backup: migrate to native services.restic.backups

Replace custom backup-helper flake input with NixOS native services.restic.backups module for ha1, monitoring01, and nixos-test1. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 00:41:40 +01:00
parent b5da9431aa
commit d25fc99e1d
5 changed files with 57 additions and 47 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -21,27 +21,6 @@
        "url": "https://git.t-juice.club/torjus/alerttonotify"
      }
    },
    "backup-helper": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
      },
      "locked": {
        "lastModified": 1738015166,
        "narHash": "sha256-573tR4aXNjILKvYnjZUM5DZZME2H6YTHJkUKs3ZehFU=",
        "ref": "master",
        "rev": "f9540cc065692c7ca80735e7b08399459e0ea6d6",
        "revCount": 35,
        "type": "git",
        "url": "https://git.t-juice.club/torjus/backup-helper"
      },
      "original": {
        "ref": "master",
        "type": "git",
        "url": "https://git.t-juice.club/torjus/backup-helper"
      }
    },
    "labmon": {
      "inputs": {
        "nixpkgs": [
@@ -98,7 +77,6 @@
    "root": {
      "inputs": {
        "alerttonotify": "alerttonotify",
        "backup-helper": "backup-helper",
        "labmon": "labmon",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
--- a/flake.nix
+++ b/flake.nix
@@ -9,10 +9,6 @@
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
    backup-helper = {
      url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
    alerttonotify = {
      url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -29,7 +25,6 @@
      nixpkgs,
      nixpkgs-unstable,
      sops-nix,
      backup-helper,
      alerttonotify,
      labmon,
      ...
@@ -136,7 +131,6 @@
            )
            ./hosts/nixos-test1
            sops-nix.nixosModules.sops
            backup-helper.nixosModules.backup-helper
          ];
        };
        ha1 = nixpkgs.lib.nixosSystem {
@@ -153,7 +147,6 @@
            )
            ./hosts/ha1
            sops-nix.nixosModules.sops
            backup-helper.nixosModules.backup-helper
          ];
        };
        template1 = nixpkgs.lib.nixosSystem {
@@ -234,7 +227,6 @@
            )
            ./hosts/monitoring01
            sops-nix.nixosModules.sops
            backup-helper.nixosModules.backup-helper
            labmon.nixosModules.labmon
          ];
        };
--- a/hosts/ha1/configuration.nix
+++ b/hosts/ha1/configuration.nix
@@ -57,14 +57,24 @@
  # Backup service dirs
  sops.secrets."backup_helper_secret" = { };
-  backup-helper = {
+  services.restic.backups.ha1 = {
-    enable = true;
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
-    password-file = "/run/secrets/backup_helper_secret";
+    passwordFile = "/run/secrets/backup_helper_secret";
-    backup-dirs = [
+    paths = [
      "/var/lib/hass"
      "/var/lib/zigbee2mqtt"
      "/var/lib/mosquitto"
    ];
    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
    };
    pruneOpts = [
      "--keep-daily 7"
      "--keep-weekly 4"
      "--keep-monthly 6"
      "--keep-within 1d"
    ];
  };
  # Open ports in the firewall.
--- a/hosts/monitoring01/configuration.nix
+++ b/hosts/monitoring01/configuration.nix
@@ -57,15 +57,35 @@
  services.qemuGuest.enable = true;
  sops.secrets."backup_helper_secret" = { };
-  backup-helper = {
+  services.restic.backups.grafana = {
-    enable = true;
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
-    password-file = "/run/secrets/backup_helper_secret";
+    passwordFile = "/run/secrets/backup_helper_secret";
-    backup-dirs = [
+    paths = [ "/var/lib/grafana/plugins" ];
-      "/var/lib/grafana/plugins"
+    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
    };
    pruneOpts = [
      "--keep-daily 7"
      "--keep-weekly 4"
      "--keep-monthly 6"
      "--keep-within 1d"
    ];
-    backup-commands = [
+  };
-      # "grafana.db:${pkgs.sqlite}/bin/sqlite /var/lib/grafana/data/grafana.db .dump"
+
-      "grafana.db:${pkgs.sqlite}/bin/sqlite3 /var/lib/grafana/data/grafana.db .dump"
+  services.restic.backups.grafana-db = {
    repository = "rest:http://10.69.12.52:8000/backup-nix";
    passwordFile = "/run/secrets/backup_helper_secret";
    command = [ "${pkgs.sqlite}/bin/sqlite3" "/var/lib/grafana/data/grafana.db" ".dump" ];
    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
    };
    pruneOpts = [
      "--keep-daily 7"
      "--keep-weekly 4"
      "--keep-monthly 6"
      "--keep-within 1d"
    ];
  };
--- a/hosts/nixos-test1/configuration.nix
+++ b/hosts/nixos-test1/configuration.nix
@@ -51,15 +51,25 @@
  networking.firewall.enable = false;
  # Secrets
-  # Backup helper
+  # Backup
  sops.secrets."backup_helper_secret" = { };
-  backup-helper = {
+  services.restic.backups.test = {
-    enable = true;
+    repository = "rest:http://10.69.12.52:8000/backup-nix";
-    password-file = "/run/secrets/backup_helper_secret";
+    passwordFile = "/run/secrets/backup_helper_secret";
-    backup-dirs = [
+    paths = [
      "/etc/machine-id"
      "/etc/os-release"
    ];
    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
    };
    pruneOpts = [
      "--keep-daily 7"
      "--keep-weekly 4"
      "--keep-monthly 6"
      "--keep-within 1d"
    ];
  };
  system.stateVersion = "23.11"; # Did you read the comment?