okk.moe
馃彙 my personal home lab
1{ config, pkgs, ... }:
2
3let
4 backupSchedule = {
5 cm4-node-1 = "03:00:00";
6 cm4-node-2 = "03:15:00";
7 rk1-node-1 = "03:30:00";
8 rk1-node-2 = "03:45:00";
9 };
10in
11{
12 environment.systemPackages = [ pkgs.restic ];
13
14 services.restic.backups = {
15 homeserver = {
16 initialize = false;
17
18 repositoryFile = config.sops.secrets.backup-repository.path;
19 passwordFile = config.sops.secrets.restic-password.path;
20
21 paths = [
22 "/home"
23 "/var/lib"
24 "/var/backup"
25 ];
26
27 exclude = [
28 "/var/lib/docker"
29 "/var/lib/containers"
30 "*.tmp"
31 ".cache"
32 ];
33
34 extraBackupArgs = [
35 "--retry-lock 30m"
36 ];
37
38 timerConfig = {
39 OnCalendar = "*-*-* ${backupSchedule.${config.networking.hostName}}";
40 Persistent = true;
41 };
42
43 pruneOpts = [
44 "--keep-daily 7"
45 "--keep-weekly 4"
46 "--keep-monthly 6"
47 ];
48 };
49 };
50
51 programs.ssh = {
52 extraConfig = ''
53 Host u544487.your-storagebox.de
54 IdentityFile ${config.sops.secrets.backup-identity.path}
55 IdentitiesOnly yes
56 '';
57 knownHosts = {
58 storage-box = {
59 hostNames = [ "u544487.your-storagebox.de" ];
60 publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
61 };
62 };
63 };
64
65 sops.secrets = {
66 restic-password = { };
67 backup-repository = { };
68 backup-identity = { };
69 };
70}