setup backup on titan and nix fmt
This commit is contained in:
parent
d428cd2377
commit
a372071b70
9 changed files with 127 additions and 24 deletions
11
.sops.yaml
11
.sops.yaml
|
|
@ -14,11 +14,17 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *chunk
|
- *chunk
|
||||||
- *cy
|
- *cy
|
||||||
|
- path_regex: secrets/de3911/titan.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *titan
|
||||||
|
- *cy
|
||||||
- path_regex: secrets/services/ntfy.yaml
|
- path_regex: secrets/services/ntfy.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *chunk
|
- *chunk
|
||||||
- *yt
|
- *yt
|
||||||
|
- *titan
|
||||||
- *cy
|
- *cy
|
||||||
- path_regex: secrets/restic/yt.yaml
|
- path_regex: secrets/restic/yt.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
|
|
@ -35,6 +41,11 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *chunk
|
- *chunk
|
||||||
- *cy
|
- *cy
|
||||||
|
- path_regex: secrets/borg/titan.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *titan
|
||||||
|
- *cy
|
||||||
- path_regex: secrets/wireguard/yt.yaml
|
- path_regex: secrets/wireguard/yt.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
inputs,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
|
@ -26,10 +25,6 @@
|
||||||
./conduit.nix
|
./conduit.nix
|
||||||
./immich.nix
|
./immich.nix
|
||||||
./element.nix
|
./element.nix
|
||||||
{
|
|
||||||
disabledModules = [ "services/backup/borgbackup.nix" ];
|
|
||||||
}
|
|
||||||
(inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix")
|
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
|
|
|
||||||
17
hosts/titan/backup.nix
Normal file
17
hosts/titan/backup.nix
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
my.backup = {
|
||||||
|
enable = true;
|
||||||
|
jobName = "titanRsync";
|
||||||
|
exclude = [
|
||||||
|
# podman stuff
|
||||||
|
"/var/lib/containers"
|
||||||
|
];
|
||||||
|
repo = "titan";
|
||||||
|
passFile = config.sops.secrets."borg/rsyncnet".path;
|
||||||
|
sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -15,6 +15,7 @@
|
||||||
./ghost.nix
|
./ghost.nix
|
||||||
./ntfy.nix
|
./ntfy.nix
|
||||||
./uptime-kuma.nix
|
./uptime-kuma.nix
|
||||||
|
./backup.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
|
|
@ -22,6 +23,15 @@
|
||||||
"caddy/env" = {
|
"caddy/env" = {
|
||||||
sopsFile = ../../secrets/services/caddy.yaml;
|
sopsFile = ../../secrets/services/caddy.yaml;
|
||||||
};
|
};
|
||||||
|
"services/ntfy" = {
|
||||||
|
sopsFile = ../../secrets/services/ntfy.yaml;
