AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

enable backups on vps

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-11-24 00:17:53 +03:00
parent b6547b5909
commit a52010039a
4 changed files with 106 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
machines/Home-Hypervisor/backups.nix
View File

@ -4,7 +4,9 @@ let
in {
secrets.rustic-nas-pass = secret-conf;
secrets.rclone-nas-config = secret-conf;
services.rustic.backups = rec {
services.rustic.backups = let
label = "hypervisor";
in rec {
nas-backup = {
backup = true;
prune = false;
@ -29,6 +31,7 @@ in {
timeout = "10min";
};
backup = {
label = label;
ignore-devid = true;
glob = [
"!/media/nas/**/cache"
@ -45,6 +48,7 @@ in {
}];
};
forget = {
filter-label = [ label ];
prune = true;
keep-daily = 7;
keep-weekly = 5;
@ -55,6 +59,7 @@ in {
nas-prune = nas-backup // {
backup = false;
prune = true;
createWrapper = false;
timerConfig = {
OnCalendar = "Mon, 07:00";
Persistent = true;

2
machines/Suomi-VPS/default.nix
View File

@ -10,9 +10,11 @@
./nix.nix
customModules.devices
customModules.persist
customModules.rustic
customModules.users
customProfiles.hardened
./services/backups.nix
./services/dns.nix
./services/tailscale.nix
./services/tor-bridge.nix

50
machines/Suomi-VPS/services/backups.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, inputs, ... }: {
sops.secrets.rustic-repo-pass.sopsFile = inputs.self.secretsDir + /rustic-b2.yaml;
sops.secrets.rclone-backup-config.sopsFile = inputs.self.secretsDir + /rustic-b2.yaml;
services.rustic.backups = let
label = "vps-containers";
in rec {
vps-backup = {
backup = true;
prune = false;
rcloneConfigFile = config.sops.secrets.rclone-backup-config.path;
timerConfig = {
OnCalendar = "01:00";
Persistent = true;
};
settings = {
repository = {
repository = "rclone:rustic-b2:ataraxia-nas-backup";
password-file = config.sops.secrets.rustic-repo-pass.path;
};
repository.options = {
timeout = "10min";
};
backup = {
label = label;
ignore-devid = true;
sources = [{
source = "/srv/marzban /srv/nextcloud/config /srv/nextcloud/data";
}];
};
forget = {
filter-label = [ label ];
prune = true;
keep-daily = 7;
keep-weekly = 5;
keep-monthly = 2;
};
};
};
vps-prune = vps-backup // {
backup = false;
prune = true;
createWrapper = false;
timerConfig = {
OnCalendar = "Tue, 02:00";
Persistent = true;
};
};
};
}

