AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

change rustic backend from rclone to opendal

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-02-04 15:36:28 +03:00
parent d403f77ce6
commit e3ed79505c
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
4 changed files with 35 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
machines/Home-Hypervisor/backups.nix
View File

@ -2,33 +2,38 @@
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ]; imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
sops.secrets.rustic-nas-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml; sops.secrets.rustic-nas-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml; sops.secrets.rustic-backups-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
services.rustic.backups = rec { services.rustic.backups = rec {
nas-backup = { nas-backup = {
backup = true; backup = true;
prune = false; prune = false;
initialize = false; initialize = false;
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
extraEnvironment = { https_proxy = "http://192.168.0.6:8888"; }; extraEnvironment = { https_proxy = "http://192.168.0.6:8888"; };
rcloneConfigFile = config.sops.secrets.rclone-rustic-backups.path;
rcloneOptions = { fast-list = true; };
pruneOpts = [ "--repack-cacheable-only=false" ]; pruneOpts = [ "--repack-cacheable-only=false" ];
timerConfig = { timerConfig = {
OnCalendar = "05:00"; OnCalendar = "05:00";
Persistent = true; Persistent = true;
}; };
settings = let settings = let
bucket = "rustic-backups";
label = "hypervisor-nas"; label = "hypervisor-nas";
in { in {
repository = { repository = {
repository = "rclone:rustic-backups:${bucket}/${label}"; repository = "opendal:s3";
password-file = config.sops.secrets.rustic-nas-pass.path; password-file = config.sops.secrets.rustic-nas-pass.path;
options = {
root = label;
bucket = "rustic-backups";
region = "de-fra";
endpoint = "https://c5c0.fra2.idrivee2-53.com";
};
}; };
backup = { backup = {
host = config.device; host = config.device;
label = label; label = label;
ignore-devid = true; ignore-devid = true;
group-by = "label"; group-by = "label";
skip-identical-parent = true;
glob = [ glob = [
"!/media/nas/**/cache" "!/media/nas/**/cache"
"!/media/nas/**/.cache" "!/media/nas/**/.cache"

15
machines/NixOS-VPS/services/backups.nix
View File

@ -2,26 +2,30 @@
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ]; imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
sops.secrets.rustic-vps-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml; sops.secrets.rustic-vps-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml; sops.secrets.rustic-backups-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
services.rustic.backups = rec { services.rustic.backups = rec {
vps-backup = { vps-backup = {
backup = true; backup = true;
prune = false; prune = false;
initialize = false; initialize = false;
rcloneConfigFile = config.sops.secrets.rclone-rustic-backups.path;
rcloneOptions = { fast-list = true; };
pruneOpts = [ "--repack-cacheable-only=false" ]; pruneOpts = [ "--repack-cacheable-only=false" ];
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
timerConfig = { timerConfig = {
OnCalendar = "01:00"; OnCalendar = "01:00";
Persistent = true; Persistent = true;
}; };
settings = let settings = let
bucket = "rustic-backups";
label = "vps-containers"; label = "vps-containers";
in { in {
repository = { repository = {
repository = "rclone:rustic-backups:${bucket}/${label}"; repository = "opendal:s3";
password-file = config.sops.secrets.rustic-vps-pass.path; password-file = config.sops.secrets.rustic-vps-pass.path;
options = {
root = label;
bucket = "rustic-backups";
region = "de-fra";
endpoint = "https://c5c0.fra2.idrivee2-53.com";
};
}; };
repository.options = { repository.options = {
timeout = "5min"; timeout = "5min";
@ -32,6 +36,7 @@
label = label; label = label;
ignore-devid = true; ignore-devid = true;
group-by = "label"; group-by = "label";
skip-identical-parent = true;
sources = [{ sources = [{
source = "/srv/marzban"; source = "/srv/marzban";
}]; }];

