lightly-toasted/nix-config
1
0
Fork 0
mirror of https://github.com/lightly-toasted/nix-config.git synced 2026-01-31 08:30:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: migrate backup destination to dedicated rest-server

Browse source 
- Migrate restic backup destination on nixos and vps to y2q rest-server
- Split host-specific restic env secrets
This commit is contained in:
toast 2026-01-17 21:02:27 +09:00
parent 3c314ad5bd
commit efd61adc07
3 changed files with 23 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/nixos/modules/services/restic.nix
View file

@ -3,7 +3,7 @@
{ {
sops.secrets = { sops.secrets = {
"restic/password" = {}; "restic/password" = {};
"restic/env" = {}; "restic/env/nixos" = {};
}; };
services.restic.backups.y2q = { services.restic.backups.y2q = {
@ -15,8 +15,8 @@
"/home/toast/workspace" "/home/toast/workspace"
]; ];
exclude = [ "node_modules" ]; exclude = [ "node_modules" ];
repository = "rest:http://y2q:9000/nixos/"; repository = "rest:http://restic.ts.700457.xyz/nixos/";
environmentFile = config.sops.secrets."restic/env".path; environmentFile = config.sops.secrets."restic/env/nixos".path;
pruneOpts = [ pruneOpts = [
"--keep-hourly 6" "--keep-hourly 6"
"--keep-daily 7" "--keep-daily 7"

47
hosts/vps/modules/services/restic.nix
View file

@ -1,51 +1,32 @@
{ config, ... }: { config, ... }:
let {
paths = [
"/var/lib/zipline"
"/var/lib/postgresql"
"/var/lib/forgejo"
"/var/lib/trilium"
"/var/lib/bitwarden_rs"
];
in {
sops.secrets = { sops.secrets = {
"restic/password" = {}; "restic/password" = {};
"restic/env" = {}; "restic/env/vps" = {};
"restic/rclone-config" = {};
}; };
services.restic.backups.b2 = { services.restic.backups.y2q = {
initialize = true; initialize = true;
inhibitsSleep = true; inhibitsSleep = true;
passwordFile = config.sops.secrets."restic/password".path; passwordFile = config.sops.secrets."restic/password".path;
paths = paths; paths = [
repository = "s3:https://s3.us-east-005.backblazeb2.com/restic-backups-vps"; "/var/lib/zipline"
environmentFile = config.sops.secrets."restic/env".path; "/var/lib/postgresql"
"/var/lib/forgejo"
"/var/lib/trilium"
"/var/lib/bitwarden_rs"
];
repository = "rest:http://restic.ts.700457.xyz/vps/";
environmentFile = config.sops.secrets."restic/env/vps".path;
pruneOpts = [ pruneOpts = [
"--keep-hourly 3"
"--keep-daily 7" "--keep-daily 7"
"--keep-weekly 3" "--keep-weekly 3"
"--keep-monthly 3" "--keep-monthly 3"
]; ];
timerConfig = { timerConfig = {
OnCalendar = "daily"; OnCalendar = "hourly";
Persistent = true;
};
};
services.restic.backups.nextcloud = {
initialize = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."restic/password".path;
paths = paths;
repository = "rclone:nextcloud:restic/vps";
rcloneConfigFile = config.sops.secrets."restic/rclone-config".path;
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true; Persistent = true;
}; };
}; };

