backup: migrate to native services.restic.backups

Replace custom backup-helper flake input with NixOS native services.restic.backups module for ha1, monitoring01, and nixos-test1. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 00:41:40 +01:00
parent b5da9431aa
commit d25fc99e1d
5 changed files with 57 additions and 47 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -21,27 +21,6 @@
        "url": "https://git.t-juice.club/torjus/alerttonotify"
      }
    },
-    "backup-helper": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs-unstable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1738015166,
-        "narHash": "sha256-573tR4aXNjILKvYnjZUM5DZZME2H6YTHJkUKs3ZehFU=",
-        "ref": "master",
-        "rev": "f9540cc065692c7ca80735e7b08399459e0ea6d6",
-        "revCount": 35,
-        "type": "git",
-        "url": "https://git.t-juice.club/torjus/backup-helper"
-      },
-      "original": {
-        "ref": "master",
-        "type": "git",
-        "url": "https://git.t-juice.club/torjus/backup-helper"
-      }
-    },
    "labmon": {
      "inputs": {
        "nixpkgs": [
@@ -98,7 +77,6 @@
    "root": {
      "inputs": {
        "alerttonotify": "alerttonotify",
-        "backup-helper": "backup-helper",
        "labmon": "labmon",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
--- a/flake.nix
+++ b/flake.nix
@@ -9,10 +9,6 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
-    backup-helper = {
-      url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master";
-      inputs.nixpkgs.follows = "nixpkgs-unstable";
-    };
    alerttonotify = {
      url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -29,7 +25,6 @@
      nixpkgs,
      nixpkgs-unstable,
      sops-nix,
-      backup-helper,
      alerttonotify,
      labmon,
      ...
@@ -136,7 +131,6 @@
            )
            ./hosts/nixos-test1
            sops-nix.nixosModules.sops
-            backup-helper.nixosModules.backup-helper
          ];
        };
        ha1 = nixpkgs.lib.nixosSystem {
@@ -153,7 +147,6 @@
            )
            ./hosts/ha1
            sops-nix.nixosModules.sops
-            backup-helper.nixosModules.backup-helper
          ];
        };
        template1 = nixpkgs.lib.nixosSystem {
@@ -234,7 +227,6 @@
            )
            ./hosts/monitoring01
            sops-nix.nixosModules.sops
-            backup-helper.nixosModules.backup-helper
            labmon.nixosModules.labmon
          ];
        };
--- a/hosts/ha1/configuration.nix
+++ b/hosts/ha1/configuration.nix
@@ -57,14 +57,24 @@

  # Backup service dirs
  sops.secrets."backup_helper_secret" = { };
-  backup-helper = {
-    enable = true;
-    password-file = "/run/secrets/backup_helper_secret";
-    backup-dirs = [
+  services.restic.backups.ha1 = {
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
+    passwordFile = "/run/secrets/backup_helper_secret";
+    paths = [
      "/var/lib/hass"
      "/var/lib/zigbee2mqtt"
      "/var/lib/mosquitto"
    ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 6"
+      "--keep-within 1d"
+    ];
  };

  # Open ports in the firewall.
--- a/hosts/monitoring01/configuration.nix
+++ b/hosts/monitoring01/configuration.nix
@@ -57,15 +57,35 @@
  services.qemuGuest.enable = true;

  sops.secrets."backup_helper_secret" = { };
-  backup-helper = {
-    enable = true;
-    password-file = "/run/secrets/backup_helper_secret";
-    backup-dirs = [
-      "/var/lib/grafana/plugins"
+  services.restic.backups.grafana = {
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
+    passwordFile = "/run/secrets/backup_helper_secret";
+    paths = [ "/var/lib/grafana/plugins" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 6"
+      "--keep-within 1d"
    ];
-    backup-commands = [
-      # "grafana.db:${pkgs.sqlite}/bin/sqlite /var/lib/grafana/data/grafana.db .dump"
-      "grafana.db:${pkgs.sqlite}/bin/sqlite3 /var/lib/grafana/data/grafana.db .dump"
+  };
+
+  services.restic.backups.grafana-db = {
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
+    passwordFile = "/run/secrets/backup_helper_secret";
+    command = [ "${pkgs.sqlite}/bin/sqlite3" "/var/lib/grafana/data/grafana.db" ".dump" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 6"
+      "--keep-within 1d"
    ];
  };

--- a/hosts/nixos-test1/configuration.nix
+++ b/hosts/nixos-test1/configuration.nix
@@ -51,15 +51,25 @@
  networking.firewall.enable = false;

  # Secrets
-  # Backup helper
+  # Backup
  sops.secrets."backup_helper_secret" = { };
-  backup-helper = {
-    enable = true;
-    password-file = "/run/secrets/backup_helper_secret";
-    backup-dirs = [
+  services.restic.backups.test = {
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
+    passwordFile = "/run/secrets/backup_helper_secret";
+    paths = [
      "/etc/machine-id"
      "/etc/os-release"
    ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 6"
+      "--keep-within 1d"
+    ];
  };

  system.stateVersion = "23.11"; # Did you read the comment?