From 1ff00246d3166b47726cbc24d767be85f19118e1 Mon Sep 17 00:00:00 2001
From: Dmitriy Kholkin <ataraxiadev@ataraxiadev.com>
Date: Tue, 8 Jul 2025 19:58:52 +0300
Subject: [PATCH] feat: add boot config for orion

---
 hosts/orion/backups.nix | 93 +++++++++++++++++++++++++++++++++++++++++
 hosts/orion/default.nix |  1 +
 2 files changed, 94 insertions(+)
 create mode 100644 hosts/orion/backups.nix

diff --git a/hosts/orion/backups.nix b/hosts/orion/backups.nix
new file mode 100644
index 0000000..8800835
--- /dev/null
+++ b/hosts/orion/backups.nix
@@ -0,0 +1,93 @@
+{
+  config,
+  lib,
+  inputs,
+  secretsDir,
+  ...
+}:
+{
+  imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
+
+  sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml;
+  sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
+  services.rustic.backups =
+    let
+      label = "hypervisor-nas";
+    in
+    rec {
+      nas-backup = {
+        backup = true;
+        prune = false;
+        initialize = true;
+        environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
+        extraEnvironment = {
+          https_proxy = "http://10.10.10.6:8888";
+        };
+        pruneOpts = [ "--repack-cacheable-only=false" ];
+        timerConfig = {
+          OnCalendar = "05:00";
+          Persistent = true;
+        };
+        settings = {
+          repository = {
+            repository = "opendal:s3";
+            password-file = config.sops.secrets.rustic-nas-pass.path;
+            options = {
+              root = label;
+              bucket = "ataraxia-rustic-backups";
+              region = "eu-central-003";
+              endpoint = "https://s3.eu-central-003.backblazeb2.com";
+            };
+          };
+          repository.options = {
+            timeout = "2min";
+            retry = "5";
+          };
+          backup = {
+            host = config.networking.hostName;
+            label = label;
+            ignore-devid = true;
+            group-by = "label";
+            skip-identical-parent = true;
+            globs = [
+              "!/media/nas/**/cache"
+              "!/media/nas/**/.cache"
+              "!/media/nas/**/log"
+              "!/media/nas/**/logs"
+              "!/media/nas/media-stack/configs/lidarr/config/MediaCover"
+              "!/media/nas/media-stack/configs/qbittorrent/downloads"
+              "!/media/nas/media-stack/configs/recyclarr/repositories"
+              "!/srv/gitea"
+              "!/srv/wiki"
+            ];
+            snapshots = [
+              {
+                sources = [
+                  "/srv /media/nas/containers"
+                  "/media/nas/media-stack/configs"
+                ];
+              }
+            ];
+          };
+          forget = {
+            filter-labels = [ label ];
+            group-by = "label";
+            prune = true;
+            keep-daily = 4;
+            keep-weekly = 2;
+            keep-monthly = 0;
+          };
+        };
+      };
+      nas-prune = lib.recursiveUpdate nas-backup {
+        backup = false;
+        prune = true;
+        initialize = false;
+        createWrapper = false;
+        timerConfig = {
+          OnCalendar = "Tue, 07:00";
+          Persistent = true;
+        };
+      };
+    };
+}
diff --git a/hosts/orion/default.nix b/hosts/orion/default.nix
index 7703bc5..09078a2 100644
--- a/hosts/orion/default.nix
+++ b/hosts/orion/default.nix
@@ -9,6 +9,7 @@
     inputs.srvos.nixosModules.server
     inputs.srvos.nixosModules.mixins-terminfo
 
+    ./boot.nix
     ./disk-config.nix
   ];