{ flake, config, pkgs, ... }: let resticListenPort = 18000; in { age.secrets.backup_restic_htpasswd = { file = "${flake.self}/secrets/cox_backup_restic_htpasswd.age"; owner = "${toString config.ids.uids.restic}"; }; networking.firewall.allowedTCPPorts = [ resticListenPort ]; containers."backup" = { autoStart = true; ephemeral = true; bindMounts = { "/var/lib/restic" = { hostPath = "/opt/backup/hdd/restic"; isReadOnly = false; }; "/var/lib/restic/.htpasswd" = { hostPath = "/run/agenix/backup_restic_htpasswd"; isReadOnly = false; }; }; config = { config, pkgs, ... }: { networking.firewall.enable = false; services.restic.server = { enable = true; listenAddress = "0.0.0.0:${toString resticListenPort}"; privateRepos = true; extraFlags = [ "--append-only" "--prometheus" "--prometheus-no-auth" ]; }; time.timeZone = "Europe/Berlin"; system.stateVersion = "22.11"; }; }; #virtualisation.oci-containers = { # backend = "docker"; # containers = { # backup-ssh = { # image = "linuxserver/openssh-server:arm64v8-latest"; # ports = [ "32222:2222" ]; # # environment = { # PUBLIC_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTpA7OHfZhl1wsbvydLNMtMx4q64fz+ojIAZpVUJEMI root@cube"; # USER_NAME = "backup"; # TZ = "Europe/Berlin"; # PUID = "911"; # PGID = "911"; # }; # # volumes = [ # "/opt/backup/hdd/restic:/data/hdd/restic" # ]; # }; # }; #}; }