James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Setup restic backup service; enable postgresql for general use

Browse Source
This commit is contained in:
James Eversole
2024-08-14 22:19:20 -05:00
parent aa40c0c5e3
commit 06c4c7bc13
9 changed files with 72 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1720546205, "lastModified": 1723293904,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -63,11 +63,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1720691131, "lastModified": 1723556749,
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", "narHash": "sha256-+CHVZnTnIYRLYsARInHYoWkujzcRkLY/gXm3s5bE52o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", "rev": "4a92571f9207810b559c9eac203d1f4d79830073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -78,14 +78,14 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1719876945, "lastModified": 1722555339,
"narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
} }
}, },
"parts": { "parts": {
@ -93,11 +93,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1719994518, "lastModified": 1722555600,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View File

@ -52,12 +52,14 @@
./nix/application/containers.nix ./nix/application/containers.nix
./nix/application/miniflux.nix ./nix/application/miniflux.nix
./nix/application/nginx.nix ./nix/application/nginx.nix
./nix/application/postgresql.nix
./nix/monitoring/nginx.nix ./nix/monitoring/nginx.nix
./nix/monitoring/grafana.nix ./nix/monitoring/grafana.nix
./nix/monitoring/prometheus.nix ./nix/monitoring/prometheus.nix
./nix/system/age.nix ./nix/system/age.nix
./nix/system/backups.nix
./nix/system/dns.nix ./nix/system/dns.nix
./nix/system/hardware.nix ./nix/system/hardware.nix
./nix/system/nix-conf.nix ./nix/system/nix-conf.nix

6
nix/application/postgresql.nix Normal file
View File

@ -0,0 +1,6 @@
{ pkgs, config, ...}: {
services.postgresql = {
enable = true;
settings.port = 5432;
};
}

3
nix/system/age.nix
View File

@ -20,6 +20,9 @@
miniflux.file = ../../secrets/miniflux.age; miniflux.file = ../../secrets/miniflux.age;
bitwarden-env.file = ../../secrets/bitwarden-env.age; bitwarden-env.file = ../../secrets/bitwarden-env.age;
transmission-env.file = ../../secrets/transmission-env.age; transmission-env.file = ../../secrets/transmission-env.age;
"restic/env".file = ../../secrets/restic/env.age;
"restic/password".file = ../../secrets/restic/env.age;
"restic/repo".file = ../../secrets/restic/env.age;
}; };
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}; };

28
nix/system/backups.nix Normal file
View File

@ -0,0 +1,28 @@
{ pkgs, config, ...}: {
services.restic.backups = {
daily = {
initialize = true;
environmentFile = config.age.secrets."restic/env".path;
passwordFile = config.age.secrets."restic/password".path;
repository = "s3:https://s3.amazonaws.com/matricxbackups";
paths = [
"${config.users.users.sezycei.home}/srv"
"${config.users.users.sezycei.home}/nix"
"${config.users.users.sezycei.home}/keys"
"${config.users.users.sezycei.home}/dev"
];
exclude = [
"*minecraft/OLD*"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
];
};
};
}

3
secrets.nix
View File

@ -15,4 +15,7 @@ in
"secrets/miniflux.age" = { publicKeys = all; }; "secrets/miniflux.age" = { publicKeys = all; };
"secrets/bitwarden-env.age" = { publicKeys = all; }; "secrets/bitwarden-env.age" = { publicKeys = all; };
"secrets/transmission-env.age" = { publicKeys = all; }; "secrets/transmission-env.age" = { publicKeys = all; };
"secrets/restic/env.age" = { publicKeys = all; };
"secrets/restic/repo.age" = { publicKeys = all; };
"secrets/restic/password.age" = { publicKeys = all; };
} }

10
secrets/restic/env.age Normal file
View File

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw hMZ1BRCxnZFhadsHa+UwDcB+kkVWbTh82EuqNJPZ5zs
ESCOn4IDH8L69yNmE3vl9ORK0vKkIqG6dFTnawc9irg
-> ssh-ed25519 ZIoeGg yluZnRqV6HL0TNvFqZCEIYW4W8f6f9EJ3K7nAz/dazE
XpYM/h/jvO1MrS6v1PicZ4sTqCld84vhvXTI6AimnMU
--- nLun26t45i7mAuT4w6JH3jbdPU8hjzINsHriqRA/T0o
S<EFBFBD><11>9<EFBFBD><39>n<EFBFBD><1E>z<EFBFBD><7A><1F>u83<38><33>6#L<>[25<32>
)<29><>{z(h<>ů<EFBFBD><C5AF><EFBFBD>'.$<24><>ދP<DE8B>Og<4F>]<5D><>= <0B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><10><13><>><3E><>y)<29><>]<5D>04<30>ē/<2F><02><><EFBFBD><EFBFBD>IW4<57><34>`R<><52><06>6a<7F> B<><42><EFBFBD>8[~ʂo<CA82><6F><EFBFBD><EFBFBD> <0B>m<EFBFBD>ͫ<EFBFBD>}<7D>  ~<7E>aЫ@<40><53><CAB8><EFBFBD>ʈ <0C><><11>i<EFBFBD><69>sc,<2C>
<EFBFBD><EFBFBD><EFBFBD>^<5E>G]|<7C><>N4<4E><34><><D1AA>)Gb<47><62><EFBFBD>õ:<3A><><EFBFBD>0I<30><49>g<EFBFBD>G<1D><>\"<22>
<EFBFBD>f

7
secrets/restic/password.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 dQ70Fw SztmSLi86IFvNJY13Pu7qJC8LDXeoEZsbCLl78su6wg
f/uDl6KymRxVngdnhEYOxiL9I0JUZCYI3XThrn57+YQ
-> ssh-ed25519 ZIoeGg wzOmbThAqyO47PQ2wQY0MoNsXcyMkoi4/+wGY15Xfns
UvMwHPWytwvf0hNMiDKdONo1u09pICQ6/7EtECYDWbw
--- IS6+hxeJQ3yIphn7Q0XxZvO2Zn+F1bX7oIgkZSkCQHU
<06><> <0B><18><>\\ w"<22><><EFBFBD><EFBFBD>Tp;<3B><>G<EFBFBD>e<EFBFBD><65><EFBFBD><EFBFBD><EFBFBD>=D<>f<EFBFBD>Y<EFBFBD>n<EFBFBD><6E>x<EFBFBD><K`<60><><EFBFBD>

BIN
secrets/restic/repo.age Normal file
View File

Binary file not shown.