67 lines
1.5 KiB
Nix
67 lines
1.5 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.restic-backup;
|
|
host = config.networking.hostName;
|
|
in
|
|
{
|
|
options.restic-backup = {
|
|
enable = lib.mkEnableOption "restic backups";
|
|
|
|
passwordFile = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = config.sops.secrets."restic/password".path;
|
|
};
|
|
|
|
paths = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ "/home" ];
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
secrets.groups = {
|
|
restic = [ "password" ];
|
|
backblaze-b2 = [
|
|
"bucket-name"
|
|
"account-id"
|
|
"account-key"
|
|
];
|
|
};
|
|
|
|
sops.templates = {
|
|
"restic/repo-${host}" = {
|
|
content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${host}";
|
|
};
|
|
"restic/b2-env-${host}" = {
|
|
content = ''
|
|
B2_ACCOUNT_ID=${config.sops.placeholder."backblaze-b2/account-id"}
|
|
B2_ACCOUNT_KEY=${config.sops.placeholder."backblaze-b2/account-key"}
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.restic.backups.home = {
|
|
repositoryFile = config.sops.templates."restic/repo-${host}".path;
|
|
inherit (cfg) passwordFile paths;
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
};
|
|
initialize = true;
|
|
extraBackupArgs = [ "--one-file-system" ];
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 4"
|
|
"--keep-monthly 6"
|
|
"--keep-yearly 1"
|
|
];
|
|
environmentFile = config.sops.templates."restic/b2-env-${host}".path;
|
|
};
|
|
};
|
|
}
|