AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add backup with rustic for redshift

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-03-10 20:02:17 +03:00
parent 3f16fdab87
commit 040502a480
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
3 changed files with 117 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
hosts/redshift/backups.nix Normal file
View File

@ -0,0 +1,77 @@
{
config,
inputs,
secretsDir,
...
}:
{
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml;
sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
services.rustic.backups = rec {
vps-backup = {
backup = true;
prune = false;
initialize = false;
pruneOpts = [ "--repack-cacheable-only=false" ];
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
timerConfig = {
OnCalendar = "01:00";
Persistent = true;
};
settings =
let
label = "vps-containers";
in
{
repository = {
repository = "opendal:s3";
password-file = config.sops.secrets.rustic-vps-pass.path;
options = {
root = label;
bucket = "ataraxia-rustic-backups";
region = "eu-central-003";
endpoint = "https://s3.eu-central-003.backblazeb2.com";
};
};
repository.options = {
timeout = "5min";
retry = "10";
};
backup = {
host = config.networking.hostName;
label = label;
ignore-devid = true;
group-by = "label";
skip-identical-parent = true;
snapshots = [
{
sources = [
"/var/lib/tailscale"
"/srv/marzban"
];
}
];
};
forget = {
filter-labels = [ label ];
group-by = "label";
prune = true;
keep-daily = 4;
keep-weekly = 2;
keep-monthly = 1;
};
};
};
vps-prune = vps-backup // {
backup = false;
prune = true;
createWrapper = false;
timerConfig = {
OnCalendar = "Mon, 02:00";
Persistent = true;
};
};
};
}

1
hosts/redshift/default.nix
View File

@ -8,6 +8,7 @@
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./backups.nix
./disk-config.nix
./services.nix
];

