diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2026-01-04 17:34:53 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2026-01-04 17:34:53 +0100 |
| commit | a20c5e4a95fec048e31d251857749fc8660bb793 (patch) | |
| tree | 268a517ebf69024fe43978dc9132aa3f688eb177 | |
| parent | 31bd1a0a930af462c4575c55a4e3e92178f42342 (diff) | |
backups: borg over nfs -> restic over sftp
| -rw-r--r-- | config/backups.nix | 41 | ||||
| -rw-r--r-- | config/default.nix | 2 | ||||
| -rw-r--r-- | config/storage.nix | 38 |
3 files changed, 42 insertions, 39 deletions
diff --git a/config/backups.nix b/config/backups.nix new file mode 100644 index 0000000..14ed8f1 --- /dev/null +++ b/config/backups.nix @@ -0,0 +1,41 @@ +{ lib, pkgs, ... }: +let + host = "ds218.aristote.mesh"; + path = "/hephaistos"; + sshpass = "${pkgs.sshpass}/bin/sshpass -f /etc/restic/sftp.key"; +in +{ + programs.ssh.extraConfig = '' + Host ${host} + User hephaistos + ServerAliveInternal 60 + ServerAliveCountMax 240 + ''; + + services.restic.backups.srv = { + extraOptions = [ + "sftp.command='${sshpass} ssh ${host} -s sftp'" + ]; + passwordFile = "/etc/restic/srv.key"; + paths = [ + "/srv" + ]; + repository = "sftp:${host}:${path}"; + timerConfig = { + OnCalendar = "12:00"; + RandomizedDelaySec = "1h"; + Persistent = true; + }; + pruneOpts = [ "--keep-daily 7" ]; + initialize = true; + }; + systemd.services.restic-backups-srv = lib.mkMerge [ + { + personal.monitor = true; + } + (pkgs.lib.personal.services.checkNetwork { + hosts = [ "ds218.aristote.mesh" ]; + restart = false; + }) + ]; +} diff --git a/config/default.nix b/config/default.nix index e76dbd6..1d7ca98 100644 --- a/config/default.nix +++ b/config/default.nix @@ -9,7 +9,7 @@ ./networking.nix ./nix.nix ./services - ./storage.nix + ./backups.nix ./system.nix ./users.nix ]; diff --git a/config/storage.nix b/config/storage.nix deleted file mode 100644 index ec14faa..0000000 --- a/config/storage.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, pkgs, ... }: -{ - boot.supportedFilesystems = [ "nfs" ]; - fileSystems."/backups" = { - device = "ds218.aristote.mesh:/volume1/hephaistos"; - fsType = "nfs"; - options = [ - # lazy mounting - "x-systemd.automount" - "noauto" - # sleeping - "x-systemd.idle-timeout=600" - ]; - }; - - services.borgbackup.jobs.srv = { - paths = "/srv"; - exclude = [ ]; - repo = "/backups/srv"; - doInit = false; - encryption = { - mode = "repokey"; - passCommand = "cat /etc/borg/passphrase"; - }; - compression = "auto,lzma"; - startAt = "daily"; - prune.keep.daily = 7; - }; - systemd.services.borgbackup-job-srv = lib.mkMerge [ - { - personal.monitor = true; - } - (pkgs.lib.personal.services.checkNetwork { - hosts = [ "ds218.aristote.mesh" ]; - restart = false; - }) - ]; -} |