john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f3b503fc9e52a263f5e25f941f51b591c55e51c2
dendritic/modules/services/restic/restic.nix
John Lancaster 6a7e78a19e started restic rest server
2026-03-17 13:05:02 -05:00

100 lines
3.0 KiB
Nix
Raw Blame History

{ inputs, ... }: {
flake.modules.nixos.restic-server = { config, pkgs, lib, ... }: {
services.restic.server = {
enable = true;
dataDir = "/mnt/restic";
listenAddress = "0.0.0.0:8080";
extraFlags = [ "--no-auth" ];
};
};
flake.modules.homeManager.restic = { config, pkgs, lib, ... }:
let
cfg = config.restic;
in
{
options.restic = {
repoName = lib.mkOption {
description = "Name of the restic repo to use";
type = lib.types.str;
default = "john-ubuntu";
};
passwordFile = lib.mkOption {
description = "String path to the restic password file";
type = lib.types.str;
};
paths = lib.mkOption {
description = "List of string paths to include in the backup";
type = lib.types.listOf lib.types.str;
default = [ ];
};
exclude = lib.mkOption {
description = "List of string paths to include in the backup. There are already some common ones included by default.";
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = let
resticRepository = "rest:https://soteria.john-stream.com/${cfg.repoName}";
caCert = "${config.mtls.certDir}/root_ca.crt";
mtlsClientCert = "${config.mtls.certDir}/${config.mtls.bundleFilename}";
in
{
home.sessionVariables = {
RESTIC_REPOSITORY = resticRepository;
RESTIC_PASSWORD_FILE = cfg.passwordFile;
RESTIC_CACERT = caCert;
RESTIC_TLS_CLIENT_CERT = mtlsClientCert;
};
# This is necessary because the restic service in home manager doesn't otherwise expose these options.
systemd.user.services."restic-backups-${cfg.repoName}".Service.Environment = [
"RESTIC_CACERT=${caCert}"
"RESTIC_TLS_CLIENT_CERT=${mtlsClientCert}"
];
services.restic = {
enable = true;
backups.${cfg.repoName} = {
repository = resticRepository;
passwordFile = cfg.passwordFile;
paths = cfg.paths;
timerConfig = {
OnCalendar = "00:05";
Persistent = true;
RandomizedDelaySec = "5h";
};
runCheck = true;
pruneOpts = [
"--keep-last 10"
"--keep-hourly 8"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
];
exclude = cfg.exclude ++ [
".cache"
".devenv"
".rustup"
".cargo"
".venv"
".pyenv"
".vscode*"
"data/postgres"
"build"
"dist"
"__pycache__"
"*.log"
"*.egg-info"
"*.csv"
"*.m4a"
".local/share/Steam"
".local/share/Trash"
];
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink