nobbz.dev / nixos-config
My nixos configuration
fork atom

rustic-timers

Norbert Melzer c8d8fd4c 44fba4f2

options
unified split
Changed files
+169 -2
nixos
configurations
mimas
rustic-timers.nix
mimas.nix
secrets
mimas
default.yaml
+1
nixos/configurations/mimas.nix
··· 12 imports = [ 13 (import ./mimas/paperless.nix inputs) 14 (import ./mimas/restic.nix inputs) 15 (import ./mimas/vaultwarden.nix inputs) 16 ./mimas/gitea.nix 17 ];
··· 12 imports = [ 13 (import ./mimas/paperless.nix inputs) 14 (import ./mimas/restic.nix inputs) 15 + (import ./mimas/rustic-timers.nix inputs) 16 (import ./mimas/vaultwarden.nix inputs) 17 ./mimas/gitea.nix 18 ];
+165
nixos/configurations/mimas/rustic-timers.nix
···
··· 1 + _: { 2 + config, 3 + pkgs, 4 + lib, 5 + ... 6 + }: let 7 + mimas_template = 8 + # toml 9 + '' 10 + [repository] 11 + repository = "rest:https://restic.mimas.internal.nobbz.dev/mimas" 12 + password-file = "${config.sops.secrets.rustic.path}" 13 + 14 + [copy] 15 + targets = ["${lib.removeSuffix ".toml" config.sops.templates."mimas_hetzner.toml".path}"] 16 + ''; 17 + mimas_hetzner_template = 18 + # toml 19 + '' 20 + [repository] 21 + repository = "opendal:sftp" 22 + password-file = "${config.sops.secrets.rustic.path}" 23 + 24 + [repository.options] 25 + endpoint = "ssh://${config.sops.placeholder.rustic-user}.your-storagebox.de:23" 26 + user = "${config.sops.placeholder.rustic-user}" 27 + key = "/root/.ssh/id_ed25519" 28 + root = "/home/mimas" 29 + ''; 30 + 31 + nobbz_template = 32 + # toml 33 + '' 34 + [repository] 35 + repository = "rest:https://restic.mimas.internal.nobbz.dev/nobbz" 36 + password-file = "${config.sops.secrets.rustic.path}" 37 + 38 + [copy] 39 + targets = ["${lib.removeSuffix ".toml" config.sops.templates."nobbz_hetzner.toml".path}"] 40 + ''; 41 + 42 + nobbz_hetzner_template = 43 + # toml 44 + '' 45 + [repository] 46 + repository = "opendal:sftp" 47 + password-file ="${config.sops.secrets.rustic.path}" 48 + 49 + [repository.options] 50 + endpoint = "ssh://${config.sops.placeholder.rustic-user}.your-storagebox.de:23" 51 + user = "${config.sops.placeholder.rustic-user}" 52 + key = "/root/.ssh/id_ed25519" 53 + root = "/home/nobbz" 54 + ''; 55 + 56 + schedule = { 57 + rustic-mimas-clean = "*-*-* 01:00:00"; 58 + rustic-nobbz-clean = "*-*-* 01:30:00"; 59 + rustic-mimas-hetzner-clean = "*-*-* 02:00:00"; 60 + rustic-nobbz-hetzner-clean = "*-*-* 03:00:00"; 61 + }; 62 + 63 + mkTimer = name: calendar: { 64 + "${name}" = { 65 + wantedBy = ["timers.target"]; 66 + timerConfig.onCalendar = calendar; 67 + }; 68 + }; 69 + in { 70 + sops.secrets.rustic = {}; 71 + sops.secrets.rustic-user = {}; 72 + 73 + sops.templates."mimas.toml".content = mimas_template; 74 + sops.templates."mimas_hetzner.toml".content = mimas_hetzner_template; 75 + sops.templates."nobbz.toml".content = nobbz_template; 76 + sops.templates."nobbz_hetzner.toml".content = nobbz_hetzner_template; 77 + 78 + systemd.timers = lib.pipe schedule [ 79 + (lib.mapAttrsToList