|
||||||
|
};
|
||||||
|
"borg/rsyncnet" = {
|
||||||
|
sopsFile = ../../secrets/borg/titan.yaml;
|
||||||
|
};
|
||||||
|
"rsyncnet/id_ed25519" = {
|
||||||
|
sopsFile = ../../secrets/de3911/titan.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
{...}: {
|
{ ... }:
|
||||||
|
{
|
||||||
# data stored at /var/lib/uptime-kuma/ but does not expose
|
# data stored at /var/lib/uptime-kuma/ but does not expose
|
||||||
# an option to change it
|
# an option to change it
|
||||||
services.uptime-kuma = {
|
services.uptime-kuma = {
|
||||||
|
|
|
||||||
|
|
@ -11,11 +11,9 @@
|
||||||
../yt.nix
|
../yt.nix
|
||||||
{
|
{
|
||||||
disabledModules = [
|
disabledModules = [
|
||||||
"services/backup/borgbackup.nix"
|
|
||||||
"services/backup/btrbk.nix"
|
"services/backup/btrbk.nix"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
(inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix")
|
|
||||||
(inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix")
|
(inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
31
secrets/borg/titan.yaml
Normal file
31
secrets/borg/titan.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
borg:
|
||||||
|
rsyncnet: ENC[AES256_GCM,data:HZhY3xqkiq/W7W6mvbqlInvZQfsk+vMPLdcB0gu9bzMuAM7uTCXE5g==,iv:pcvOvIScpPhnPtZr6NlhSAuEUTBBjJ4mFg/FdU8Qto0=,tag:nnY9hSzRrMl6C5GFUOhRVQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYnRxVGFVSVdGMDZKUWRB
|
||||||
|
cC9tdDk4bHhVbXdOYi9SeXhySHZNNWZqTVRBCnEzR2x1T2NzcnRPQjJ1V3JzR1RI
|
||||||
|
RmppZExIUmdaa3hhek5SL2xzTTZwM0EKLS0tIHFPTDRKblhnNjhtQmtSSlVQMitG
|
||||||
|
NFZnQ1U1SHYxT1Q5SUFmWGJ4NDFNcVEKj1g94nn05yd9gXgYM3kx7SOwt973KOO/
|
||||||
|
2Q+nNiR2DG+H7IqKjPfx45bXe0if+ZAulTVAsjcZK5ZB8TiPVXDrjQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXU2hlaTJQYVpNczRROHZt
|
||||||
|
WCt1T1VaMDJUNVhrNVJ0N0tUTnBvRzBmdVJvCkF4K1hMVnR1NCt5Nmg0QXMvcUdl
|
||||||
|
NnhqU0p5VitOL0Qvay9TZXZwUVhRTkUKLS0tIElBYnp1UWxLSjhQcTNOZFUyV3Np
|
||||||
|
djVSenB6d0NmelhmSzJKcllMbG1IUUEKSIyK9pMjvLqTTZS617r3o5CFdGFPz0RJ
|
||||||
|
3YCVt+tBFrVGfRaE+Xvkv5gRYp+p36OlrNpxjX+Ay9GHi4q8OlmIJQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-12-31T04:00:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:sDUD9aSp+s70ZgsN8QMsh3sKinrxuBGK48XcNaKzStnIXtVIkO45c3svCCNjFgh687qVdoCUdIttmf8nP+XvEo6BbXpW3VHfcRZgap2KodjhOTRwh8sBEqr9glPQeecQpHJ/D2U1igbZlYpK+2FaECkkg+troyPbvxrPKJ8hWgw=,iv:UBLhUgykn3tBLmdBFVEjsamtb+IsdKG+FxWeEumyap0=,tag:gE/VO+3/Audipume+xcN2g==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