39
secrets/rustic.yaml Normal file
View File

@ -0,0 +1,39 @@
rustic-backups-s3-env: ENC[AES256_GCM,data:XTUTtAmjBiy5mdlwT53Z9IDycs0s069182Emd0M6TSpPScqce3kxoN+hH8vgaOLU0b1jF3d9pkO0PpwfnUr2IkMpTd7ZKHeqHbYzS4gpKFnkQMhDexHLFBrQIfBrTbCGzspl83q5ksU9ENuY+sdkKXBhn99ja2mAFdfOVyNRttVNwKuv5/e8Bh0ySyTkogOgLyttLWo+pqKuvBP96BvSLOiGqfYBMgZU6uncg4YbdmOWPnvnTRPWHwIAyyXOSv56Sw36XfBkCBhZk2fmDRVJyRkuFthkhb6b2LkxhWFofilJupGTaQUHuZ3Efq9+eS5n1zOnudL7Gp7MmaQ4Hz3tQnzML16pJW1UcyT11uvWl8Zz5h+VlwJAfM7VNVaOs2FjEEy5imcUWurhIgRcrKHYc3mKNk5XYuvCI93aX9/LKEyeGQ==,iv:sPwKIYu/RyZQHYmz7aSYFhmx2ZqlH+RHRbdkOHGCa1s=,tag:eD5vRFkwEw4i97UQyRk6Hw==,type:str]
rustic-postgresql-s3-env: ENC[AES256_GCM,data:m0G4G+i3fJo34rUGnQ0HOsA1GlOpLnJXDJltXFM5URUFaK1Jh5pGnOsYAiU2410enKafdf5eneW31j9r2GWmEFOoX89+yLmQxe22YnfLcFfaBdskVeaz/6HY2FK5euwdy70ZPNb05uYaS1QXPABJCS8p2APjx9bcz4MPSGgN6Ed/h7NdEU1FXgEfQZj9cysoVN9Qf3zYP4oqTBFVq11bV1yj0dsBMxHmY92aAdwUJWqjk4w2vi90zYxWNYk5PzNCh7qURtfmfNTHfEy55umbDayWjxZAsNgGOtxUsArUNSIU12GeBx7VCxepbNbDiej9fNnNqYvYnRspscag5w0oHSPa8a/qPY+R/imKqLU15xCG2EfnBm310zPyI9o/lgiU9Ua8z4cfuU5FcKr7ICIr5OdupiWy6aC1KYhkBZVViXEz3A==,iv:Hu9Bbynj5D9k2Rj0NWYZuuHQzcrauGyMmPex+T+VKIg=,tag:IAXAGK//SW890ZBKkUr8gw==,type:str]
rustic-minecraft-s3-env: ENC[AES256_GCM,data:04sIa/w5exYkgUrAiaBuPJ8JaP8pNmAgbbToO54v1jHPCBmcuSLw1ncUi/jqUtJBTvj+8WRYUxe0a0ssPid28N8229yv1IbhDxvoosJj43SEnmbRtgegHLnrtLdd1y6cL6tDj/e2qFgC1LQvnPmkKe9YThyGAc4=,iv:WE1XNQTZGKhw7yN4THL4/gA1CD9oSmJ0TtCtxOcOQbE=,tag:7rHN2i7GGawhHY9ZcjuqIg==,type:str]
rustic-nas-pass: ENC[AES256_GCM,data:uDiQQRxlpBfbwihXDR32aGjP41iZ,iv:qx6FJEllahkP9BPYFFfv9LHnnVTOl6B7Jv9OSfNkPok=,tag:MBUT77ccG/acr/U/X2zrCA==,type:str]
rustic-vps-pass: ENC[AES256_GCM,data:LMdVK6j/TV9JLAxwWUtIfF//nf6r,iv:PjOYcNeLjlRx6uoZo+jr0oA9N60NJNNPloc9fc44raw=,tag:AjOzsfVIhDCb5a5D3yIdUA==,type:str]
rustic-postgresql-pass: ENC[AES256_GCM,data:oUHakvIPSwkNy1lkQ4k14+CWIofO,iv:v3EFeZCkFyeY/ADK8vqYvAD0XDmnQFIq6XGd9B8jvXY=,tag:6+kGWMq+9iVLSf5p/TIp8g==,type:str]
rustic-workstation-pass: ENC[AES256_GCM,data:dVuq75mlHStFO+k97yV0kUUqFtjF,iv:p2ApGtzHO9XUQJnnSyIMs1Cr6ODIt6RnBf2SXNrRbTk=,tag:b8WRap8QUtQrsYXVYdeRUw==,type:str]
rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3RtZiMshuZdZTv0Y+tHteZB2i27Ka+u,iv:R2FEEhe+EoqFDQYbLJ3hrb+ENVvsP2c++WA0z3QQrxA=,tag:bifjyNyNouUhFGV6SpAg7Q==,type:str]
rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeWJOVEFXTXJrcGYyWWlp
TkxrTmpNanR5QmVaYUlKV1JXYnh0L0ViRmdvCmtTR3hUUExkejBkcVNuYUpqRjdZ
dlQ4SkRyL2txM2FSK201SU9adUQ2NUEKLS0tIDN0eDRLZGZWMnFUQWFjZnpjWk9J
VjBGTVZpYm1kOWw0aGlNaURvb2Q0aVUKPZ2BkHEWV1qsOcEIvF6iiLV0ZSJ7kGT3
B7LZx44DUIFuwEXzmnzKf6BkdFNpCqSqWODxTYHm3UcHU2qshux+0g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMzFGQ3pzbTNoR25pOTRx
QUk3TzgzeUhCNzg2ODg2SENZbkJpTDREK2dzCnZQdkxMQ1RhaFdCZDlZellYd25K
RTBCNDJWUFoyZTJ3dWtqYlJFSU5uc0UKLS0tIENKYmlKUjB2ZjFmZzZpQ3V4dDQ0
eklFdUdEOWlnWndpai94QnFUU1F3NmMKVOQtq31dODV1rK7hZMfw295OkQeXq81u
VBQVVcYaup6IynBuQYE9eNL5euMwsV/pCv9N+PC3J6WdhdK336ZCDQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-08T15:01:54Z"
mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1