mkTimer) 80 + lib.mkMerge 81 + ]; 82 + 83 + systemd.services = { 84 + rustic-mimas-clean = { 85 + path = [pkgs.rustic pkgs.openssh]; 86 + serviceConfig.Type = "oneshot"; 87 + script = '' 88 + rustic forget -P ${lib.removeSuffix ".toml" config.sops.templates."mimas.toml".path} \ 89 + --keep-last 4 \ 90 + --keep-within-hourly 1d \ 91 + --keep-within-daily 5d \ 92 + --keep-within-weekly 35d \ 93 + --keep-within-monthly 100d \ 94 + --keep-within-yearly 2y 95 + 96 + rustic prune -P ${lib.removeSuffix ".toml" config.sops.templates."mimas.toml".path} \ 97 + --max-unused=0B \ 98 + --keep-delete=12h \ 99 + --max-repack=50GiB 100 + 101 + rustic copy -P ${lib.removeSuffix ".toml" config.sops.templates."mimas.toml".path} 102 + ''; 103 + }; 104 + 105 + rustic-nobbz-clean = { 106 + path = [pkgs.rustic pkgs.openssh]; 107 + serviceConfig.Type = "oneshot"; 108 + script = '' 109 + rustic forget -P ${lib.removeSuffix ".toml" config.sops.templates."nobbz.toml".path} \ 110 + --filter-tags home \ 111 + --keep-last 4 \ 112 + --keep-within-hourly 1d \ 113 + --keep-within-daily 5d \ 114 + --keep-within-weekly 35d \ 115 + --keep-within-monthly 100d \ 116 + --keep-within-yearly 2y 117 + 118 + rustic prune -P ${lib.removeSuffix ".toml" config.sops.templates."nobbz.toml".path} \ 119 + --max-unused=0B \ 120 + --keep-delete=12h \ 121 + --max-repack=50GiB 122 + 123 + rustic copy -P ${lib.removeSuffix ".toml" config.sops.templates."nobbz.toml".path} 124 + ''; 125 + }; 126 + 127 + rustic-nobbz-hetzner-clean = { 128 + path = [pkgs.rustic pkgs.openssh]; 129 + serviceConfig.Type = "oneshot"; 130 + script = '' 131 + rustic forget -P ${lib.removeSuffix ".toml" config.sops.templates."nobbz_hetzner.toml".path} \ 132 + --keep-last 1 \ 133 + --keep-within-hourly 2h \ 134 + --keep-within-daily 10d \ 135 + --keep-within-weekly 65d \ 136 + --keep-within-monthly 190d \ 137 + --keep-within-yearly 5y 138 + 139 + rustic prune -P ${lib.removeSuffix ".toml" config.sops.templates."nobbz_hetzner.toml".path} \ 140 + --max-unused 0B \ 141 + --max-repack 50GiB \ 142 + --keep-delete 11h 143 + ''; 144 + }; 145 + 146 + rustic-mimas-hetzner-clean = { 147 + path = [pkgs.rustic pkgs.openssh]; 148 + serviceConfig.Type = "oneshot"; 149 + script = '' 150 + rustic forget -P ${lib.removeSuffix ".toml" config.sops.templates."mimas_hetzner.toml".path} \ 151 + --keep-last 1 \ 152 + --keep-within-hourly 2h \ 153 + --keep-within-daily 10d \ 154 + --keep-within-weekly 65d \ 155 + --keep-within-monthly 190d \ 156 + --keep-within-yearly 5y 157 + 158 + rustic prune -P ${lib.removeSuffix ".toml" config.sops.templates."mimas_hetzner.toml".path} \ 159 + --max-unused 0B \ 160 + --max-repack 50GiB \ 161 + --keep-delete 11h 162 + ''; 163 + }; 164 + }; 165 + }
+3 -2
secrets/mimas/default.yaml
··· 1 restic: ENC[AES256_GCM,data:XMkh9jvehbD3Zg==,iv:9NdaTuhLR57mv8OaCSyso9cfr8V1iQNuQuWInKyi3bI=,tag:Kz08EadPaIWcytF6ASJssw==,type:str] 2 rustic: ENC[AES256_GCM,data:ETWxyvBz3AlXNp0=,iv:MXlQuvTJa2mZuXeiCX/YYpbqKpT1+RE5TNahBrUMM3Y=,tag:Vl7n0JF5M9Q+xZD32G1njQ==,type:str] 3 traefik: ENC[AES256_GCM,data:kMnWaxpt0fLxJeX3oYLQrnZPS+pq/xjqVINleaCfaiXeMlJ8qno0eHBkx82gjldeObvTO1ENFz5k5EJ0ICbnS0ny6qHxeBAMaNVF3dZ+XmKx7w==,iv:ZL90s3YuBmwafBz7VEwCTr2flnkguUxJgPp9OrnyfGA=,tag:UeyiUtdQwOlyQoHObL+80w==,type:str] 4 warden: ENC[AES256_GCM,data:H3So3oZfZ6MBKsjxJNnxk/6UZi6J5D6H5bCMsb1E7rk/r51qYDe+1z2Gq1o0qqwX0k/O4Dxq7wJPaelLO4kE9bxQHvoT1NJQIZolnYF5G/PMqMKWIE4bxq6uLmxNKBmjOkJLo3hBiOHT8MjD/S6rOkUAB6Mn4YRKqcG+EG1Wz0sw1a+6KcNFMqO9xdcwD44MZYrreexOiwVx6UMPSJc/67fvzJ4ms/E3gQEOq6VvCHpxmk4bujo9ucqajfPGK4ewHqkdn4r0vQvrYxXMBkX7AXcL6CHSZ+ht0Hcw0A+m12GuTSHC0g38Avz5klP3FIruzj7oWcjv6XPBYfk=,iv:OauSp63ywmrkENIqBVGVQ99Ozyom0o+DfSqYaL46Ujg=,tag:ZcYkapCUZZE9DDh0PSfZEg==,type:str] 5 sops: ··· 26 N3ZuTHhVdFo0aGZVMXFlaTdsRi9lRUUK+K5CUVCdjtMVegVydoKRIb6kpPnfBiy1 27 FxkXAp3a1qU2WqNvXCSO3gtUwYaMG+MPSCWI1gA3oBjGGtTasHyHsQ== 28 -----END AGE ENCRYPTED FILE----- 29 - lastmodified: "2025-03-08T10:28:45Z" 30 - mac: ENC[AES256_GCM,data:NsNWmXnztQSro351VgDgz9OUisNk1zOwa4DSGhAQOURZBRAhumZARB7pzFZC+IAOQrYmjp4zg4GLwPvRqHcYfIDu3fav6QZjfVEY1/5/CLbf3LuCQQaxmpjPhYs/Mm0n+mP1smERnshPIwS3CiKCS9F1ajF7KYBqmi6oDy3JQ+4=,iv:xC5dRxhq3LZT63LD0A6JnfDqFeEzzQmH16Osd86CCDA=,tag:QP7Dp+sdy9jgzl53qPP2Zg==,type:str] 31 pgp: [] 32 unencrypted_suffix: _unencrypted 33 version: 3.9.4
··· 1 restic: ENC[AES256_GCM,data:XMkh9jvehbD3Zg==,iv:9NdaTuhLR57mv8OaCSyso9cfr8V1iQNuQuWInKyi3bI=,tag:Kz08EadPaIWcytF6ASJssw==,type:str] 2 rustic: ENC[AES256_GCM,data:ETWxyvBz3AlXNp0=,iv:MXlQuvTJa2mZuXeiCX/YYpbqKpT1+RE5TNahBrUMM3Y=,tag:Vl7n0JF5M9Q+xZD32G1njQ==,type:str] 3 + rustic-user: ENC[AES256_GCM,data:2hwYQS4nAA==,iv:y0pbF5axrPRdYRGAmx+kp7jkmSl77R8LQMUKQaiDWak=,tag:8kgcxNtvjmyT9PPc/WjrOg==,type:str] 4 traefik: ENC[AES256_GCM,data:kMnWaxpt0fLxJeX3oYLQrnZPS+pq/xjqVINleaCfaiXeMlJ8qno0eHBkx82gjldeObvTO1ENFz5k5EJ0ICbnS0ny6qHxeBAMaNVF3dZ+XmKx7w==,iv:ZL90s3YuBmwafBz7VEwCTr2flnkguUxJgPp9OrnyfGA=,tag:UeyiUtdQwOlyQoHObL+80w==,type:str] 5 warden: ENC[AES256_GCM,data:H3So3oZfZ6MBKsjxJNnxk/6UZi6J5D6H5bCMsb1E7rk/r51qYDe+1z2Gq1o0qqwX0k/O4Dxq7wJPaelLO4kE9bxQHvoT1NJQIZolnYF5G/PMqMKWIE4bxq6uLmxNKBmjOkJLo3hBiOHT8MjD/S6rOkUAB6Mn4YRKqcG+EG1Wz0sw1a+6KcNFMqO9xdcwD44MZYrreexOiwVx6UMPSJc/67fvzJ4ms/E3gQEOq6VvCHpxmk4bujo9ucqajfPGK4ewHqkdn4r0vQvrYxXMBkX7AXcL6CHSZ+ht0Hcw0A+m12GuTSHC0g38Avz5klP3FIruzj7oWcjv6XPBYfk=,iv:OauSp63ywmrkENIqBVGVQ99Ozyom0o+DfSqYaL46Ujg=,tag:ZcYkapCUZZE9DDh0PSfZEg==,type:str] 6 sops: ··· 27 N3ZuTHhVdFo0aGZVMXFlaTdsRi9lRUUK+K5CUVCdjtMVegVydoKRIb6kpPnfBiy1 28 FxkXAp3a1qU2WqNvXCSO3gtUwYaMG+MPSCWI1gA3oBjGGtTasHyHsQ== 29 -----END AGE ENCRYPTED FILE----- 30 + lastmodified: "2025-03-08T10:44:25Z" 31 + mac: ENC[AES256_GCM,data:iKKmalnJnmm8EkDupTPKmKJydLLYkbAabLy5KJdQfKGvRj6vbJAQHZ3u0Pu2TI0oi5Xv3dtPh7ww04kT0Whe1E97p4t3RPyNCCGNqA8OqQiCPDUn6uqTQwOo1//3xIGFnnRC0VSYrQT0rjebbL96RnWE9XF67TefycxIMHusUXU=,iv:FU6VTW2zkEIlH5P/rr58gmuMnz16TCLP+UtEVkiLueg=,tag:uf7I1GwWxXOT190y8Hddow==,type:str] 32 pgp: [] 33 unencrypted_suffix: _unencrypted 34 version: 3.9.4