diff --git a/hosts/flynode/default.nix b/hosts/flynode/default.nix index cb9de55..a4cf65b 100644 --- a/hosts/flynode/default.nix +++ b/hosts/flynode/default.nix @@ -7,6 +7,7 @@ ./hardware-configuration.nix ../../roles/laptop.nix ../../roles/zfs.nix + ../../roles/restic.nix ../../base.nix ../../users/root.nix ../../users/nolan/desktop.nix diff --git a/roles/restic.nix b/roles/restic.nix new file mode 100644 index 0000000..8ea4abe --- /dev/null +++ b/roles/restic.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: + +{ + services.restic.backups.home = { + paths = [ "/home/.zfs/snapshot/restic" ]; + repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}"; + environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path; + passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path; + initialize = true; + backupPrepareCommand = "${pkgs.zfs}/bin/zfs snapshot zpool/home@restic"; + backupCleanupCommand = "${pkgs.zfs}/bin/zfs destroy zpool/home@restic"; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; + }; + services.restic.backups.var = { + paths = [ "/var/.zfs/snapshot/restic" ]; + repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}"; + environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path; + passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path; + initialize = true; + backupPrepareCommand = "${pkgs.zfs}/bin/zfs snapshot zpool/var@restic"; + backupCleanupCommand = "${pkgs.zfs}/bin/zfs destroy zpool/var@restic"; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; + }; + age.secrets."restic_b2_${config.networking.hostName}".file = + ../secrets/restic_b2_${config.networking.hostName}.age; + age.secrets."restic_password_${config.networking.hostName}".file = + ../secrets/restic_password_${config.networking.hostName}.age; +} diff --git a/secrets/restic_b2_flynode.age b/secrets/restic_b2_flynode.age new file mode 100644 index 0000000..25be6e9 --- /dev/null +++ b/secrets/restic_b2_flynode.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 revz+g 8Mx4vYtThDSs077EJRZjA9ayLtNxbv/eejnkDO/D+yQ +q4qbdGdIUJsTRDhiozsjgsuaHN4KHpy2GdRVjgqP4iU +-> ssh-rsa exbmLg +oGFNhpWYezPHSo3Jqu+x9iO30duY/UK9NrtkK1to3kInMVjxao+vY20zBX5wuxpi +pFPY+Pmksf7jnNRzi3phhp+9sgQwcP3MBIJnvgZL1WZt26R9m5gJT4Wf/TzjpZrC +YgfGxUWqSuqpmwoZ3xuayD/ZAfS63csWXFkEcc2TDZWsDYQ1AY9zqjJ1oNKdJFl7 +bUxMGic92ddBvG+Y1IQaLZrc/OI19wOFAgtcU3WCciqdND/r2L7FflHd44gFL9EY +4DwWMZbIjAwwz6bS/g1sfHRyn6peQuWBWrEG049HfqOPFJUBmpNKa5CbEpXL0csU +1Y7/dx0yPiOaP5Z8zJ+EEw +--- WzhHpj0ay8o6PueHTa3yUamJIQPzNDgan8xfKGZAPgY +ViKM }DS=7YPվ/G_fsefF<%դwx'ۃZ)R뇃ug! +WU]Y~V3?p"DS>aof~o%DSP \ No newline at end of file diff --git a/secrets/restic_password_flynode.age b/secrets/restic_password_flynode.age new file mode 100644 index 0000000..018bc3f --- /dev/null +++ b/secrets/restic_password_flynode.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 revz+g 2Qu5k6OFm4+YFa18nBqcy8zz23BnGpvsgcyNl4nIuhg +ydOO63DlVfzizjainHOotp8baMw3Eev5YNF/UIAyQwk +-> ssh-rsa exbmLg +dynXBSKkEBwtrf8mU7p89040AovLUZgXwuTWICwNMAa9VejorRk+F/oUMlyWddob +hD0G+xNcerojctDPDHk+n5totAKg/BaEWP2t4ua1zgAhxPLLl98T5tY4+GWRX+fD +PzJ2vazyj+ekb24B3BFVGyTrifKD/0yeS+SVCjLA9cs2HEUegc9wRj37MM7H7g+d +1faEYZLQcJ7RPw3o97sjiDRc77Ub9yZR8ptR6pNndrHB4UFvFvHquHgZAYMCtx5y +OaV4Y2GNnjqQ5h97u85VrS6Q+rILDXfel24rl8N4AAr/CA+7mrIABDANccBLrkRo +B5po79FobXMHE7MLRxXJRg +--- fXV0PCrZNpJC1OsqbEsnWq+OxfZ6OjywN8gQerA87r8 + P)*_39S$ޗAe!Z4E=mmOmoʕF6.#` ,` \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b034539..c52e88a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,4 +21,12 @@ in garden ]; "dev_runner_linux.age".publicKeys = [ hub ]; + "restic_b2_flynode.age".publicKeys = [ + flynode + nolan + ]; + "restic_password_flynode.age".publicKeys = [ + flynode + nolan + ]; }