diff --git a/.gitignore b/.gitignore index 9c0ec39..121d62b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ !hosts/cube/grafana/ !hosts/cube/matrix/ !hosts/cube/nextcloud/ +!hosts/cube/restic/ !hosts/disk/ diff --git a/hosts/cube/restic/default.nix b/hosts/cube/restic/default.nix new file mode 100644 index 0000000..939684e --- /dev/null +++ b/hosts/cube/restic/default.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: with lib; + +systemConfiguration { + secrets.resticPassword.file = ./password.age; + + services.restic.backups.varlib = { + passwordFile = config.secrets.resticPassword.path; + initialize = true; + + repository = "sftp:backup@disk:cube-varlib"; + + paths = [ "/var/lib" ]; + + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + }; +} diff --git a/hosts/cube/restic/password.age b/hosts/cube/restic/password.age new file mode 100644 index 0000000..93c9dbc --- /dev/null +++ b/hosts/cube/restic/password.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw Pz3T7KDCT0BXpfo7/VjZ27hWG4+ka5TLFe03L57PxyQ +rC91EQTynNYnJbR6lUVMVfjxfVbLXRu1RjZJhzxv6rg +-> ssh-rsa jPaU3Q +IfTQ1kmephTH0iTiJSGzkS23yq1S6tdndiaaeTCaK3Ydj8M4wVby4Tf8L6R6Y6Zh +fZligOmsCtFwmZ5q2MLB6ekQ40Mhw58FtYcSFQMKGp8z2gLHbeJyM4BRsJS5/HD/ +W8Pynx/tLNcgeFxh2FIkaX+4nhL6rSA1CRY2dpf7d3GTZBsDTAcfH6zeqsASfpAA +eTlB8NtkaSgV6txR1q+WRsNNGWFlAi1Z7489sKyTYQTKZSeZDH6LC2bzNmB+/4ja +Za611rYtRVFEhNh/3vcwZ7E9Qx3wnzEnoxbQDN/PO0SjhTXWrxOpEmuQtem7KV1W +lGoIzaBNaJ3fC611UxTx6dtLfnGMGdPApRce7ClsT8To6FEYIEe4R2B85mzf4hKq +4z67Jbe5QDZ9XvAigqzzqguNM5wbdEkpb83NOjNdOT8YJmikoHcmnqJIoxHvRZRT +hAZqYIQ9112hRi1p6aJWdmh+B1NKRZLLVFdNVucbJMaspr+JLwD/5apibbb5+zLs + +--- 7UuZuVFP5t6IqQJxTyRrHIU/YkHPAgqeNr/D+VOPQRI +M &bDebCvQ2(dSTFQ> +?"FF&^ \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 0470f39..afb2765 100644 --- a/secrets.nix +++ b/secrets.nix @@ -17,6 +17,8 @@ in with keys; { "hosts/cube/nextcloud/password.age".publicKeys = [ cube enka ]; + "hosts/cube/restic/password.age".publicKeys = [ cube enka ]; + ### disk "hosts/disk/id.age".publicKeys = [ cube enka ]; "hosts/disk/password.floppy.age".publicKeys = [ disk enka ];