Hendrik Sokolowski
6c7d9704bd
All checks were successful
continuous-integration/drone/push Build is passing
66 lines
1.3 KiB
Nix
66 lines
1.3 KiB
Nix
{
|
|
flake,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
resticListenPort = 18000;
|
|
in
|
|
{
|
|
age.secrets.backup_restic_htpasswd = {
|
|
file = "${flake.self}/secrets/cox_backup_restic_htpasswd.age";
|
|
owner = "${toString config.ids.uids.restic}";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ resticListenPort ];
|
|
|
|
systemd.mounts = [
|
|
{
|
|
what = "/dev/mapper/crypt-backup";
|
|
where = "/opt/backup/hdd";
|
|
type = "ext4";
|
|
}
|
|
];
|
|
|
|
systemd.services."container@backup".unitConfig.RequiresMountsFor = ["/opt/backup/hdd"];
|
|
|
|
containers."backup" = {
|
|
autoStart = true;
|
|
ephemeral = true;
|
|
bindMounts = {
|
|
"/var/lib/restic" = {
|
|
hostPath = "/opt/backup/hdd/restic";
|
|
isReadOnly = false;
|
|
};
|
|
"/var/lib/restic/.htpasswd" = {
|
|
hostPath = "/run/agenix/backup_restic_htpasswd";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
networking.firewall.enable = false;
|
|
|
|
services.restic.server = {
|
|
enable = true;
|
|
listenAddress = "0.0.0.0:${toString resticListenPort}";
|
|
privateRepos = true;
|
|
extraFlags = [
|
|
"--append-only"
|
|
"--prometheus"
|
|
"--prometheus-no-auth"
|
|
];
|
|
};
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
system.stateVersion = "22.11";
|
|
};
|
|
};
|
|
}
|