WIP: Automatic backblaze backups #9
|
@ -4,13 +4,19 @@ let
|
|||
in
|
||||
{
|
||||
services.restic.backups = {
|
||||
options = {
|
||||
passwordFile = "/etc/restic/resticPasswd";
|
||||
repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
|
||||
varBackup = {
|
||||
passwordFile = "/var/lib/restic/pass";
|
||||
repository = "rclone:${cfg.backblaze.bucket}:/sfbackup";
|
||||
extraOptions = [ "rclone.args='serve restic --stdio'" ];
|
||||
rcloneConfig = {
|
||||
type = "b2";
|
||||
account = cfg.backblaze.accountId;
|
||||
key = cfg.backblaze.accountKey;
|
||||
hard_delete = false;
|
||||
};
|
||||
initialize = true;
|
||||
paths = [
|
||||
"/var/dkim"
|
||||
"/var/vmail"
|
||||
"/var"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = [ "daily" ];
|
||||
|
@ -25,11 +31,4 @@ in
|
|||
isNormalUser = false;
|
||||
isSystemUser = true;
|
||||
};
|
||||
environment.etc."restic/resticPasswd".text = ''
|
||||
${cfg.resticPassword}
|
||||
'';
|
||||
environment.etc."restic/s3Passwd".text = ''
|
||||
AWS_ACCESS_KEY_ID=${cfg.backblaze.accountId}
|
||||
AWS_SECRET_ACCESS_KEY=${cfg.backblaze.accountKey}
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -25,7 +25,8 @@ in
|
|||
(if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 bitwarden_rs bitwarden_rs -" else "")
|
||||
(if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -" else "")
|
||||
(if cfg.pleroma.enable then "d /var/lib/pleroma 0700 pleroma pleroma - -" else "")
|
||||
"d /var/lib/restic 0600 restic - - -"
|
||||
"d /var 0755 root shared - -"
|
||||
"d /var/lib/restic 0700 restic - - -"
|
||||
"f+ /var/lib/restic/pass 0400 restic - - ${resticPass}"
|
||||
"f+ /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
|
||||
(if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
|
||||
|
|
Loading…
Reference in New Issue