48
secrets/rustic-b2.yaml Normal file
View File

@ -0,0 +1,48 @@
rustic-repo-pass: ENC[AES256_GCM,data:kgSEAaZBxQCUrJBgo7fp6PeqXxpC,iv:8NU8xrifhp8FAYvvepeZWj/8yqMnIcK8uhuRjTp3gqs=,tag:YEtfgT4pipURFbOLVyXZZg==,type:str]
rclone-backup-config: ENC[AES256_GCM,data:80QhKNkoZmMOj8xv2GoMdwxAlSoRG3bkqr8zBPYedoiEMKptzLKAjDCtUY0jA4jeEewikibLvDdyxwCIi9aA9EH9nu6FaimEt3+u1vjp5ZoKEQzxnncQKep1YF0s7mhVwdefI7utVdvF6PTmHXEaB2bHnW8cWVcpNqR/y6crZc2hZhsxB2eJtn4eetPka1s5Wz6NqxYxP5O4jcpIoGYATTn5MrYWmO1VNImYMJCTXWOQtMMT6AGIT83kEMdLju3hozEuY4IUdN2pmEJsk2PMazByY7ufDjKsPVKCbGcm9hXwvDaQvqclZ5xqCuBKhMm467WVIa/sgZY2Pt2CKUJ6x6E+XXhE6QhmuU8O+Y0vjmG0skLqNuc2+9DVq/Z22/VbWwOJ3yS7mzWBGlL5sW9pRPC6kCADWiWjyEduCrfBky6zaIGuT8py/AQcZn6IhMdkXwOf3SsOoGTKzhYy79+mzip6Lk+jyKEKqDKylxq+ABwpV65mhf6r6VixZj66WpiY5imN18xJgc2tirblzmoX0fHAHXUsdksu3ecJb31uOrhke+GJjkICwyAFB6BP4Ef1lw/nmsjYMBMbhXD3tmZP6+XaQnDuB+QDlIAQXXBqPXmRn2mrRYITZxnIuuH46oSdOlKi788XpkTSZtrdAsbaOjZlJ9M/IdZYGqtegSTKP7ecbgUVmzdpSMrqjl2ylR76qSeLZlnDDQQA3ph0g8685mdc5Kz3PlEEJYDbf4IQXxIW0Uz5Oyo5r51+yMOSbm5OmiEMZiDpKtH46ngmlZPGAe+NjotCoD7v0eCVJCTsGFyuwcRJkdRwUAGxXXBJ7KHQvBkC+3MuhGaa0/9dlzMTaIoXBuZ75jHfLLsifZtwRHYqpk8ZeJ9toODgn7OGpO90NsqqPChRISw/o2XWKF4yv3PdM5/dYxTlC8qXNPpUjOQ3JX9e2JEBVA8euAqJseC4a9YGcdXyaLAwAt6VU+6vC39VdA5iQOuB7FpuSC3wDbRN5gPVuvShglc3oNtQ7vS9acBhlogX1A==,iv:Rc20cDfKUJsWcYX2nhdRkV6JJyui+nMVd7f6FjGHte4=,tag:T5XKGHZSPFDl3BalF9gOgQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-11-23T20:51:04Z"
mac: ENC[AES256_GCM,data:UQ1EnSQGeURqpafzyS88ZmeEU+QEimWzL1TwzpNtOC7QojaPve05RfiCw7dPZnkH7FJblAkDjHSCrT71f8EQuRSSwLSC9xmQYpihctRGh+0Cg8tY09xUQbHj9TtqJvYj9dOYXj4YfjXpwBr1zts31WlX5tCNSLKVO4Wmx84s1Ic=,iv:G54KDYEs/mJsjyC/CUWmK4QDSY/zw4jseKv6pTZkk/o=,tag:ZO2wo1WccIznidbdXUf8dA==,type:str]
pgp:
- created_at: "2023-11-23T21:08:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMAwcagTG/Fm6AAQf/bF7ome2n9IP1CCq1q7RuDhEUtgqV3NvgKnUGYezoZQrL
dwe6FIM1gY0v9pItEfntRBCUQZ5pEtMGUrcJ3RidlLZZar4WUFONqQQPRBq3/tGC
m763Gz9jOFBilqDQ7tzEaZ3zHZHZ0ypEY0VzEUlO7uHWwPP6tFuAG4GWWxf72KeR
ys+fR0tW0ghjDWyxaoRoT9yDdnuLZOWRwVSN7SaBm4hhuQjVkffmghrLge25mXd+
ixmYw+FKg/UaZFz+UpoGhYunDt+kb13mmc2yg2q/OBe8oVjZucD1dBgaMqvLXkpl
vzG6m8TiZ3la5MvNh+z8L5aeIKg41+S1e1v1EtYaxdJYAcr1ewYs5DrbB+XfF2QP
Oe90qki5W1jKvxruOM/ljSfDIjpzEq/9mCZk7R5oIn1SZP2iBk8DgC03sC5O9KDH
g0f9ZxJrFnxUsq8yDoXtmqRytyywMbH6dw==
=vWso
-----END PGP MESSAGE-----
fp: ad382d058c964607b7bbf01b071a8131bf166e80
- created_at: "2023-11-23T21:08:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAyNex7x1cALKARAAoMGMnpzYVGnD71dBlrfMVLY3aZ+0v0hpjzPiGMkc4P43
9h4GuHdFffhl/02DkmEy6+pzfCi/LUj2TN6ZawymjaaDc/j3mfFzqgnbQwUGino4
b+eiw4Ou5fLGPtEqDx0yDziHGzZj25q707uzmomd7M0KrXGW7MYZmlQ758pzaen9
0z4dqKnPpN4b9tleza3pcHFPKJxia+6acCkr7nPJWMqGTZ4H2+vJRSK+yy9Yuo2j
pXY3b/h0QQxT8TfwQ9i/rfAIpWeT3Dkr/hg2Xm10/mXp3JoN4l9mvADH7C0AGC8o
OJI2euxSjJgNdVLR/NUOIosfEuadxGNUk2CM7CyOxmau1i1r7w9sb2nHTGIcTe38
k7bAA38sPDVAruGJoifyFB7sh+A9s8egwqUa1IsXLKLbEoa4plEO+TEqopZNrKPd
7k3x9c/58yLtUfNDkrQcsL9ihYpQ58xHHX60YWJNPdyQB/8R3nk4vGtIe1railol
92jom/Olfu/DBXt5ZK3riCI5CKv99iftHXUUYiolFobs3R05ZKTkX7eQUTcRoEwm
TQ2wCRYbIt7FDjALuM5UOVI9COKZ6+OV2yP8pzJaI4hlJlnjxVVkCaOJF+tlJbD0
gcPbwi9drry0Dqanb74WQFOxjit/e79kMo2ZZAoY+ICGeH3WC6R6mMCY9Zps+lTS
WAFhB0aNaW+H8MootlQzYfs27wDF5Vmj8aWPStVPqwXJlIICFyQUSlWT+Hgw3cJM
khfEh2JsIW6qpypmXJ+LMDp4lOmXh1UD1Pnklcu+gSNT7d3TnsY+BPs=
=bKVR
-----END PGP MESSAGE-----
fp: d286fd9431753cb455537070235ec7bc757002ca
unencrypted_suffix: _unencrypted
version: 3.8.1