torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

backup: migrate to native services.restic.backups #14

Merged
torjus merged 2 commits from migrate-to-native-restic-backups into master 2026-02-03 23:47:11 +00:00
Conversation 0 Commits 2 Files Changed 6 +57 -47
5 changed files with 57 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d25fc99e1d - Show all commits

22
flake.lock generated
View File

@@ -21,27 +21,6 @@
"url": "https://git.t-juice.club/torjus/alerttonotify" "url": "https://git.t-juice.club/torjus/alerttonotify"
} }
}, },
"backup-helper": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1738015166,
"narHash": "sha256-573tR4aXNjILKvYnjZUM5DZZME2H6YTHJkUKs3ZehFU=",
"ref": "master",
"rev": "f9540cc065692c7ca80735e7b08399459e0ea6d6",
"revCount": 35,
"type": "git",
"url": "https://git.t-juice.club/torjus/backup-helper"
},
"original": {
"ref": "master",
"type": "git",
"url": "https://git.t-juice.club/torjus/backup-helper"
}
},
"labmon": { "labmon": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -98,7 +77,6 @@
"root": { "root": {
"inputs": { "inputs": {
"alerttonotify": "alerttonotify", "alerttonotify": "alerttonotify",
"backup-helper": "backup-helper",
"labmon": "labmon", "labmon": "labmon",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",

8
flake.nix
View File

@@ -9,10 +9,6 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
backup-helper = {
url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
alerttonotify = { alerttonotify = {
url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master"; url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -29,7 +25,6 @@
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
sops-nix, sops-nix,
backup-helper,
alerttonotify, alerttonotify,
labmon, labmon,
... ...
@@ -136,7 +131,6 @@
) )
./hosts/nixos-test1 ./hosts/nixos-test1
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
backup-helper.nixosModules.backup-helper
]; ];
}; };
ha1 = nixpkgs.lib.nixosSystem { ha1 = nixpkgs.lib.nixosSystem {
@@ -153,7 +147,6 @@
) )
./hosts/ha1 ./hosts/ha1
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
backup-helper.nixosModules.backup-helper
]; ];
}; };
template1 = nixpkgs.lib.nixosSystem { template1 = nixpkgs.lib.nixosSystem {
@@ -234,7 +227,6 @@
) )
./hosts/monitoring01 ./hosts/monitoring01
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
backup-helper.nixosModules.backup-helper
labmon.nixosModules.labmon labmon.nixosModules.labmon
]; ];
}; };

18
hosts/ha1/configuration.nix
View File

@@ -57,14 +57,24 @@
# Backup service dirs # Backup service dirs
sops.secrets."backup_helper_secret" = { }; sops.secrets."backup_helper_secret" = { };
backup-helper = { services.restic.backups.ha1 = {
enable = true; repository = "rest:http://10.69.12.52:8000/backup-nix";
password-file = "/run/secrets/backup_helper_secret"; passwordFile = "/run/secrets/backup_helper_secret";
backup-dirs = [ paths = [
"/var/lib/hass" "/var/lib/hass"
"/var/lib/zigbee2mqtt" "/var/lib/zigbee2mqtt"
"/var/lib/mosquitto" "/var/lib/mosquitto"
]; ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
];
}; };
# Open ports in the firewall. # Open ports in the firewall.

36
hosts/monitoring01/configuration.nix
View File

@@ -57,15 +57,35 @@
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
sops.secrets."backup_helper_secret" = { }; sops.secrets."backup_helper_secret" = { };
backup-helper = { services.restic.backups.grafana = {
enable = true; repository = "rest:http://10.69.12.52:8000/backup-nix";
password-file = "/run/secrets/backup_helper_secret"; passwordFile = "/run/secrets/backup_helper_secret";
backup-dirs = [ paths = [ "/var/lib/grafana/plugins" ];
"/var/lib/grafana/plugins" timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
]; ];
backup-commands = [ };
# "grafana.db:${pkgs.sqlite}/bin/sqlite /var/lib/grafana/data/grafana.db .dump"
"grafana.db:${pkgs.sqlite}/bin/sqlite3 /var/lib/grafana/data/grafana.db .dump" services.restic.backups.grafana-db = {
repository = "rest:http://10.69.12.52:8000/backup-nix";
passwordFile = "/run/secrets/backup_helper_secret";
command = [ "${pkgs.sqlite}/bin/sqlite3" "/var/lib/grafana/data/grafana.db" ".dump" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
]; ];
}; };

20
hosts/nixos-test1/configuration.nix
View File

@@ -51,15 +51,25 @@
networking.firewall.enable = false; networking.firewall.enable = false;
# Secrets # Secrets
# Backup helper # Backup
sops.secrets."backup_helper_secret" = { }; sops.secrets."backup_helper_secret" = { };
backup-helper = { services.restic.backups.test = {
enable = true; repository = "rest:http://10.69.12.52:8000/backup-nix";
password-file = "/run/secrets/backup_helper_secret"; passwordFile = "/run/secrets/backup_helper_secret";
backup-dirs = [ paths = [
"/etc/machine-id" "/etc/machine-id"
"/etc/os-release" "/etc/os-release"
]; ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
];
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?