diff --git a/common/fragments/restic.nix b/common/fragments/restic.nix new file mode 100644 index 0000000..00d6b24 --- /dev/null +++ b/common/fragments/restic.nix @@ -0,0 +1,78 @@ +{ config, pkgs, ... }: { + nixpkgs.overlays = [ + (final: prev: { + restic = let + version = "18f305243f885609c0b7994450aa83ebb8a14975"; + src = pkgs.fetchFromGitHub { + owner = "AgathaSorceress"; + repo = "restic"; + rev = version; + hash = "sha256-gfbLbQy6CfoSlcycKOySLq7NwxvAAsTj01wfgJ+CA18="; + }; + in prev.restic.override { + buildGoModule = args: + pkgs.buildGoModule (args // { + inherit src version; + vendorHash = "sha256-dILlGc4BzJQi/F7lNAnQHVC6TXRs/3POVvSeJzD4uLg="; + + patches = [ ]; + postPatch = ""; + doCheck = false; + }); + }; + }) + ]; + + environment.systemPackages = [ pkgs.restic ]; + services.restic.backups.${config.networking.hostName} = { + initialize = true; + + repository = "rest:http://10.20.1.2:8000/${config.networking.hostName}/"; + + passwordFile = "/var/lib/secrets/restic-password"; + environmentFile = "/var/lib/secrets/restic-env"; + + timerConfig = { + OnCalendar = "*-*-* 20:00"; # Daily at 20:00 + Persistent = true; + }; + + paths = [ "/home/agatha" "/mnt/hdd" ]; + exclude = [ + ".Trash*" + ".gradle" + "/home/agatha/.XCompose" + "/home/agatha/.Xresources" + "/home/agatha/.cache" + "/home/agatha/.cargo" + "/home/agatha/.config" + "!/home/agatha/.config/gzdoom" + "/home/agatha/.gnupg" + "/home/agatha/.gtkrc-2.0" + "/home/agatha/.java" + "/home/agatha/.local" + "!/home/agatha/.local/share/PrismLauncher" + "/home/agatha/.manpath" + "/home/agatha/.minecraft" + "/home/agatha/.nix-defexpr" + "/home/agatha/.nix-profile" + "/home/agatha/.themes" + "/home/agatha/Desktop" + "/home/agatha/etc/deadname destruction" + "/home/agatha/go" + "/home/agatha/mount" + "/home/agatha/projects/java/**/build" + "/home/agatha/projects/mastodon" + "/home/agatha/projects/rust/**/target" + "/home/agatha/projects/rust/helix/runtime" + "/home/agatha/projects/snek/**/venv" + "__pycache__" + "lost+found" + ]; + + pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 12" ]; + }; + + systemd.timers."restic-backups-${config.networking.hostName}".after = + [ "network-online.target" ]; +} diff --git a/flake.lock b/flake.lock index 1d63298..80478df 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "ccase": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ], + "utils": "utils" + }, + "locked": { + "lastModified": 1692717252, + "narHash": "sha256-TQJkvANms/5Mzh1J4qsEYOrlML17dVv7MYEoN4Z/gm0=", + "owner": "rutrum", + "repo": "ccase", + "rev": "7ca56557d0cc69641e0d0c5ae9370c48f4cce09d", + "type": "github" + }, + "original": { + "owner": "rutrum", + "repo": "ccase", + "type": "github" + } + }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -29,14 +50,14 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "utils": "utils" + "utils": "utils_2" }, "locked": { - "lastModified": 1694367396, - "narHash": "sha256-U3nPJD8iJYEFJ7ZIWiad5hpyk7vIgnD4FFoufvNl5w0=", + "lastModified": 1696354652, + "narHash": "sha256-Axbr9jIerxTsLhONYmSRbtA+W1+D4j8PcYYtidyNVEc=", "owner": "AgathaSorceress", "repo": "colorpickle", - "rev": "5689bff525d86a3accbe715b5ebcd31433fc7d8c", + "rev": "4612d3de1692c98e79e2de848c5776b412377bd1", "type": "github" }, "original": { @@ -140,7 +161,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1689068808, @@ -173,7 +194,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1685518550, @@ -195,7 +216,7 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "utils": "utils_2" + "utils": "utils_3" }, "locked": { "lastModified": 1687004839, @@ -221,11 +242,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1694896279, - "narHash": "sha256-FPh1A1Iy+4zxfwh6h4B0lltNg6oV070o8mhednkEK6U=", + "lastModified": 