46 lines
1.1 KiB
Nix
46 lines
1.1 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
sops.secrets."restic_password" = { };
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
restic
|
|
(pkgs.writeShellScriptBin "restic-backup" "sudo systemctl start restic-backups-localBackup.service")
|
|
(pkgs.writeShellScriptBin "restic-backup-check" "sudo journalctl -b -u restic-backups-localBackup.service")
|
|
];
|
|
|
|
environment.variables = {
|
|
RESTIC_REPOSITORY = "/mnt/restic/appdaemon";
|
|
RESTIC_PASSWORD = "${builtins.readFile config.sops.secrets."restic_password".path}";
|
|
};
|
|
|
|
services.restic.backups = {
|
|
localBackup = {
|
|
repository = "/mnt/restic/appdaemon";
|
|
passwordFile = config.sops.secrets."restic_password".path;
|
|
initialize = true;
|
|
timerConfig = {
|
|
OnCalendar = "03:00";
|
|
RandomizedDelaySec = "2h";
|
|
Persistent = true;
|
|
};
|
|
paths = [
|
|
"/home"
|
|
"/conf"
|
|
"/etc/nixos"
|
|
"/etc/ssh" # necessary for SOPS nix to have the same keys
|
|
];
|
|
exclude = [
|
|
".cache"
|
|
".vscode*"
|
|
".devenv"
|
|
".venv"
|
|
"build"
|
|
"dist"
|
|
"__pycache__"
|
|
"*.egg-info"
|
|
"namespaces"
|
|
];
|
|
};
|
|
};
|
|
}
|