16
modules/rustic-postgresql.nix
View File

@ -21,9 +21,9 @@ with lib;
}; };
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ]; imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
config = mkIf (config.backups.postgresql != { }) { config = mkIf (config.backups.postgresql != { }) {
sops.secrets.rclone-postgresql-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml; sops.secrets.rustic-postgresql-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
sops.secrets.rustic-postgresql-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml; sops.secrets.rustic-postgresql-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
sops.secrets.rclone-postgresql-backups.owner = "postgres"; sops.secrets.rustic-postgresql-s3-env.owner = "postgres";
sops.secrets.rustic-postgresql-pass.owner = "postgres"; sops.secrets.rustic-postgresql-pass.owner = "postgres";
services.rustic.backups = services.rustic.backups =
@ -34,8 +34,7 @@ with lib;
initialize = true; initialize = true;
user = "postgres"; user = "postgres";
extraEnvironment.https_proxy = mkIf (backup.proxyAddress != null) backup.proxyAddress; extraEnvironment.https_proxy = mkIf (backup.proxyAddress != null) backup.proxyAddress;
rcloneConfigFile = config.sops.secrets.rclone-postgresql-backups.path; environmentFile = config.sops.secrets.rustic-postgresql-s3-env.path;
rcloneOptions = { fast-list = true; };
pruneOpts = [ "--repack-cacheable-only=false" ]; pruneOpts = [ "--repack-cacheable-only=false" ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
@ -47,14 +46,21 @@ with lib;
# Rustic profile yaml # Rustic profile yaml
settings = { settings = {
repository = { repository = {
repository = "rclone:postgresql-backups:postgresql-backups/${backup.dbName}"; repository = "opendal:s3";
password-file = config.sops.secrets.rustic-postgresql-pass.path; password-file = config.sops.secrets.rustic-postgresql-pass.path;
options = {
root = backup.dbName;
bucket = "postgresql-backups";
region = "de-fra";
endpoint = "https://c5c0.fra2.idrivee2-53.com";
};
}; };
backup = { backup = {
host = config.device; host = config.device;
label = backup.dbName; label = backup.dbName;
ignore-devid = true; ignore-devid = true;
group-by = "label"; group-by = "label";
skip-identical-parent = true;
stdin-filename = "${backup.dbName}.dump.zst"; stdin-filename = "${backup.dbName}.dump.zst";
}; };
forget = { forget = {

