78 lines
1.7 KiB
Nix
78 lines
1.7 KiB
Nix
{
|
|
self,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
resticListenPort = 18000;
|
|
in
|
|
{
|
|
age.secrets.backup_restic_htpasswd = {
|
|
file = "${self}/secrets/cox_backup_restic_htpasswd.age";
|
|
owner = "${toString config.ids.uids.restic}";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ resticListenPort ];
|
|
|
|
containers."backup" = {
|
|
autoStart = true;
|
|
ephemeral = true;
|
|
bindMounts = {
|
|
"/var/lib/restic" = {
|
|
hostPath = "/opt/backup/hdd/restic";
|
|
isReadOnly = false;
|
|
};
|
|
"/var/lib/restic/.htpasswd" = {
|
|
hostPath = "/run/agenix/backup_restic_htpasswd";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
networking.firewall.enable = false;
|
|
|
|
services.restic.server = {
|
|
enable = true;
|
|
listenAddress = "0.0.0.0:${toString resticListenPort}";
|
|
privateRepos = true;
|
|
extraFlags = [
|
|
"--append-only"
|
|
"--prometheus"
|
|
"--prometheus-no-auth"
|
|
];
|
|
};
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
system.stateVersion = "22.11";
|
|
};
|
|
};
|
|
|
|
#virtualisation.oci-containers = {
|
|
# backend = "docker";
|
|
# containers = {
|
|
# backup-ssh = {
|
|
# image = "linuxserver/openssh-server:arm64v8-latest";
|
|
# ports = [ "32222:2222" ];
|
|
#
|
|
# environment = {
|
|
# PUBLIC_KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTpA7OHfZhl1wsbvydLNMtMx4q64fz+ojIAZpVUJEMI root@cube";
|
|
# USER_NAME = "backup";
|
|
# TZ = "Europe/Berlin";
|
|
# PUID = "911";
|
|
# PGID = "911";
|
|
# };
|
|
#
|
|
# volumes = [
|
|
# "/opt/backup/hdd/restic:/data/hdd/restic"
|
|
# ];
|
|
# };
|
|
# };
|
|
#};
|
|
}
|