feat: add restic for backup, update, remove planify again

2024-09-04 07:50:11 +02:00 · 2024-09-04 07:50:11 +02:00 · 215dcbf5ae
commit 215dcbf5ae
parent bdcf0458bb
11 changed files with 200 additions and 29 deletions
--- a/hosts/lambdaos/configuration.nix
+++ b/hosts/lambdaos/configuration.nix
@ -12,9 +12,12 @@
      ../../modules/plasma

      ../../common
+
+      ./restic.nix
    ];


+  age.identityPaths = [ "${config.users.users.noa.home}/.ssh/id_ed25519" ];


  hardware = {
@ -117,6 +120,21 @@
    };
  };

+  environment.systemPackages = with pkgs; [
+    restic
+  ];
+  users.users.restic = {
+    isNormalUser = true;
+  };
+
+  security.wrappers.restic = {
+    source = "${pkgs.restic.out}/bin/restic";
+    owner = "restic";
+    group = "users";
+    permissions = "u=rwx,g=,o=";
+    capabilities = "cap_dac_read_search=+ep";
+  };
+
  # TODO: find list of fonts to install
  fonts.packages = with pkgs; [
    font-awesome
@ -295,11 +313,13 @@
  };

  systemd = {
-    timers."update-flake" = {
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "daily";
-        Persistent = true;
+    timers = {
+      "update-flake" = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "daily";
+          Persistent = true;
+        };
      };
    };

--- a/hosts/lambdaos/home.nix
+++ b/hosts/lambdaos/home.nix
@ -66,7 +66,6 @@
    localsend
    blueberry
    qbittorrent
-    planify
    keepassxc
    yubikey-manager-qt
    yubico-piv-tool
--- a/hosts/lambdaos/restic.nix
+++ b/hosts/lambdaos/restic.nix
@ -0,0 +1,34 @@
+{ config, ... }: {
+  # configure agenix secrets
+  age.secrets = {
+    "restic/env".file = ../../secrets/restic/env.age;
+    "restic/repo".file = ../../secrets/restic/repo.age;
+    "restic/password".file = ../../secrets/restic/password.age;
+  };
+
+  # configure restic backup services
+  services.restic.backups = {
+    daily = {
+      timerConfig = {
+        OnCalendar = "14:00";
+        RandomizedDelaySec = "1h";
+      };
+      initialize = true;
+
+      environmentFile = config.age.secrets."restic/env".path;
+      repositoryFile = config.age.secrets."restic/repo".path;
+      passwordFile = config.age.secrets."restic/password".path;
+
+      paths = [
+        "${config.users.users.noa.home}/Pictures/library/library/"
+      ];
+
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+      ];
+    };
+  };
+}
+