11
secrets/secrets.yaml
View file

@ -5,8 +5,9 @@ openrouter_api_key: ENC[AES256_GCM,data:c0GHwhX5S4cfOXs6iR8TWVwhW90bvehWdy8lJBmb
context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str] context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str]
restic: restic:
password: ENC[AES256_GCM,data:LhO9evxJ1jO+/jVefT1ImRB7mdQB6VWxMdXPzAX4v9ICy5V+QlPDHdug3fKgZfzZ2EJtxy0LeQqHhyACKvPACA==,iv:Ag5BXn7gViL2J7qALn6WoQ1zwS69/NkjU9iP7pw2g0U=,tag:nUSCMkojdSA3+aJ4OKM8rw==,type:str] password: ENC[AES256_GCM,data:LhO9evxJ1jO+/jVefT1ImRB7mdQB6VWxMdXPzAX4v9ICy5V+QlPDHdug3fKgZfzZ2EJtxy0LeQqHhyACKvPACA==,iv:Ag5BXn7gViL2J7qALn6WoQ1zwS69/NkjU9iP7pw2g0U=,tag:nUSCMkojdSA3+aJ4OKM8rw==,type:str]
env: ENC[AES256_GCM,data:ZqQ+0b/Wd8NRodjksdMNvl1bRIPfLPiw4NRDtG8tc8pVp9w/Je5WXePIB/8QQ33K2Uagqzfb0Y/pTbo4vQRLBXVWO4uofQ7YKxdiK4efTPr8Ic/uX3NuGyT+Q9hvawkICg==,iv:S9XcbSZewjEty35N0fSksTMT3q8Nnmy0HmgIF7oQ1cU=,tag:12ThSBX5qEIoW9Sp0IrKzA==,type:str] env:
rclone-config: ENC[AES256_GCM,data:r37TJRvVbjf2EfmF4lYz9WtPpx1VCgryKWSTRWIn1mXIgT5sNFLhcy4pFrAn4duk3D/JHngKS1v9THS6i5o3N7+jOeszbKEF2+XB+UG+ogRSlveN+2ohs0dWWLE1Yhr/sKkO7FKQu338mxssNwF2M7rqA7DiGrBuUXIOkwczBphuJbP8A/LRSvrD0DYj5XakM2R+NVeHGaSNHsmv2tVsMS0i7aHPsTbIp4Wyz+be0YXWMNezM8u5KW8=,iv:OA1IloW5FJ1lFcUh2WUvw5iMxiM55yTy0CnrVOQyr5w=,tag:d0gKGuYLOcIvZmf2ZQFD4g==,type:str] nixos: ENC[AES256_GCM,data:l2XnT2zDWriWlicZaKMrU9+QC3nSbGyo10IUrszjIxKH7A2EI9KnTb2wtjZS/aA23tH31QTQ+VUh7Dcn+9jCufEkqH1PGbXRnTBBQ6HByCc=,iv:e1jbtsQ4vftPRf4NqkW529krViBRDkfyQVIR3+pKR0s=,tag:jLIq3FV2IS1OxKcSsizxpA==,type:str]
vps: ENC[AES256_GCM,data:Cn9xC1gQ2p+b50zBkkM5dLgJo3XUUhwfZwxhzb1Wu4kidM3LU1J2Xq56uqPSeJkMn94+5FV/lHfoc70eZgxn8WdJDBJtgtldfRFdgSuM,iv:X29GHc8aBHSW5PihCVAQWMGWXNx/SY1lTK6W4mDx5ms=,tag:tDJxOMWDDql4gVtyIFky7Q==,type:str]
zipline: zipline:
env: ENC[AES256_GCM,data:HOcqrzXnu+BcpZYgv1yzPOTV4ydJiVa0oIXQWMUNt/X6q2TUGPOTwWg/dOgzoi6jGzFxm+wJzugO4lLQurUV0DiWIWLDSm/PK+zW34yLYwMrwK1bRaF9yl7usAN6BEmpLw==,iv:9IZDQRT2JoXNTuyPZrwRSr2m3SnXaLmJcafpkraCFWA=,tag:+7EoCTiY9f0/C5jgvPQknA==,type:str] env: ENC[AES256_GCM,data:HOcqrzXnu+BcpZYgv1yzPOTV4ydJiVa0oIXQWMUNt/X6q2TUGPOTwWg/dOgzoi6jGzFxm+wJzugO4lLQurUV0DiWIWLDSm/PK+zW34yLYwMrwK1bRaF9yl7usAN6BEmpLw==,iv:9IZDQRT2JoXNTuyPZrwRSr2m3SnXaLmJcafpkraCFWA=,tag:+7EoCTiY9f0/C5jgvPQknA==,type:str]
