James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Setup restic backup service; enable postgresql for general use

Browse Source
This commit is contained in:
James Eversole 2024-08-14 22:19:20 -05:00
parent aa40c0c5e3
commit 06c4c7bc13
9 changed files with 72 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1720546205,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=",
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@ -63,11 +63,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1720691131,
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
"lastModified": 1723556749,
"narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
"rev": "4a92571f9207810b559c9eac203d1f4d79830073",
"type": "github"
},
"original": {
@ -78,14 +78,14 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1719876945,
"narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=",
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"parts": {
@ -93,11 +93,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {

2
flake.nix
View File

@ -52,12 +52,14 @@
./nix/application/containers.nix
./nix/application/miniflux.nix
./nix/application/nginx.nix
./nix/application/postgresql.nix
./nix/monitoring/nginx.nix
./nix/monitoring/grafana.nix
./nix/monitoring/prometheus.nix
./nix/system/age.nix
./nix/system/backups.nix
./nix/system/dns.nix
./nix/system/hardware.nix
./nix/system/nix-conf.nix

6
nix/application/postgresql.nix Normal file
View File

@ -0,0 +1,6 @@
{ pkgs, config, ...}: {
services.postgresql = {
enable = true;
settings.port = 5432;
};
}

3
nix/system/age.nix
View File

@ -20,6 +20,9 @@
miniflux.file = ../../secrets/miniflux.age;
bitwarden-env.file = ../../secrets/bitwarden-env.age;
transmission-env.file = ../../secrets/transmission-env.age;
"restic/env".file = ../../secrets/restic/env.age;
"restic/password".file = ../../secrets/restic/env.age;
"restic/repo".file = ../../secrets/restic/env.age;
};
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};

28
nix/system/backups.nix Normal file
View File

@ -0,0 +1,28 @@
{ pkgs, config, ...}: {
services.restic.backups = {
daily = {
initialize = true;
environmentFile = config.age.secrets."restic/env".path;
passwordFile = config.age.secrets."restic/password".path;
repository = "s3:https://s3.amazonaws.com/matricxbackups";
paths = [
"${config.users.users.sezycei.home}/srv"
"${config.users.users.sezycei.home}/nix"
"${config.users.users.sezycei.home}/keys"
"${config.users.users.sezycei.home}/dev"
];
exclude = [
"*minecraft/OLD*"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
];
};
};
}

3
secrets.nix
View File

@ -15,4 +15,7 @@ in
"secrets/miniflux.age" = { publicKeys = all; };
"secrets/bitwarden-env.age" = { publicKeys = all; };
"secrets/transmission-env.age" = { publicKeys = all; };
"secrets/restic/env.age" = { publicKeys = all; };
"secrets/restic/repo.age" = { publicKeys = all; };
"secrets/restic/password.age" = { publicKeys = all; };
}

10
secrets/restic/env.age Normal file
View File

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw hMZ1BRCxnZFhadsHa+UwDcB+kkVWbTh82EuqNJPZ5zs
ESCOn4IDH8L69yNmE3vl9ORK0vKkIqG6dFTnawc9irg
-> ssh-ed25519 ZIoeGg yluZnRqV6HL0TNvFqZCEIYW4W8f6f9EJ3K7nAz/dazE
XpYM/h/jvO1MrS6v1PicZ4sTqCld84vhvXTI6AimnMU
--- nLun26t45i7mAuT4w6JH3jbdPU8hjzINsHriqRA/T0o
S‡ß9µnĚŤzšëźu83Š¸6#Lď[25Ď )áí{z(hťĹŻ˛ę°'.$ę‰ŢPÓOgĆ]¬ç= €Ľő<C4BD>ňűâŇŐ>ŕµy)ÁĐ]ů04×Ä“/Ă™·ŚÁIW4Úő`RÔŢ6aĆ BŰç—8[~ĘoÓíů· <0B>m×Í«€ ~ŁaĐ«@<40>¸ů­úĘ<C3BA> ń<><11>iŹčsc,ú
Š´ü^ĹG]|áN4<4E>ç-ŃŞŐĹ)GbĹçŐõ:ÁăÍ0IŤ™g˙G­ü\"ň
Čf
Ć{°˛{Z÷'V>s4A

7
secrets/restic/password.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw SztmSLi86IFvNJY13Pu7qJC8LDXeoEZsbCLl78su6wg
f/uDl6KymRxVngdnhEYOxiL9I0JUZCYI3XThrn57+YQ
-> ssh-ed25519 ZIoeGg wzOmbThAqyO47PQ2wQY0MoNsXcyMkoi4/+wGY15Xfns
UvMwHPWytwvf0hNMiDKdONo1u09pICQ6/7EtECYDWbw
--- IS6+hxeJQ3yIphn7Q0XxZvO2Zn+F1bX7oIgkZSkCQHU
ÿÕ Þô\\ w"¤úìêTp;ÇÈGŽešÖñ²±=DfßYØn€±x¹<K`÷îÔ

BIN
secrets/restic/repo.age Normal file
View File

Binary file not shown.