+126

hosts/index/config/restic.nix

reviewed

··· 1 1 + { pkgs, lib, ... }: 2 2 + 3 3 + let 4 4 + appPath = "/mnt/apps"; 5 5 + dataPath = "/mnt/data"; 6 6 + 7 7 + resticWrapper = pkgs.writeShellScriptBin "restic" '' 8 8 + exec /run/wrappers/bin/restic "$@" 9 9 + ''; 10 10 + 11 11 + mkRepositories = repositories: 12 12 + builtins.mapAttrs (key: config: 13 13 + let 14 14 + appPaths = map (path: "${appPath}/${path}") config.apps or []; 15 15 + dataPaths = map (path: "${dataPath}/${path}") config.data or []; 16 16 + 17 17 + paths = appPaths ++ dataPaths; 18 18 + in 19 19 + { 20 20 + inherit paths; 21 21 + 22 22 + pruneOpts = config.prune ++ [ 23 23 + "--group-by tags" 24 24 + ]; 25 25 + 26 26 + extraBackupArgs = [ "--tag ${key}" ]; 27 27 + 28 28 + timerConfig = { 29 29 + OnCalendar = "05:00"; 30 30 + Persistent = true; 31 31 + }; 32 32 + 33 33 + user = "restic"; 34 34 + package = resticWrapper; 35 35 + 36 36 + initialize = true; 37 37 + environmentFile = "/mnt/apps/restic/.env"; 38 38 + } 39 39 + ) repositories; 40 40 + in 41 41 + { 42 42 + services.restic.backups = mkRepositories { 43 43 + databases = { 44 44 + apps = [ 45 45 + "mariadb" 46 46 + "postgres" 47 47 + ]; 48 48 + 49 49 + prune = [ 50 50 + "--keep-daily 31" 51 51 + "--keep-monthly 12" 52 52 + ]; 53 53 + }; 54 54 + 55 55 + app-storage = { 56 56 + apps = [ 57 57 + "bluesky-pds" 58 58 + "navidrome" 59 59 + "pyido" 60 60 + "tangled" 61 61 + "vaultwarden" 62 62 + "zipline" 63 63 + ]; 64 64 + 65 65 + prune = [ 66 66 + "--keep-daily 14" 67 67 + "--keep-monthly 12" 68 68 + ]; 69 69 + }; 70 70 + 71 71 + app-config = { 72 72 + apps = [ 73 73 + "emby" 74 74 + "immich" 75 75 + "languagetool" 76 76 + "maddy" 77 77 + "miniflux" 78 78 + "network-optimizer" 79 79 + "rtorrent" 80 80 + "soulseek" 81 81 + ]; 82 82 + 83 83 + prune = [ 84 84 + "--keep-weekly 4" 85 85 + "--keep-monthly 12" 86 86 + ]; 87 87 + }; 88 88 + 89 89 + data-storage = { 90 90 + data = [ 91 91 + "immich" 92 92 + "linkwarden" 93 93 + "pydio" 94 94 + "tangled" 95 95 + "vaultwarden" 96 96 + "zipline" 97 97 + ]; 98 98 + 99 99 + prune = [ 100 100 + "--keep-daily 14" 101 101 + "--keep-monthly 12" 102 102 + ]; 103 103 + }; 104 104 + }; 105 105 + 106 106 + users = { 107 107 + users.restic = { 108 108 + group = "restic"; 109 109 + 110 110 + isSystemUser = true; 111 111 + }; 112 112 + 113 113 + groups.restic = {}; 114 114 + }; 115 115 + 116 116 + security.wrappers.restic = { 117 117 + source = lib.getExe pkgs.restic; 118 118 + 119 119 + owner = "restic"; 120 120 + group = "restic"; 121 121 + 122 122 + permissions = "500"; 123 123 + capabilities = "cap_dac_read_search+ep"; 124 124 + }; 125 125 + } 126 126 +

+2

hosts/index/default.nix

reviewed

··· 27 27 ./config/ssh.nix 28 28 ./config/zfs.nix 29 29 30 30 + ./config/restic.nix 31 31 + 30 32 ./config/atmosphere/bluesky-pds.nix 31 33 ./config/atmosphere/tangled-knot.nix 32 34 ./config/atmosphere/tangled-spindle.nix