torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

backup: migrate to native services.restic.backups #14

Merged
torjus merged 2 commits from migrate-to-native-restic-backups into master 2026-02-03 23:47:11 +00:00
Conversation 0 Commits 2 Files Changed 6 +65 -48
6 changed files with 65 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CLAUDE.md
View File

@@ -63,6 +63,14 @@ Examples:
- `template2: add proxmox image configuration`
- `terraform: add VM deployment configuration`
### Clipboard
To copy text to the clipboard, pipe to `wl-copy` (Wayland):
```bash
echo "text" | wl-copy
```
### NixOS Options Lookup
An MCP server is available for searching and looking up NixOS option documentation. This is useful when configuring new services or options for hosts.
@@ -145,7 +153,6 @@ Template/test hosts:
- `nixpkgs-unstable` - Unstable channel (available via overlay as `pkgs.unstable.<package>`)
- `sops-nix` - Secrets management
- Custom packages from git.t-juice.club:
- `backup-helper` - Backup automation module
- `alerttonotify` - Alert routing
- `labmon` - Lab monitoring

22
flake.lock generated
View File

@@ -21,27 +21,6 @@
"url": "https://git.t-juice.club/torjus/alerttonotify"
}
},
"backup-helper": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1738015166,
"narHash": "sha256-573tR4aXNjILKvYnjZUM5DZZME2H6YTHJkUKs3ZehFU=",
"ref": "master",
"rev": "f9540cc065692c7ca80735e7b08399459e0ea6d6",
"revCount": 35,
"type": "git",
"url": "https://git.t-juice.club/torjus/backup-helper"
},
"original": {
"ref": "master",
"type": "git",
"url": "https://git.t-juice.club/torjus/backup-helper"
}
},
"labmon": {
"inputs": {
"nixpkgs": [
@@ -98,7 +77,6 @@
"root": {
"inputs": {
"alerttonotify": "alerttonotify",
"backup-helper": "backup-helper",
"labmon": "labmon",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",

8
flake.nix
View File

@@ -9,10 +9,6 @@
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
backup-helper = {
url = "git+https://git.t-juice.club/torjus/backup-helper?ref=master";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
alerttonotify = {
url = "git+https://git.t-juice.club/torjus/alerttonotify?ref=master";
inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -29,7 +25,6 @@
nixpkgs,
nixpkgs-unstable,
sops-nix,
backup-helper,
alerttonotify,
labmon,
...
@@ -136,7 +131,6 @@
)
./hosts/nixos-test1
sops-nix.nixosModules.sops
backup-helper.nixosModules.backup-helper
];
};
ha1 = nixpkgs.lib.nixosSystem {
@@ -153,7 +147,6 @@
)
./hosts/ha1
sops-nix.nixosModules.sops
backup-helper.nixosModules.backup-helper
];
};
template1 = nixpkgs.lib.nixosSystem {
@@ -234,7 +227,6 @@
)
./hosts/monitoring01
sops-nix.nixosModules.sops
backup-helper.nixosModules.backup-helper
labmon.nixosModules.labmon
];
};

18
hosts/ha1/configuration.nix
View File

@@ -57,14 +57,24 @@
# Backup service dirs
sops.secrets."backup_helper_secret" = { };
backup-helper = {
enable = true;
password-file = "/run/secrets/backup_helper_secret";
backup-dirs = [
services.restic.backups.ha1 = {
repository = "rest:http://10.69.12.52:8000/backup-nix";
passwordFile = "/run/secrets/backup_helper_secret";
paths = [
"/var/lib/hass"
"/var/lib/zigbee2mqtt"
"/var/lib/mosquitto"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
];
};
# Open ports in the firewall.

36
hosts/monitoring01/configuration.nix
View File

@@ -57,15 +57,35 @@
services.qemuGuest.enable = true;
sops.secrets."backup_helper_secret" = { };
backup-helper = {
enable = true;
password-file = "/run/secrets/backup_helper_secret";
backup-dirs = [
"/var/lib/grafana/plugins"
services.restic.backups.grafana = {
repository = "rest:http://10.69.12.52:8000/backup-nix";
passwordFile = "/run/secrets/backup_helper_secret";
paths = [ "/var/lib/grafana/plugins" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
];
backup-commands = [
# "grafana.db:${pkgs.sqlite}/bin/sqlite /var/lib/grafana/data/grafana.db .dump"
"grafana.db:${pkgs.sqlite}/bin/sqlite3 /var/lib/grafana/data/grafana.db .dump"
};
services.restic.backups.grafana-db = {
repository = "rest:http://10.69.12.52:8000/backup-nix";
passwordFile = "/run/secrets/backup_helper_secret";
command = [ "${pkgs.sqlite}/bin/sqlite3" "/var/lib/grafana/data/grafana.db" ".dump" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
];
};

20
hosts/nixos-test1/configuration.nix
View File

@@ -51,15 +51,25 @@
networking.firewall.enable = false;
# Secrets
# Backup helper
# Backup
sops.secrets."backup_helper_secret" = { };
backup-helper = {
enable = true;
password-file = "/run/secrets/backup_helper_secret";
backup-dirs = [
services.restic.backups.test = {
repository = "rest:http://10.69.12.52:8000/backup-nix";
passwordFile = "/run/secrets/backup_helper_secret";
paths = [
"/etc/machine-id"
"/etc/os-release"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-within 1d"
];
};
system.stateVersion = "23.11"; # Did you read the comment?