Back up thewordnerd.

hosts/flynode/default.nix

@@ -7,6 +7,7 @@
     ./hardware-configuration.nix
     ../../roles/laptop.nix
     ../../roles/zfs.nix
+    ../../roles/restic.nix
     ../../base.nix
     ../../users/root.nix
     ../../users/nolan/desktop.nix

hosts/hub/default.nix

@@ -8,6 +8,7 @@
   imports = [
     ./hardware-configuration.nix
     ../../roles/zfs.nix
+    ../../roles/restic.nix
     ../../base.nix
     ../../users/root.nix
     ../../roles/fail2ban.nix

roles/restic.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+{
+  services.restic.backups.home = {
+    paths = [ "/home/.zfs/snapshot/restic" ];
+    repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}";
+    environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path;
+    passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path;
+    initialize = true;
+    backupPrepareCommand = "${pkgs.zfs}/bin/zfs snapshot zpool/home@restic";
+    backupCleanupCommand = "${pkgs.zfs}/bin/zfs destroy zpool/home@restic";
+    timerConfig = {
+      OnCalendar = "hourly";
+      Persistent = true;
+    };
+  };
+  services.restic.backups.var = {
+    paths = [ "/var/.zfs/snapshot/restic" ];
+    repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}";
+    environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path;
+    passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path;
+    initialize = true;
+    backupPrepareCommand = "${pkgs.zfs}/bin/zfs snapshot zpool/var@restic";
+    backupCleanupCommand = "${pkgs.zfs}/bin/zfs destroy zpool/var@restic";
+    timerConfig = {
+      OnCalendar = "hourly";
+      Persistent = true;
+    };
+  };
+  age.secrets."restic_b2_${config.networking.hostName}".file =
+    ../secrets/restic_b2_${config.networking.hostName}.age;
+  age.secrets."restic_password_${config.networking.hostName}".file =
+    ../secrets/restic_password_${config.networking.hostName}.age;
+}

secrets/restic_b2_flynode.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 revz+g 8Mx4vYtThDSs077EJRZjA9ayLtNxbv/eejnkDO/D+yQ
+q4qbdGdIUJsTRDhiozsjgsuaHN4KHpy2GdRVjgqP4iU
+-> ssh-rsa exbmLg
+oGFNhpWYezPHSo3Jqu+x9iO30duY/UK9NrtkK1to3kInMVjxao+vY20zBX5wuxpi
+pFPY+Pmksf7jnNRzi3phhp+9sgQwcP3MBIJnvgZL1WZt26R9m5gJT4Wf/TzjpZrC
+YgfGxUWqSuqpmwoZ3xuayD/ZAfS63csWXFkEcc2TDZWsDYQ1AY9zqjJ1oNKdJFl7
+bUxMGic92ddBvG+Y1IQaLZrc/OI19wOFAgtcU3WCciqdND/r2L7FflHd44gFL9EY
+4DwWMZbIjAwwz6bS/g1sfHRyn6peQuWBWrEG049HfqOPFJUBmpNKa5CbEpXL0csU
+1Y7/dx0yPiOaP5Z8zJ+EEw
+--- WzhHpj0ay8o6PueHTa3yUamJIQPzNDgan8xfKGZAPgY
+ViKMË	Øß}DƒS=ö¢7YŸPÕ¾/–ìöG_fûùsÚef–ÎÉF †<‹Æ%<25>Õ¤wï¬x'ÛƒóZ–Ö)¯ß×ÒR뇃<E280A1>ó£ug!îœ
+¦àWÒU]Y~”øVœ3?íp<C3AD>"×ðDƒ°S>çÄäaofè~¦o%D¶SP³

secrets/restic_b2_thewordnerd.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 revz+g lVTRMq6kbBp39BVj59Gdy7iBCmSyXzW/7A50UPj0W1Q
+JzRRzMv4yll7/zPjaPxFTJm6+XIjoOVmAp1KTXSVlXU
+-> ssh-rsa exbmLg
+oyMuL4156+qi3vC7uDBzurvPhTlZqSSNuWQcY7+MWN3l/bwA+Xg3JuJ0iIkvSkDA
+ZSlrkYcq7dARGl/04Jmdh9C2cytrnyFBnqhIL0qDJli1x5CdoR9BgdiAfRxiMlUn
+VhZ0eccNgdFLHHNDXFROBI3j5q8cGScBweMLR67NAmP9kLj9k2XLLlBkql45fkUd
+D9VV8iN5mVeIJRd+uTsV7fI763GR6lh5OWwfOJwYDtBDVScMemBZIjIqFL4ZvcbA
+Qc/Uoes7S2ll0fsUtHEP2V8Dyo271A/nUSsE6CIiDIELyMRvEUZ8K6lac3lv0pr3
+11R3M5pPp690rZdtLrNy6g
+--- Wsvi6Zfg664UrbogScPygIDSYewQaujdZTxKaTJ0/u4
+åź‰Ê‹õ
+åˆcŒ¾7¾jFÌ¥ žq†²·J$¦£¼¡h^à¡F*ÚvŽWÊGÆW“þÖÛ? \dJ…k‰.Åö5d#À~~o.ìH”™ùpm„’øƒ$ÒN@måÊ÷ÌOJ
+dÃß—<C39F>'h°^í¦‡®ýødåØþGú»%¯r

