cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

restic backup to azure archive on master

Browse source
This commit is contained in:
Cy Pokhrel 2024-11-24 03:53:24 -05:00
parent 52b944cc90
commit 55a46df583
No known key found for this signature in database
GPG key ID: 1200FBE36C2ADE2E
2 changed files with 87 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

60
nix/configuration.nix
View file

@ -9,7 +9,11 @@
sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFile = ./secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml"; sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
sops.secrets."borg/yt" = { }; sops.secrets = {
"borg/yt" = { };
"restic/azure-yt" = { };
"azure" = { };
};
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -32,9 +36,23 @@
}; };
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
pulse.enable = true; pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
services.pipewire.wireplumber.extraConfig.bluetoothEnhancements = {
"wireplumber.settings" = {
"bluetooth.autoswitch-to-headset-profile" = false;
};
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [ "a2dp_sink" "a2dp_source" ];
};
}; };
services.libinput.enable = true; services.libinput.enable = true;
@ -67,6 +85,7 @@
signal-desktop signal-desktop
cosign cosign
azure-cli azure-cli
pavucontrol
]; ];
}; };
@ -105,6 +124,7 @@
wireguard-tools wireguard-tools
traceroute traceroute
sops sops
restic
]; ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
@ -139,8 +159,7 @@
# withUWSM = true; # withUWSM = true;
}; };
services.borgbackup.jobs = { services.borgbackup.jobs.ytnixRsync = {
ytnixRsync = {
paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ]; paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ];
exclude = [ exclude = [
".git" ".git"
@ -170,7 +189,39 @@
# warnings are often not that serious # warnings are often not that serious
failOnWarnings = false; failOnWarnings = false;
}; };
services.restic.backups.ytazure = {
paths = [ "/root" "/home" "/var/lib" "/opt" "/etc" ];
exclude = [
".git"
"**/.cache"
"**/node_modules"
"**/cache"
"**/Cache"
"/var/lib/docker"
"/home/**/Downloads"
"**/.steam"
"**/.rustup"
"**/.docker"
"**/borg"
];
passwordFile = "/run/secrets/restic/azure-yt";
environmentFile = "/run/secrets/azure";
repository = "azure:yt-backup:/";
extraOptions = [
"azure.access-tier=Archive"
];
package = pkgs.restic.overrideAttrs {
src = pkgs.fetchFromGitHub {
owner = "restic";
repo = "restic";
rev = "1133498ef80762608f959df41d303f7246fff04f";
hash = "sha256-RmCEZ5T99uNNDwrQ3CofXBf4UzNjelVzyZyvx5aZO0A=";
}; };
vendorHash = "sha256-TstuI6KgAFEQH90PCZMN6s4dUab2GyPKqOtqMfIV8wA=";
};
};
services.btrbk.instances.local.settings = { services.btrbk.instances.local.settings = {
snapshot_preserve = "14d"; snapshot_preserve = "14d";
snapshot_preserve_min = "2d"; snapshot_preserve_min = "2d";
@ -214,9 +265,8 @@
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
networking.wg-quick.interfaces.wgnord.configFile = "/etc/wireguard/wgnord.conf"; # https-dns-proxy doesn't work without this :(
services.resolved.enable = true; services.resolved.enable = true;
services.https-dns-proxy = { services.https-dns-proxy = {
enable = true; enable = true;
provider = { provider = {

7
nix/secrets/secrets.yaml
View file

@ -1,5 +1,8 @@
borg: borg:
yt: ENC[AES256_GCM,data:CGcdcA9LnDDlTYJwsT25uY9h70yJtKhxgA==,iv:F25VTezkd4RQd7BZ3DD39hPiPj+Z3H01IgPhCGUQ5aM=,tag:mxLPXR/ffBXkByk1R1PYvQ==,type:str] yt: ENC[AES256_GCM,data:CGcdcA9LnDDlTYJwsT25uY9h70yJtKhxgA==,iv:F25VTezkd4RQd7BZ3DD39hPiPj+Z3H01IgPhCGUQ5aM=,tag:mxLPXR/ffBXkByk1R1PYvQ==,type:str]
restic:
azure-yt: ENC[AES256_GCM,data:s8TJ5cNVW2Jr7kyul8mrBGwdLoTlNTb2MfpZgPU=,iv:sC0DbgFbFl6vvLqwOFDwRa3nabrIWxOTuz7GXn17IHk=,tag:2MYprYgNhh1aFlzuyw5eGQ==,type:str]
azure: ENC[AES256_GCM,data:UdHmasRElCFC66dxnnGTOw6vgOzrOIMiSLsczK0Qew2WBdZUKVnRTfSCxQrB7P8k+j3N2CDt5Y4GXvf9GVFrWCMOInOqYXcyycGXsdli2DbqpXTa3f13ykvc/aoKyw3YuFQdrNci3Kae9PYZ4v5f7fH8n4WgOKuYj3mO9k7WHxM1JBzYRRZP41Jghnb9SqVhl9UXVPI5ONBd6JI/FiezSMZPYC2FxNgQ7zHUQJ7qQ6aJTgRljslJK9I=,iv:bRoYEA1hbEXRG7PoU7Dfba9uRu3cAqfeuvSIfavZZ8M=,tag:cHXUe/njZNoG6EuHYYz0Yg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,8 +18,8 @@ sops:
a1MwYjB0Tm03bzJnWTdoZ01KbXBPUkUKUr6hOsdZDJK6bFyEnBf4Vkms8EJsIvZY a1MwYjB0Tm03bzJnWTdoZ01KbXBPUkUKUr6hOsdZDJK6bFyEnBf4Vkms8EJsIvZY
ML481g9d9Vlm5x7X74nUcWemFSzttSdWEM3Y/IOHpXDbvC/Tbw+z7Q== ML481g9d9Vlm5x7X74nUcWemFSzttSdWEM3Y/IOHpXDbvC/Tbw+z7Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-24T02:00:55Z" lastmodified: "2024-11-24T08:24:07Z"
mac: ENC[AES256_GCM,data:d8CY4QNU0O2pqTsNZgikJpCkm/jGgvu0lyBfmKoYmlQpHHIeWag9cT3n5/8UKnrcdgiLzCu26j0D6RiqolvpS/qtTz953kjSXiu3mclk9uuRurvzxxA31IacuiOeDRiln7dephRXxzzYvNiq5HtyAIEBxoIni5BCLFepBtGhB8U=,iv:b7Z6jFuXdhHJSuz6mJtB0f1hfo41UcNsXi+XwWUR10M=,tag:2Bdv9m4eoWZAt5Q/Fmf6Rw==,type:str] mac: ENC[AES256_GCM,data:W9K3+AERYBzRU0gvy50MbRULXGNyM6iujxdonSNbkoyoO6IBoGkMF+509jvoxrVFjEdiy7OZnj86O8XwAQDH3MLYSxpaUiJyQ8W3oQLdeJSk+cWVmBGSO5nXSjMGjU0jzKs2SH8SZKJXyOdDd3tmVTxTLk9u43fAi3AB4Iq/c8Q=,iv:5ETuAuMNpbxNYJLSLQ/J7A4Ov+laTkfNtNy8f5HSi0Y=,tag:1Dnnx5jv6v9ok7T59FX26w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1