From d25fc99e1df990d4039c6ffdc576f89c3b1161cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Wed, 4 Feb 2026 00:41:40 +0100 Subject: [PATCH] backup: migrate to native services.restic.backups Replace custom backup-helper flake input with NixOS native services.restic.backups module for ha1, monitoring01, and nixos-test1. Co-Authored-By: Claude Opus 4.5 --- flake.lock | 22 ----------------- flake.nix | 8 ------- hosts/ha1/configuration.nix | 18 ++++++++++---- hosts/monitoring01/configuration.nix | 36 +++++++++++++++++++++------- hosts/nixos-test1/configuration.nix | 20 ++++++++++++---- 5 files changed, 57 insertions(+), 47 deletions(-) diff --git a/flake.lock b/flake.lock index 64f91be..48d338b 100644 --- a/flake.lock +++ b/flake.lock @@ -21,27 +21,6 @@ "url": "https://git.t-juice.club/torjus/alerttonotify" } }, - "backup-helper": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable" - ] - }, - "locked": { - "lastModified": 1738015166, - "narHash": "sha256-573tR4aXNjILKvYnjZUM5DZZME2H6YTHJkUKs3ZehFU=", - "ref": "master", - "rev": "f9540cc065692c7ca80735e7b08399459e0ea6d6", - "revCount": 35, - "type": "git", - "url": "https://git.t-juice.club/torjus/backup-helper" - }, - "original": { - "ref": "master", - "type": "git", - "url": "https://git.t-juice.club/torjus/backup-helper" - } - }, "labmon": { "inputs": { "nixpkgs": [ @@ -98,7 +77,6 @@ "root": { "inputs": { "alerttonotify": "alerttonotify", - "backup-helper": "backup-helper", "labmon": "labmon", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", diff --git a/flake.nix b/flake.nix index e435c97..86ef718 100644 --- a/flake.nix +++ b/flake.nix @@ -9,10 +9,6 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - backup-helper = { - url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; alerttonotify = { url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -29,7 +25,6 @@ nixpkgs, nixpkgs-unstable, sops-nix, - backup-helper, alerttonotify, labmon, ... @@ -136,7 +131,6 @@ ) ./hosts/nixos-test1 sops-nix.nixosModules.sops - backup-helper.nixosModules.backup-helper ]; }; ha1 = nixpkgs.lib.nixosSystem { @@ -153,7 +147,6 @@ ) ./hosts/ha1 sops-nix.nixosModules.sops - backup-helper.nixosModules.backup-helper ]; }; template1 = nixpkgs.lib.nixosSystem { @@ -234,7 +227,6 @@ ) ./hosts/monitoring01 sops-nix.nixosModules.sops - backup-helper.nixosModules.backup-helper labmon.nixosModules.labmon ]; }; diff --git a/hosts/ha1/configuration.nix b/hosts/ha1/configuration.nix index e4d84aa..1190a1d 100644 --- a/hosts/ha1/configuration.nix +++ b/hosts/ha1/configuration.nix @@ -57,14 +57,24 @@ # Backup service dirs sops.secrets."backup_helper_secret" = { }; - backup-helper = { - enable = true; - password-file = "/run/secrets/backup_helper_secret"; - backup-dirs = [ + services.restic.backups.ha1 = { + repository = "rest:http://10.69.12.52:8000/backup-nix"; + passwordFile = "/run/secrets/backup_helper_secret"; + paths = [ "/var/lib/hass" "/var/lib/zigbee2mqtt" "/var/lib/mosquitto" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 6" + "--keep-within 1d" + ]; }; # Open ports in the firewall. diff --git a/hosts/monitoring01/configuration.nix b/hosts/monitoring01/configuration.nix index f3db374..ab9f64b 100644 --- a/hosts/monitoring01/configuration.nix +++ b/hosts/monitoring01/configuration.nix @@ -57,15 +57,35 @@ services.qemuGuest.enable = true; sops.secrets."backup_helper_secret" = { }; - backup-helper = { - enable = true; - password-file = "/run/secrets/backup_helper_secret"; - backup-dirs = [ - "/var/lib/grafana/plugins" + services.restic.backups.grafana = { + repository = "rest:http://10.69.12.52:8000/backup-nix"; + passwordFile = "/run/secrets/backup_helper_secret"; + paths = [ "/var/lib/grafana/plugins" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 6" + "--keep-within 1d" ]; - backup-commands = [ - # "grafana.db:${pkgs.sqlite}/bin/sqlite /var/lib/grafana/data/grafana.db .dump" - "grafana.db:${pkgs.sqlite}/bin/sqlite3 /var/lib/grafana/data/grafana.db .dump" + }; + + services.restic.backups.grafana-db = { + repository = "rest:http://10.69.12.52:8000/backup-nix"; + passwordFile = "/run/secrets/backup_helper_secret"; + command = [ "${pkgs.sqlite}/bin/sqlite3" "/var/lib/grafana/data/grafana.db" ".dump" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 6" + "--keep-within 1d" ]; }; diff --git a/hosts/nixos-test1/configuration.nix b/hosts/nixos-test1/configuration.nix index 3d58aeb..4809c2f 100644 --- a/hosts/nixos-test1/configuration.nix +++ b/hosts/nixos-test1/configuration.nix @@ -51,15 +51,25 @@ networking.firewall.enable = false; # Secrets - # Backup helper + # Backup sops.secrets."backup_helper_secret" = { }; - backup-helper = { - enable = true; - password-file = "/run/secrets/backup_helper_secret"; - backup-dirs = [ + services.restic.backups.test = { + repository = "rest:http://10.69.12.52:8000/backup-nix"; + passwordFile = "/run/secrets/backup_helper_secret"; + paths = [ "/etc/machine-id" "/etc/os-release" ]; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 6" + "--keep-within 1d" + ]; }; system.stateVersion = "23.11"; # Did you read the comment?