token: ENC[AES256_GCM,data:Ke+cJQ6Up5RUGqe/3tG7Nk40PoOQ1Vq1jN5QN4N5LXOFgclXpzN7sjx0bumFVEcgg4B7UkHmjHzjRAPtWheFu+1PaN02aQVLMGzYXgujqmccC+6roxYt4vdN0CLzf0Ii7k5KUwX3QdOV+lrVwyoBjgQyTD839YnODI7zavf+aDMlrE4+BlFjjV8MUQHsJ5G017xN0XLKOBIQsGpMl40YsvVXFrNwkZ+DkN7bXCZBiHI41W44snB1C3wkYOO+a0g4JzVjIhcHXalYgOW4Unuyyah8yDoXRxuSq7aZpQ+/AHRiuIuaHSrE5BUJu/9bJdjojNuk6VTsaLFtngViSjtyztcqMAIHFFq/KXAog8tg16dJH/V6PomrWXY=,iv:H/EcD/oNSw1mIwxsqyMeSRPsY7lnzEzTNJs6OPNfPw4=,tag:FgH9Nwxnq62uhCd/Av2kAA==,type:str] token: ENC[AES256_GCM,data:Ke+cJQ6Up5RUGqe/3tG7Nk40PoOQ1Vq1jN5QN4N5LXOFgclXpzN7sjx0bumFVEcgg4B7UkHmjHzjRAPtWheFu+1PaN02aQVLMGzYXgujqmccC+6roxYt4vdN0CLzf0Ii7k5KUwX3QdOV+lrVwyoBjgQyTD839YnODI7zavf+aDMlrE4+BlFjjV8MUQHsJ5G017xN0XLKOBIQsGpMl40YsvVXFrNwkZ+DkN7bXCZBiHI41W44snB1C3wkYOO+a0g4JzVjIhcHXalYgOW4Unuyyah8yDoXRxuSq7aZpQ+/AHRiuIuaHSrE5BUJu/9bJdjojNuk6VTsaLFtngViSjtyztcqMAIHFFq/KXAog8tg16dJH/V6PomrWXY=,iv:H/EcD/oNSw1mIwxsqyMeSRPsY7lnzEzTNJs6OPNfPw4=,tag:FgH9Nwxnq62uhCd/Av2kAA==,type:str]
@ -22,7 +23,7 @@ sops:
Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW
j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg== j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-02T05:02:06Z" lastmodified: "2026-01-17T09:52:45Z"
mac: ENC[AES256_GCM,data:cj6FoyYzGwOP2hgIf3jhRSdFWR3SLd7eX2L/hrYyMtDKJNr70yyf3V2bzWfspZMGykgkJB3eQskMBxvn9P7s7XDPbjBeQ3ndqH5HBHuOsgManpYZgv5OusxBJfOh4DVGkIYgU/oZ+MjQ/RSBmHb45py15GxytTLs264Kp4o4KyQ=,iv:dQEo2IEkbiA2dt8NFznxxqDX4hCPED59WqMVqatH2/c=,tag:SaecqbewnXcsWNh9+OlWyA==,type:str] mac: ENC[AES256_GCM,data:ul33Yr8a5VER09m2DrM+BiZDglSW5w/UrgWCamYEbsO2EtSGX3zg6r1j+++W2dNj3BXDiVD5DIEQ/LGMUtvhFmP5b/EWO6xucCgAekekYPKiafhh3h45db1s7E/PGwpBLzUk4ePoAb9hAvzx4pQvlpHHHIbFMxsTjNjoj7WxbGM=,iv:WrZokFbfu9bkQFq/FwHNAINzTRGBJlBJs54Epmb1Ya8=,tag:GyAiBG5OrS12/GqG/2zTlA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.11.0