiles/common/configuration.nix
    {
@ -20,6 +19,7 @@
        format = "yaml";
      };
    }
+
    ../../modules/opinionatedDisk.nix

    ./system.nix
--- a/nix/os/devices/sj-srv1/system.nix
+++ b/nix/os/devices/sj-srv1/system.nix
@ -37,6 +37,43 @@

  nix.gc = { automatic = true; };

+  sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
+
+  # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
+  services.restic.backups.${nodeName} =
+    let
+      btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
+    in
+    {
+      initialize = true;
+      repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
+
+      paths = [
+        "/backup"
+      ];
+
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+        "--keep-yearly 2"
+      ];
+
+      timerConfig = {
+        OnCalendar = lib.mkDefault "daily";
+        Persistent = true;
+      };
+
+      passwordFile = config.sops.secrets.restic-password.path;
+
+      backupPrepareCommand = ''
+        ${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
+      '';
+      backupCleanupCommand = ''
+        ${btrfs} su delete /backup/container-volumes
+      '';
+    };
+
  containers = {
    mailserver = import ../../containers/mailserver.nix {
      inherit repoFlake;