blob: 5f7dd53a1d0c6ede15117246f1c5002c194abe07 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
## FAQ
# - Why backups?
# A shared directory with caching would require the NFS server to be up, and
# wouldn't have the remote directory be encrypted. Plus NFS doesn't work.
# - Why Restic?
# Borg would be more efficient, but, as of writing this (01-2026), it doesn't
# support sftp and the NAS doesn't support non-admin SSH. When Borg v2 is out I
# can switch.
{ lib, pkgs, ... }:
let
host = "ds218.aristote.mesh";
path = "/hephaistos";
sshpass = "${pkgs.sshpass}/bin/sshpass -f /etc/restic/sftp.key";
in
{
programs.ssh.extraConfig = ''
Host ${host}
User hephaistos
ServerAliveInternal 60
ServerAliveCountMax 240
'';
services.restic.backups.srv = {
extraOptions = [
"sftp.command='${sshpass} ssh ${host} -s sftp'"
];
passwordFile = "/etc/restic/srv.key";
paths = [
"/srv"
];
repository = "sftp:${host}:${path}";
timerConfig = {
# the NAS is on between 10pm and 6am
OnCalendar = "23:00";
RandomizedDelaySec = "1h";
Persistent = true;
};
pruneOpts = [ "--keep-daily 7" ];
initialize = true;
};
systemd.services.restic-backups-srv = lib.mkMerge [
{
personal.monitor = true;
}
(pkgs.lib.personal.services.checkNetwork {
hosts = [ "ds218.aristote.mesh" ];
restart = false;
})
];
}
|
