john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changing to real restic service

Browse Source
This commit is contained in:
John Lancaster
2026-03-15 23:08:24 -05:00
parent 621dda40eb
commit 3f743280ee
4 changed files with 150 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
modules/hosts/john-pc-ubuntu.nix
View File

@@ -22,6 +22,7 @@ in
desktop desktop
step-ssh-user step-ssh-user
mtls mtls
restic
]; ];
targets.genericLinux.enable = true; targets.genericLinux.enable = true;
@@ -33,7 +34,7 @@ in
home.packages = with pkgs; [ home.packages = with pkgs; [
nixos-rebuild nixos-rebuild
(writeShellScriptBin "test-push" '' (writeShellScriptBin "test-push" ''
nixos-rebuild switch --flake ${flakeDir}#janus --target-host root@${testTarget} nixos-rebuild switch --flake ${flakeDir}#soteria --target-host root@${testTarget}
'') '')
]; ];
@@ -76,26 +77,35 @@ in
}; };
}; };
sops.secrets."restic_password/john_ubuntu" = { sops.secrets."restic_password/john_ubuntu" = {
path = "${config.xdg.configHome}/resticprofile/password.txt"; path = "${config.xdg.configHome}/restic/password.txt";
mode = "0400";
}; };
programs.resticprofile = { restic = {
enable= true; passwordFile = "${config.xdg.configHome}/restic/password.txt";
profiles = { paths = [
default = {
"inherit" = "base";
repository = "rest:https://soteria.john-stream.com/john-ubuntu";
cacert = "${CACert}";
tls-client-cert = "${mtlsBundle}";
backup = {
source = [
"${config.xdg.userDirs.documents}" "${config.xdg.userDirs.documents}"
"/conf" "/conf"
]; ];
schedule = "*-*-* *:15,30,45:00";
};
};
};
}; };
# programs.resticprofile = {
# enable= true;
# profiles = {
# default = {
# "inherit" = "base";
# repository = "rest:https://soteria.john-stream.com/john-ubuntu";
# cacert = "${CACert}";
# tls-client-cert = "${mtlsBundle}";
# backup = {
# source = [
# "${config.xdg.userDirs.documents}"
# "/conf"
# ];
# schedule = "*-*-* *:15,30,45:00";
# };
# };
# };
# };
}; };
flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration { flake.homeConfigurations."${hostname}" = inputs.home-manager.lib.homeManagerConfiguration {

44
modules/hosts/soteria.nix Normal file
View File

@@ -0,0 +1,44 @@
{ inputs, ... }:
let
username = "john";
hostname = "soteria";
caURL = "https://janus.john-stream.com/";
in
{
flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {
modules = with inputs.self.modules; [
nixos.lxc
nixos.sops
nixos.step-ssh-host
inputs.home-manager.nixosModules.home-manager
nixos."${username}"
nixos.zsh
nixos.login-text
nixos.mtls
{
networking.hostName = hostname;
step-ssh-host = {
hostname = hostname;
caURL = caURL;
};
mtls = {
enable = true;
subject = hostname;
caURL = caURL;
san = [
"${hostname}.john-stream.com"
# "192.168.1.244"
];
};
home-manager.users."${username}" = {
imports = with inputs.self.modules.homeManager; [
sops
step-ssh-user
];
shell.program = "zsh";
};
}
];
};
}

2
modules/services/restic/base-profile.yaml
View File

@@ -8,7 +8,7 @@ base:
keep-hourly: '8' keep-hourly: '8'
keep-daily: '14' keep-daily: '14'
keep-weekly: '8' keep-weekly: '8'
keep-monthyl: '6' keep-monthly: '6'
backup: backup:
verbose: true verbose: true
exclude: exclude:

76
modules/services/restic/restic.nix Normal file
View File

@@ -0,0 +1,76 @@
{ ... }:
let
resticFactory = repoName: {
repository = "rest:https://soteria.john-stream.com/${repoName}";
timerConfig = {
OnCalendar = "00:05";
Persistent = true;
RandomizedDelaySec = "5h";
};
runCheck = true;
pruneOpts = [
"--keep-last 10"
"--keep-hourly 8"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
];
exclude = [
".cache"
".devenv"
".rustup"
".cargo"
".venv"
".pyenv"
".vscode*"
"data/postgres"
"build"
"__pycache__"
"*.log"
"*.egg-info"
"*.csv"
"*.m4a"
".local/share/Steam"
".local/share/Trash"
"dist"
"/home/*/Pictures"
"/home/*/Videos"
"/home/*/go"
"/home/*/snap"
"/home/john/john-nas"
];
};
in {
flake.modules.homeManager.restic = { config, pkgs, lib, ... }:
let
cfg = config.restic;
in
{
options.restic = {
repoName = lib.mkOption {
description = "Name of the restic repo to use";
type = lib.types.str;
default = "john-ubuntu";
};
passwordFile = lib.mkOption {
description = "String path to the restic password file";
type = lib.types.str;
};
paths = lib.mkOption {
description = "List of string paths to include in the backup";
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = {
services.restic = {
enable = true;
backups.${cfg.repoName} = (resticFactory cfg.repoName) // {
passwordFile = cfg.passwordFile;
paths = cfg.paths;
};
};
};
};
}