secrets/restic_password_flynode.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 revz+g 2Qu5k6OFm4+YFa18nBqcy8zz23BnGpvsgcyNl4nIuhg
+ydOO63DlVfzizjainHOotp8baMw3Eev5YNF/UIAyQwk
+-> ssh-rsa exbmLg
+dynXBSKkEBwtrf8mU7p89040AovLUZgXwuTWICwNMAa9VejorRk+F/oUMlyWddob
+hD0G+xNcerojctDPDHk+n5totAKg/BaEWP2t4ua1zgAhxPLLl98T5tY4+GWRX+fD
+PzJ2vazyj+ekb24B3BFVGyTrifKD/0yeS+SVCjLA9cs2HEUegc9wRj37MM7H7g+d
+1faEYZLQcJ7RPw3o97sjiDRc77Ub9yZR8ptR6pNndrHB4UFvFvHquHgZAYMCtx5y
+OaV4Y2GNnjqQ5h97u85VrS6Q+rILDXfel24rl8N4AAr/CA+7mrIABDANccBLrkRo
+B5po79FobXMHE7MLRxXJRg
+--- fXV0PCrZNpJC1OsqbEsnWq+OxfZ6OjywN8gQerA87r8
+ 	P)±“«*_3À<33>9SÖ$óÞ—Ae˜!ZÚÖ4æàE=¬mmÝî¾O<C2BE>mæoÊ•×F6.÷öÖ#`½š÷,µ¦`‹

secrets/restic_password_thewordnerd.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 revz+g X6seKvNEEgnphNOuAD+z7MnfKLJF4Z6xtNIreRoeuAo
+DcfwLobkm3jkoDzOQfEhddksb4mPeho4zIUjSme1dn8
+-> ssh-rsa exbmLg
+rSBndUV717eoPlGsPAt9bzaCjUFEJg29f/u5LbsetdFuj+/96DveP/YhcfwnwufA
+13G8zuehdYMu3YXOOt133Z6e4M7qAT53Bhf3RkxkGzKP8RDPH8+HYCLHazC5uhnR
+/ew0l2dw0ZlH3q9tGiV0RaBZxFqzSmwYsmKnN8VxggHKJfjcH55968lW1Oi/uZBc
+/1pjmHWUiPFNpLWsO8xyi1fPWSy551K7rlehos8/npu/PcbhNXlb9NXhE1v0Vcps
+TvR6QjEp296s/WvhfXw+W23Bu9nUbBFJCT/3GZeoNsIa6flpw/f88TqU5TGOhDXA
+eEas3GA2Ubgry+aeznWKTw
+--- rn5ojm/mofQ931Mx6nluIOGLp9/g0Ae/XZjyS7vYVRw
+ÛóÀKˆf'Zž¡?”ge¥-Í=º ­e2î‰ô¦¤ûHÇ=c1ªp¾æ÷0‡åD˜l³ó¬Aº‚ußhÿóF¦Š

secrets/secrets.nix

@@ -21,4 +21,20 @@ in
     garden
   ];
   "dev_runner_linux.age".publicKeys = [ hub ];
+  "restic_b2_flynode.age".publicKeys = [
+    flynode
+    nolan
+  ];
+  "restic_password_flynode.age".publicKeys = [
+    flynode
+    nolan
+  ];
+  "restic_b2_thewordnerd.age".publicKeys = [
+    flynode
+    nolan
+  ];
+  "restic_password_thewordnerd.age".publicKeys = [
+    flynode
+    nolan
+  ];
 }

users/nolan/default.nix

@@ -41,5 +41,13 @@
         };
       };
     };
+    home = {
+      shellAliases = {
+        "gc" = "git commit";
+        "gl" = "git log --abbrev-commit";
+        "gps" = "git push";
+        "gpl" = "git pull";
+      };
+    };
   };
 }