config/backups.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

{ lib, pkgs, ... }:
let
  host = "ds218.aristote.mesh";
  path = "/hephaistos";
  sshpass = "${pkgs.sshpass}/bin/sshpass -f /etc/restic/sftp.key";
in
{
  programs.ssh.extraConfig = ''
    Host ${host}
      User hephaistos
      ServerAliveInternal 60
      ServerAliveCountMax 240
  '';

  services.restic.backups.srv = {
    extraOptions = [
      "sftp.command='${sshpass} ssh ${host} -s sftp'"
    ];
    passwordFile = "/etc/restic/srv.key";
    paths = [
      "/srv"
    ];
    repository = "sftp:${host}:${path}";
    timerConfig = {
      OnCalendar = "12:00";
      RandomizedDelaySec = "1h";
      Persistent = true;
    };
    pruneOpts = [ "--keep-daily 7" ];
    initialize = true;
  };
  systemd.services.restic-backups-srv = lib.mkMerge [
    {
      personal.monitor = true;
    }
    (pkgs.lib.personal.services.checkNetwork {
      hosts = [ "ds218.aristote.mesh" ];
      restart = false;
    })
  ];
}