os/hosts/cox/backup.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

78 lines
1.7 KiB
Nix
Raw Normal View History

2022-08-21 22:53:04 +00:00
{
2023-11-11 00:06:36 +00:00
flake,
2023-02-25 13:45:21 +00:00
config,
pkgs,
...
}:
let
resticListenPort = 18000;
in
{
2023-02-25 13:45:21 +00:00
age.secrets.backup_restic_htpasswd = {
2023-11-11 00:06:36 +00:00
file = "${flake.self}/secrets/cox_backup_restic_htpasswd.age";
2023-02-25 13:45:21 +00:00
owner = "${toString config.ids.uids.restic}";
};
2022-08-21 22:53:04 +00:00
networking.firewall.allowedTCPPorts = [ resticListenPort ];
2023-02-25 13:45:21 +00:00
containers."backup" = {
autoStart = true;
ephemeral = true;
bindMounts = {
"/var/lib/restic" = {
hostPath = "/opt/backup/hdd/restic";
isReadOnly = false;
};
"/var/lib/restic/.htpasswd" = {
hostPath = "/run/agenix/backup_restic_htpasswd";
isReadOnly = false;
};
};
config = {
config,
pkgs,
...
}: {
networking.firewall.enable = false;
2022-08-21 22:53:04 +00:00
2023-02-25 13:45:21 +00:00
services.restic.server = {
enable = true;
listenAddress = "0.0.0.0:${toString resticListenPort}";
2023-02-25 13:45:21 +00:00
privateRepos = true;
extraFlags = [
"--append-only"
"--prometheus"
"--prometheus-no-auth"
];
2022-08-21 22:53:04 +00:00
};
2023-02-25 13:45:21 +00:00
time.timeZone = "Europe/Berlin";
system.stateVersion = "22.11";
2022-08-21 22:53:04 +00:00
};
};
2023-02-25 13:45:21 +00:00
#virtualisation.oci-containers = {
# backend = "docker";
# containers = {
# backup-ssh = {
# image = "linuxserver/openssh-server:arm64v8-latest";
# ports = [ "32222:2222" ];
#
# environment = {
# PUBLIC_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTpA7OHfZhl1wsbvydLNMtMx4q64fz+ojIAZpVUJEMI root@cube";
# USER_NAME = "backup";
# TZ = "Europe/Berlin";
# PUID = "911";
# PGID = "911";
# };
#
# volumes = [
# "/opt/backup/hdd/restic:/data/hdd/restic"
# ];
# };
# };
#};
2022-08-21 22:53:04 +00:00
}