From a20c5e4a95fec048e31d251857749fc8660bb793 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 4 Jan 2026 17:34:53 +0100
Subject: backups: borg over nfs -> restic over sftp

---
 config/backups.nix | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 config/backups.nix

(limited to 'config/backups.nix')

diff --git a/config/backups.nix b/config/backups.nix
new file mode 100644
index 0000000..14ed8f1
--- /dev/null
+++ b/config/backups.nix
@@ -0,0 +1,41 @@
+{ lib, pkgs, ... }:
+let
+  host = "ds218.aristote.mesh";
+  path = "/hephaistos";
+  sshpass = "${pkgs.sshpass}/bin/sshpass -f /etc/restic/sftp.key";
+in
+{
+  programs.ssh.extraConfig = ''
+    Host ${host}
+      User hephaistos
+      ServerAliveInternal 60
+      ServerAliveCountMax 240
+  '';
+
+  services.restic.backups.srv = {
+    extraOptions = [
+      "sftp.command='${sshpass} ssh ${host} -s sftp'"
+    ];
+    passwordFile = "/etc/restic/srv.key";
+    paths = [
+      "/srv"
+    ];
+    repository = "sftp:${host}:${path}";
+    timerConfig = {
+      OnCalendar = "12:00";
+      RandomizedDelaySec = "1h";
+      Persistent = true;
+    };
+    pruneOpts = [ "--keep-daily 7" ];
+    initialize = true;
+  };
+  systemd.services.restic-backups-srv = lib.mkMerge [
+    {
+      personal.monitor = true;
+    }
+    (pkgs.lib.personal.services.checkNetwork {
+      hosts = [ "ds218.aristote.mesh" ];
+      restart = false;
+    })
+  ];
+}
-- 
cgit v1.2.3