feat: restic drafts

2026-03-30 14:21:51 +02:00 · 2024-02-08 21:46:05 +08:00
parent 140b84df2b
commit 18a40b49e3
5 changed files with 96 additions and 6 deletions
--- a/hosts/idols_aquamarine/default.nix
+++ b/hosts/idols_aquamarine/default.nix
@@ -10,6 +10,7 @@ let
 in {
  imports = [
    ./router.nix
+    ./dae.nix
  ];

  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
--- a/hosts/idols_kana/README.md
+++ b/hosts/idols_kana/README.md
@@ -4,11 +4,9 @@ TODO: use kana for various services.

 Services:

-1. restic(backup file from homelab to NAS, or from NAS to Cloud)
-2. synthing(sync file between android/macbook/PC and NAS)
-4. dashy(homepage)
+4. dashy: Homepage
 3. ddns
-4. aria2ng & transmission(file downloading)
-5. uptime-kuma(uptime monitoring)
-7. Alist(file browser for local/SMB/Cloud)
+4. aria2ng & transmission: File downloading
+5. uptime-kuma: uptime monitoring
+7. Alist: File browser for local/SMB/Cloud
 8. excalidraw/DDTV/owncast/jitsi-meet/...
--- a/hosts/idols_ruby/README.md
+++ b/hosts/idols_ruby/README.md
@@ -0,0 +1,8 @@
+# Idols - Ruby
+
+TODO: use kana for backup / sync my personal data.
+For safety, those data should be encrypted before sending to the cloud or my NAS.
+
+1. restic: Backup file from homelab to NAS, or from NAS to Cloud
+2. synthing: Sync file between android/macbook/PC and NAS
+
--- a/hosts/idols_ruby/default.nix
+++ b/hosts/idols_ruby/default.nix
@@ -8,6 +8,10 @@ let
  hostName = "ruby"; # Define your hostname.
  hostAddress = vars_networking.hostAddress.${hostName};
 in {
+  imports = [
+    ./restic.nix
+  ];
+
  # Enable binfmt emulation of aarch64-linux, this is required for cross compilation.
  boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
  # supported file systems, so we can mount any removable disks with these filesystems
--- a/hosts/idols_ruby/restic.nix
+++ b/hosts/idols_ruby/restic.nix
@@ -0,0 +1,79 @@
+{pkgs, ...}: {
+  # https://github.com/NixOS/nixpkgs/blob/nixos-23.11/nixos/modules/services/backup/restic.nix
+  services.restic.backups = {
+    homelab-backup = {
+      initialize = true; # Initialize the repository if it doesn't exist.
+      passwordFile = "/etc/agenix/restic-password";
+      repository = "rclone:smb-downloads:/Downloads/proxmox-backup/"; # backup to a rclone remote
+
+      # rclone related
+      # rcloneOptions = {
+      #   bwlimit = "100M";  # Limit the bandwidth used by rclone.
+      # };
+      rcloneConfigFile = "/etc/agenix/rclone-conf-for-restic-backup";
+
+      # Which local paths to backup, in addition to ones specified via `dynamicFilesFrom`.
+      paths = [
+        "/tmp/restic-backup-temp"
+      ];
+      #
+      # A script that produces a list of files to back up.  The
+      # results of this command are given to the '--files-from'
+      # option. The result is merged with paths specified via `paths`.
+      # dynamicFilesFrom = "find /home/matt/git -type d -name .git";
+      #
+      # Patterns to exclude when backing up. See
+      #   https://restic.readthedocs.io/en/latest/040_backup.html#excluding-files
+      # for details on syntax.
+      exclude = [];
+
+      # A script that must run before starting the backup process.
+      backupPrepareCommand = ''
+        ${pkgs.nushell}/bin/nu -c '
+          let pve_nodes = [
+            # proxmox cluster's nodes
+            "um560"
+            "gtr5"
+            "s500plus"
+
+            # others
+            "kana"
+          ]
+
+          pve_nodes | each {|it|
+            rsync -avz \
+            -e "ssh -i /etc/agenix/ssh-key-for-restic-backup"  \
+            $"($it):/var/lib/vz" $"/tmp/restic-backup-temp/($it)"
+          }
+        '
+      '';
+      # A script that must run after finishing the backup process.
+      backupCleanupCommand = "rm -rf /tmp/restic-backup-temp";
+
+      # Extra extended options to be passed to the restic --option flag.
+      # extraOptions = [];
+
+      # Extra arguments passed to restic backup.
+      # extraBackupArgs = [
+      #   "--exclude-file=/etc/agenix/restic-excludes"
+      # ];
+
+      # repository = "/mnt/backup-hdd"; # backup to a local directory
+      # When to run the backup. See {manpage}`systemd.timer(5)` for details.
+      timerConfig = {
+        OnCalendar = "01:30";
+        RandomizedDelaySec = "1h";
+      };
+      # A list of options (--keep-* et al.) for 'restic forget --prune',
+      # to automatically prune old snapshots.
+      # The 'forget' command is run *after* the 'backup' command, so
+      # keep that in mind when constructing the --keep-* options.
+      pruneOpts = [
+        "--keep-daily 3"
+        "--keep-weekly 3"
+        "--keep-monthly 3"
+        "--keep-yearly 3"
+      ];
+    };
+  };
+}