6
secrets/rustic.yaml
View File

@ -1,3 +1,5 @@
rustic-backups-s3-env: ENC[AES256_GCM,data:XrZoIYUauOwK/YNItn7OziLEBYXXekgOE3nVLJjzMc7k698uZcYvRHEfQCq5lvH/110BIL11AJumQcfBnG6lYTqjBs56vlJvbh7olsNACX5ZyDR/qYXkfSqcO61JfZufQVAvlag=,iv:Wx5xBQdDRolB6NsuoDlw1JGYk5YrG28unblo8hDea14=,tag:++cKr0a4Ep4mbENVaA3P3A==,type:str]
rustic-postgresql-s3-env: ENC[AES256_GCM,data:Jdfx3PT4cXMyZTJBXOp/bBcD5QBPucTONT2WctGSIUUGKz/OKb+U8OX9FKTmXlWHiXZctMMj2NJkuueihsJHFmcDPZT5lmh8Y0E4j0sB6anUHcPEJyXfl1TAIteErsmeu90Lsy4=,iv:ugQXfGMjiwX4s1GFHhW0R9vPRmWUELmMiUOQGPWqidI=,tag:DcVQCKHskliy9itMMT3ZAA==,type:str]
rclone-rustic-backups: ENC[AES256_GCM,data:78Ch7VVk/9rPy8pTQCTmuSSXWVKlNwlaTxnrM4yBi8/AQ6B4QJYQr1ibtxbgFs4aGHMddJbARLILT9afzXVF3dwyZ5490v8b+6NmGQ/ECdLpQ3LUGWzQHSkTQRib8s2ks2v3XC7AAzUr4hNdXHxL4/11WrKIL5wJyn2YP/KngQoIjijkpzoAoKZgr9cTZDSQ3FsnDv6WlQ4lTneRSkssFmHrytgFWEj/EXTqeZo5/2E7GrqFC161iO/p6+ZM9dNFoSsLxj4SI5gF2HsUChZbDfMyMdzYCHTt,iv:a1Vgs89rKIDJ//CCN94F3rzUSBtbrBB9fB8nZpFacTg=,tag:Y4QA6YKOUAWN5uhnG2C95Q==,type:str] rclone-rustic-backups: ENC[AES256_GCM,data:78Ch7VVk/9rPy8pTQCTmuSSXWVKlNwlaTxnrM4yBi8/AQ6B4QJYQr1ibtxbgFs4aGHMddJbARLILT9afzXVF3dwyZ5490v8b+6NmGQ/ECdLpQ3LUGWzQHSkTQRib8s2ks2v3XC7AAzUr4hNdXHxL4/11WrKIL5wJyn2YP/KngQoIjijkpzoAoKZgr9cTZDSQ3FsnDv6WlQ4lTneRSkssFmHrytgFWEj/EXTqeZo5/2E7GrqFC161iO/p6+ZM9dNFoSsLxj4SI5gF2HsUChZbDfMyMdzYCHTt,iv:a1Vgs89rKIDJ//CCN94F3rzUSBtbrBB9fB8nZpFacTg=,tag:Y4QA6YKOUAWN5uhnG2C95Q==,type:str]
rclone-postgresql-backups: ENC[AES256_GCM,data:rEINBfZezX3YSfQQhYm9JsgHOZE4c4us3dl5FvgZv2L+uIsoVVSNt0gr6My/nk19hL7IGY1I7ab2YgEwKE3w4rV3wpZ6+lCAucNM2YvGXWoqpvOvhH0YGfASA7yOSDaLZ69zL07UGX0WK2Z2dDrLOEz8NJsPbOn55XvDXVwjtR1o3R7j7bLKUHgcm8S/JGF0IQXvJWBN/WQzF66rFjNf0SxReEfa/mYLr3w+qdBpRVsZ3yiXQrvFUWj9GNS3FYfG6wro5SLGLuX7hDkGE+KiKv7j0cuMkphlQu0IyQ==,iv:NodSsCEPz6dMfSbHKE3sIfehaZ7cD3tq3gVtTceHmrg=,tag:lBDzO4QmOGyUBX5aAm2TYA==,type:str] rclone-postgresql-backups: ENC[AES256_GCM,data:rEINBfZezX3YSfQQhYm9JsgHOZE4c4us3dl5FvgZv2L+uIsoVVSNt0gr6My/nk19hL7IGY1I7ab2YgEwKE3w4rV3wpZ6+lCAucNM2YvGXWoqpvOvhH0YGfASA7yOSDaLZ69zL07UGX0WK2Z2dDrLOEz8NJsPbOn55XvDXVwjtR1o3R7j7bLKUHgcm8S/JGF0IQXvJWBN/WQzF66rFjNf0SxReEfa/mYLr3w+qdBpRVsZ3yiXQrvFUWj9GNS3FYfG6wro5SLGLuX7hDkGE+KiKv7j0cuMkphlQu0IyQ==,iv:NodSsCEPz6dMfSbHKE3sIfehaZ7cD3tq3gVtTceHmrg=,tag:lBDzO4QmOGyUBX5aAm2TYA==,type:str]
rustic-nas-pass: ENC[AES256_GCM,data:uDiQQRxlpBfbwihXDR32aGjP41iZ,iv:qx6FJEllahkP9BPYFFfv9LHnnVTOl6B7Jv9OSfNkPok=,tag:MBUT77ccG/acr/U/X2zrCA==,type:str] rustic-nas-pass: ENC[AES256_GCM,data:uDiQQRxlpBfbwihXDR32aGjP41iZ,iv:qx6FJEllahkP9BPYFFfv9LHnnVTOl6B7Jv9OSfNkPok=,tag:MBUT77ccG/acr/U/X2zrCA==,type:str]
@ -11,8 +13,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-01-23T15:17:00Z" lastmodified: "2024-02-04T12:24:39Z"
mac: ENC[AES256_GCM,data:Ws5QPNDrb/xHj9/F6d14l2juemaVzLecYs4SeN/Fwo0DSztJsZhSK9JV2gx+iZk1R5i5WKJumr+2SPeEbFzfQkIuemj32ECHGBPKI0UB1O48hEMWOxIMN03zXf56MujWWXoIeVK+bzVNPot9+qtU0mZQ/VvLlVpWF35vb8tkORE=,iv:nJKM7qFqK1ezTiMe8sXAOz+Bpg+BnKCZOGDKCgUEEHE=,tag:01+MqoF0jfGjauVeaVatyQ==,type:str] mac: ENC[AES256_GCM,data:frEvsfMhwVE6cusyS5hc3IAopdqGjooiPwbPbYEgUTiu4xRSqdkf0g4Ue9m3oK/zfm7gxRsvf+7HQ25J4bChhwOU6QGHzpVozpaipc0gS1Bxut4QfSytKM6fnkKJcn3nkMudosjBmPTU51AFqziFQmV5OMaeuiqipin31nWyZKk=,iv:ZcTBndDwp86X2VMQ3Y3Rk0KYHtzuK+ZRmAxs7Y2cyU8=,tag:mXoy18OqrLrg2KiUvw7QjQ==,type:str]
pgp: pgp:
- created_at: "2024-01-22T10:23:32Z" - created_at: "2024-01-22T10:23:32Z"
enc: |- enc: |-