1696295907, + "narHash": "sha256-GFeo5NpbFQjVeu2lv/B/pfZY/+SIt0KRHjh26s0bXAY=", "owner": "helix-editor", "repo": "helix", - "rev": "8b076e3851c868307223b6152de9a8de52fcb88f", + "rev": "75c0a5ceb32d8a503915a93ccc1b64c8ad1cba8b", "type": "github" }, "original": { @@ -241,11 +262,11 @@ ] }, "locked": { - "lastModified": 1694465129, - "narHash": "sha256-8BQiuobMrCfCbGM7w6Snx+OBYdtTIm0+cGVaKwQ5BFg=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "9787dffff5d315c9593d3f9fb0f9bf2097e1b57b", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { @@ -277,7 +298,7 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "utils": "utils_3" + "utils": "utils_4" }, "locked": { "lastModified": 1688054487, @@ -414,11 +435,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694343207, - "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=", + "lastModified": 1696234590, + "narHash": "sha256-mgOzQYTvaTT4bFopVOadlndy2RPwLy60rDjIWOGujwo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78058d810644f5ed276804ce7ea9e82d92bee293", + "rev": "f902cb49892d300ff15cb237e48aa1cad79d68c3", "type": "github" }, "original": { @@ -444,11 +465,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1694760568, - "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=", + "lastModified": 1696261572, + "narHash": "sha256-s8TtSYJ1LBpuITXjbPLUPyxzAKw35LhETcajJjCS5f0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e", + "rev": "0c7ffbc66e6d78c50c38e717ec91a2a14e0622fb", "type": "github" }, "original": { @@ -503,11 +524,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1694753796, - "narHash": "sha256-QPE7dqcicQH/nq9aywVXJWWtci4FvxHaM+BSIEbGBvA=", + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "360a7d31c30abefdc490d203f80e3221b7a24af2", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", "type": "github" }, "original": { @@ -548,6 +569,7 @@ }, "root": { "inputs": { + "ccase": "ccase", "colmena": "colmena", "colorpickle": "colorpickle", "frq-friend": "frq-friend", @@ -714,13 +736,28 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "url-eater": { "inputs": { "naersk": "naersk_4", "nixpkgs": [ "nixpkgs-unstable" ], - "utils": "utils_4" + "utils": "utils_5" }, "locked": { "lastModified": 1691162641, @@ -741,11 +778,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1692799911, - "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "lastModified": 1689068808, + "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "owner": "numtide", "repo": "flake-utils", - "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "type": "github" }, "original": { @@ -758,6 +795,24 @@ "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -772,9 +827,9 @@ "type": "github" } }, - "utils_3": { + "utils_4": { "inputs": { - "systems": "systems_4" + "systems": "systems_5" }, "locked": { "lastModified": 1687709756, @@ -790,7 +845,7 @@ "type": "github" } }, - "utils_4": { + "utils_5": { "locked": { "lastModified": 1678901627, "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", @@ -805,9 +860,9 @@ "type": "github" } }, - "utils_5": { + "utils_6": { "inputs": { - "systems": "systems_6" + "systems": "systems_7" }, "locked": { "lastModified": 1681202837, @@ -826,7 +881,7 @@ "vampysite": { "inputs": { "nixpkgs": "nixpkgs_7", - "utils": "utils_5" + "utils": "utils_6" }, "locked": { "lastModified": 1689340601, diff --git a/flake.nix b/flake.nix index 8080bb7..4e3430e 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,17 @@ tags = [ "home" ]; allowLocalDeployment = true; + + keys = { + "restic-password" = { + keyCommand = [ "cat" "./secrets/restic-password" ]; + destDir = "/var/lib/secrets/"; + }; + "restic-env" = { + keyCommand = [ "cat" "./secrets/restic-env" ]; + destDir = "/var/lib/secrets/"; + }; + }; }; }; in {