||||||
31
secrets/de3911/titan.yaml
Normal file
31
secrets/de3911/titan.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
rsyncnet:
|
||||||
|
id_ed25519: ENC[AES256_GCM,data:uqd95tSWgSUwZxQAtMrKE3ISjSsb+4ZAUH7VlP7bGWMjZYPqZG0/cckMEocBaGXpjMrH1o5HjkNNmOsCBl6Lz1Vfk6drPyZbRlw9+G7K6zLeAI92gD3xnpaIkzClxGxO4GvumrcSgi1dtvh+N7X1sf5W+ByHrAtGM32G8IDKZwO1j64xSUMikwXeMV938oFUGYddKR9PcdYOf70XRPq9TZyiuYxgISRUIQFywtzKxPgUljDPUeEbU+VqIArUPBUh3Rfe0yea35ef4MT+y9rYc49OUk+06YdUvFEIClDXW9uahRFAHaLn76tDDrsL0O58LTIeG/bxiXGzmoYCiwpbUbEaYFhpZyKW3Lns7VQHwgkA+Sg71GvgibCbvbUV77Fe7e16pfutXErvIspomLssA57HGSU1MqSzwgYTAs4phvd39lj2JF3b8JdEpgmxjxUmnCkTtXOPa5StmVNfVVoRZPlq5Squtc4h7F2FVYsEWD2ZsC4EuJiLVqx3N2Z1I/AsaN4eBrjkRnVDICqYL5Ve,iv:+CF3+mB3s4TR0vNk/29mHpDSh/dGLgC76/sxBA1sie0=,tag:z4UrxxSkQMx11TeJjhxMgg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsV3VmSko4dmtwcDFDaTUx
|
||||||
|
NWloOVNmQ09vSWhPN096NmpOclg3M3BxcEZJCm85K3dqS0NNdUdmMHpldzN6THRn
|
||||||
|
REZnSjdYSkNYVHdTandZd3RsdW9SV2MKLS0tIDNPZHdOekFQRXdmT0VDWjFOaDJu
|
||||||
|
MTdxOTlNR1BrNFlPVlFiaGJPNGhhcUEK1BD5VQ0nDMUhOp1qatZDrkK9rYJ/Y3Xa
|
||||||
|
KBEKkzm/DfyVbRzAolXKGesTp14Vyofv9PcZeulN7jLDQZByKTjPsQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvSk5sN29mS1JEN05pN1pJ
|
||||||
|
WmNybGEzRkNVRHFDU1p2dWVqbUFoZ1QxRHpvCnN3WnVJeXVpSE1reFNueGNKWVVM
|
||||||
|
d3hjbXZJL0lBYXUxYldQSk5GckhvRWMKLS0tIHJhUU43MjZHdFVtT2FjOTcrK0xT
|
||||||
|
RlhIYmhESXc2Y2RzY01IWnRKMG94bHMKTPc6w/7rIBNEHKEZQAXSPXW8cuA5PQhL
|
||||||
|
CEi7M5W5LGb/z0/Ml2YT8nir2pxDqmzLiiIueh5NkJjOASUMnG+5QQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-12-31T03:50:19Z"
|
||||||
|
mac: ENC[AES256_GCM,data:3MQkrPbpOt0hFmDZjuJEYgA30b3tGZsSi1dpKqTFZqjX7N2w+GOJ8ZgE69zUiab3hqzwcVo8heDGl5vHbdKfpOur2vJToVFmwxrKU7Gj8nI+4gPGic8EVTgJ3zh4dEgMZOh9Id27WgcDhr6iwbZFLSttknU6BGXlDwm5Q0VNtLY=,iv:Dsrm1SaE/sHgWwaI9MkLCRUApFRbFQ+0yGkGNrclX+Y=,tag:5Kmh8kwJ2Dvh3tO7ShzCcw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
||||||
|
|
@ -9,29 +9,38 @@ sops:
|
||||||
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
|
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSQmhTWEdOQWV1N1V4bnND
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUM2JSNVkwT2ZlY3l6RHZ5
|
||||||
ZFRoQkRtWTE1cm9iZExNdVFBTlArR0l6QlN3CmRsN3hjL3JsT2ZkczFuMTAvaWRZ
|
V1hvUDE4TmR2YjRSU25mSWdzaUNlanZ1SDBzClY2Z0M4ek5reE5yb3VhZUhIdktT
|
||||||
dGdwby92aEpDQjVUUmlqWXNWQzFrbTgKLS0tIHZIN1QzcjBFclI2ZUVkUEgrcjlv
|
bk00bTM4UXZHeVk3YWpvZEVXbTQrQnMKLS0tIDdWbFlhd3UvVmlZRy9lR1Zpaldl
