hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(backups): simplify backups module

Browse Source
This commit is contained in:
Hektor Misplon
2026-04-19 17:50:53 +02:00
parent dd31da5a8f
commit b62f3c20ac
3 changed files with 22 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/andromache/default.nix
View File

@@ -57,6 +57,7 @@ in
secrets.nixSigningKey.enable = true; secrets.nixSigningKey.enable = true;
restic-backup.enable = true;
tailscale.enable = true; tailscale.enable = true;
docker.enable = true; docker.enable = true;

1
hosts/astyanax/default.nix
View File

@@ -53,6 +53,7 @@ in
secrets.nixSigningKey.enable = true; secrets.nixSigningKey.enable = true;
restic-backup.enable = true;
tailscale.enable = true; tailscale.enable = true;
docker.enable = true; docker.enable = true;
nfc.enable = true; nfc.enable = true;

44
modules/backups/default.nix
View File

@@ -8,38 +8,35 @@
let let
cfg = config.restic-backup; cfg = config.restic-backup;
inherit (config.secrets) sopsDir; inherit (config.secrets) sopsDir;
mkSopsSecrets = myUtils.mkSopsSecrets sopsDir;
host = config.networking.hostName;
in in
{ {
options = { options.restic-backup = {
restic-backup = { enable = lib.mkEnableOption "restic backups";
repository = lib.mkOption {
type = lib.types.str;
default = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${config.networking.hostName}";
};
passwordFile = lib.mkOption { passwordFile = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = config.sops.secrets."restic/password".path; default = config.sops.secrets."restic/password".path;
}; };
paths = lib.mkOption { paths = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = [ "/home" ]; default = [ "/home" ];
};
}; };
}; };
config = { config = lib.mkIf cfg.enable {
sops = { sops = {
secrets = lib.mkMerge [ secrets = lib.mkMerge [
(myUtils.mkSopsSecrets sopsDir "restic" [ "password" ] { }) (mkSopsSecrets "restic" [ "password" ] { })
(myUtils.mkSopsSecrets sopsDir "backblaze-b2" [ "bucket-name" "account-id" "account-key" ] { }) (mkSopsSecrets "backblaze-b2" [ "bucket-name" "account-id" "account-key" ] { })
]; ];
templates = { templates = {
"restic/repo-${config.networking.hostName}" = { "restic/repo-${host}" = {
content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${config.networking.hostName}"; content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${host}";
}; };
"restic/b2-env-${config.networking.hostName}" = { "restic/b2-env-${host}" = {
content = '' content = ''
B2_ACCOUNT_ID=${config.sops.placeholder."backblaze-b2/account-id"} B2_ACCOUNT_ID=${config.sops.placeholder."backblaze-b2/account-id"}
B2_ACCOUNT_KEY=${config.sops.placeholder."backblaze-b2/account-key"} B2_ACCOUNT_KEY=${config.sops.placeholder."backblaze-b2/account-key"}
@@ -49,9 +46,8 @@ in
}; };
services.restic.backups.home = { services.restic.backups.home = {
repositoryFile = config.sops.templates."restic/repo-${config.networking.hostName}".path; repositoryFile = config.sops.templates."restic/repo-${host}".path;
inherit (cfg) passwordFile; inherit (cfg) passwordFile paths;
inherit (cfg) paths;
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "daily";
Persistent = true; Persistent = true;
@@ -64,7 +60,7 @@ in
"--keep-monthly 6" "--keep-monthly 6"
"--keep-yearly 1" "--keep-yearly 1"
]; ];
environmentFile = config.sops.templates."restic/b2-env-${config.networking.hostName}".path; environmentFile = config.sops.templates."restic/b2-env-${host}".path;
}; };
}; };
} }