Setup restic backup service; enable postgresql for general use

2024-08-14 22:19:20 -05:00
parent aa40c0c5e3
commit 06c4c7bc13
9 changed files with 72 additions and 13 deletions
--- a/nix/application/postgresql.nix
+++ b/nix/application/postgresql.nix
@ -0,0 +1,6 @@
+{ pkgs, config, ...}: {
+  services.postgresql = {
+    enable = true;
+    settings.port = 5432;
+  };
+}
--- a/nix/system/age.nix
+++ b/nix/system/age.nix
@ -20,6 +20,9 @@
      miniflux.file = ../../secrets/miniflux.age;
      bitwarden-env.file = ../../secrets/bitwarden-env.age;
      transmission-env.file = ../../secrets/transmission-env.age;
+      "restic/env".file = ../../secrets/restic/env.age;
+      "restic/password".file = ../../secrets/restic/env.age;
+      "restic/repo".file = ../../secrets/restic/env.age;
    };
    identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  };
--- a/nix/system/backups.nix
+++ b/nix/system/backups.nix
@ -0,0 +1,28 @@
+{ pkgs, config, ...}: {
+  services.restic.backups = {
+    daily = {
+      initialize = true;
+
+      environmentFile = config.age.secrets."restic/env".path;
+      passwordFile = config.age.secrets."restic/password".path;
+      repository = "s3:https://s3.amazonaws.com/matricxbackups";
+
+      paths = [
+        "${config.users.users.sezycei.home}/srv"
+        "${config.users.users.sezycei.home}/nix"
+        "${config.users.users.sezycei.home}/keys"
+        "${config.users.users.sezycei.home}/dev"
+      ];
+      
+      exclude = [
+        "*minecraft/OLD*"
+      ];
+
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+      ];
+    };
+  };
+}