|
||||||
WW9rVVQzbEczVk5CV0ZRSm4rVUxiZ2MKUAA1Vqnv0kpOub2D+XAjEV+5ymm32TZM
|
cm9ZMjd1OCtkVFp6WEVTWkliTzFXNmMKoJr6VPQoQZISQ9XfOq6hPYiDPT969CkV
|
||||||
RpPRF+/e487dyqGscFQUQHhzIZIRPLAawR4hHd/iZC8y/UT86GlpJg==
|
U/Th9OOlCdA8bduxAmimrnYXhSF7phQHJANIWwyEZ4zDryHJ9lZg8w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
|
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc1RySDUrc2s5K2svMFk4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoVFp4ZTI2eWU3czVHRWxs
|
||||||
dEtXM1JXbU9oRjVCbmZCT3RBdWVRK1lhNEV3CkVrRmNvRkxQYmZxZ0N6dFpUbjJZ
|
NjNaOGc1alNoOE16WHdvbkhNeFJJUS9rZlE0ClpSUVRuREZiM1llajVPSm8reUh3
|
||||||
SDJOUVI1ZFdOdkQ0SGlJMVBqd3ErNnMKLS0tIERqbldPL2ZlaTlZR0FySGExMzQ0
|
cHdFaDhaL2xpNXFLNnB2MDVJWXp6Z0EKLS0tIDBDdHJUdVRTRVFWazltTmJwT0dr
|
||||||
NERIQ1VUNnMzdVhFMTZEVmdFR2FSMkkKiaFOXw6wXsxwUZRn/zDV2MKelJZUk8Wi
|
dXNIRUFPNmFhN1BuMVhJR01CUjhqTTQKrdRUnyrcIB/WTFkIwYaFAKKO3DnqwtTr
|
||||||
1iISfgO5FVl3ix1NhTD5awbtHaAZt4cfjStYD6R0sb5JUQW+WsoHiQ==
|
4Mf1t2MKZw8PGWDDPKH6NL6LODcYq8g49cuvhJNKvoUhuujfisO6xg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12w2xgh4nxhrrggrtcnu75wgukqnayzhfd2azkhukl6u8xqxsqvtsa4lmhl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMeXFrcXZVc21KQWpxSU1v
|
||||||
|
RkxkdXV2SnV0RTZIQzFEczZkNklTa1NmaUhjCmVqVDJTR2VDcFBSOXV6dUxhUC83
|
||||||
|
RDYrejRPYncvWWhLaGdwZU02RmRxTVkKLS0tIDVLWE9WVDBPS0p6STZ6czlDbC91
|
||||||
|
Q3JDM2RDczUzdXpPZEhoTW9Jd0JxSG8KQFNZXOgHxDXeNdwArod74Dfc2IXOrz3S
|
||||||
|
Fiw/HVhQdwvjDSui9hUxpZuF94AKHRmVsKZvO3kvBhI6GWpW8wmk/A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVZzNEtBUTZkbUZ2eFBF
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZDZhcVJnVFY2U2NSZlJK
|
||||||
Wm9Ic3dleW94U0xTRUs5VmtvRjFydVZhOFc0CkgrYWxuTW9obUlwVmhsYWx5dmYy
|
bC8wdTJ2eFlJY1lBRmsxbmgzQkVMZjUwOVJBCm1PdEJiWXJJeXdPbEVOQ0F2cVJL
|
||||||
Z0tLYUlKTDI0UTh5bWtnSU52YlBoTEkKLS0tIGVwTW5ER09OaTRUM2tBT09WcTg0
|
RGMxOTlLY0pVMWtYTkJBZ1VoOGxrOWsKLS0tIGZ4RnlmV2l4TFBITDY4VWU5TFJ4
|
||||||
NnBSNFQ4ZGRMcHlPdUZzOFJHV3Z4OGcKOiZq+DmEFVyt+9Z7uMJqx8AD8QvOejCb
|
NkU1QWl6R3M3by9jVTBXSm5kd3BEOFkKacXasnAVwlctfPu4j6IVeCW7jCWS124S
|
||||||
bFBndq9UffyxLflzuxMRpKiRJ3BSVGu6/YXAdXvfLaXNBcLBQdsR8Q==
|
kMTxU0BLxQjoh6+Xw/BXQ6nk+cQBEFjN022UpItlC5ty2P5jcjos1g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-17T03:08:24Z"
|
lastmodified: "2024-12-17T03:08:24Z"
|
||||||
mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str]
|
mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str]
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue