66 lines
1.6 KiB
Nix
66 lines
1.6 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
services.restic.backups."${config.networking.hostName}-server" = {
|
|
initialize = false;
|
|
|
|
paths = [
|
|
"/media"
|
|
];
|
|
|
|
exclude = [
|
|
"/media/secrets"
|
|
"/media/torrents"
|
|
"/media/media"
|
|
|
|
".cache*"
|
|
".DS_Store"
|
|
"logs"
|
|
];
|
|
|
|
checkOpts = [
|
|
"--with-cache" # just to make checks faster
|
|
];
|
|
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 5"
|
|
"--keep-monthly 12"
|
|
"--keep-yearly 10"
|
|
];
|
|
|
|
timerConfig = {
|
|
OnBootSec = "5m"; # lets wifi connect before starting backups
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
};
|
|
|
|
# backup postgres databases, kind of hacky but
|
|
# i think its the only way to do it without needing
|
|
# another backup repo
|
|
backupPrepareCommand = ''
|
|
rm -f /media/apps/postgres # -f doesn't error if doesn't exist
|
|
touch /media/apps/postgres
|
|
chmod 600 /media/apps/postgres
|
|
${lib.getExe pkgs.sudo} -u postgres ${config.services.postgresql.package}/bin/pg_dumpall > /media/apps/postgres
|
|
'';
|
|
|
|
backupCleanupCommand = ''
|
|
rm /media/apps/postgres
|
|
'';
|
|
|
|
# https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#other-services-via-rclone
|
|
# put something like : "rclone:onedrive:restic" to use as the remote
|
|
#
|
|
# sudo nix run nixpkgs#rclone -- config
|
|
repositoryFile = "/media/secrets/restic-repo";
|
|
|
|
# the passphrase used
|
|
passwordFile = "/media/secrets/restic-password";
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"f /media/secrets/restic-repo 0400 root root"
|
|
"f /media/secrets/restic-password 0400 root root"
|
|
];
|
|
}
|