Compare commits
8 Commits
master
...
aws-to-bac
Author | SHA1 | Date |
---|---|---|
Illia Chub | 67c1e93cdb | |
Illia Chub | 33c1744ec0 | |
Illia Chub | 83f604739e | |
Illia Chub | fa756b2441 | |
Illia Chub | 64d12982be | |
Illia Chub | 24f2e83cf1 | |
Illia Chub | 4ab97f0318 | |
Illia Chub | 4db2ea3920 |
|
@ -3,33 +3,30 @@ let
|
||||||
cfg = config.services.userdata;
|
cfg = config.services.userdata;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.restic.backups = {
|
|
||||||
options = {
|
systemd = {
|
||||||
passwordFile = "/etc/restic/resticPasswd";
|
services = {
|
||||||
repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
|
"restic-backup" = {
|
||||||
initialize = true;
|
description = "Userdata restic backup trigger";
|
||||||
paths = [
|
serviceConfig = {
|
||||||
"/var/dkim"
|
Type = "simple";
|
||||||
"/var/vmail"
|
User = "restic";
|
||||||
];
|
ExecStart = "${pkgs.restic}/bin/restic -o rclone.args="serve restic --stdio" -r rclone:backblaze:${cfg.backblaze.bucket}:/sfbackup --verbose --json backup /var";
|
||||||
timerConfig = {
|
};
|
||||||
OnCalendar = [ "daily" ];
|
};
|
||||||
|
};
|
||||||
|
timers = {
|
||||||
|
"restic-scheduled-backup" = {
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
partOf = [ "restic-backup.service" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "daily";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
user = "restic";
|
|
||||||
pruneOpts = [
|
|
||||||
"--keep-daily 5"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
users.users.restic = {
|
users.users.restic = {
|
||||||
isNormalUser = false;
|
isNormalUser = false;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
};
|
};
|
||||||
environment.etc."restic/resticPasswd".text = ''
|
|
||||||
${cfg.resticPassword}
|
|
||||||
'';
|
|
||||||
environment.etc."restic/s3Passwd".text = ''
|
|
||||||
AWS_ACCESS_KEY_ID=${cfg.backblaze.accountId}
|
|
||||||
AWS_SECRET_ACCESS_KEY=${cfg.backblaze.accountKey}
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
29
files.nix
29
files.nix
|
@ -14,17 +14,24 @@ in
|
||||||
CLOUDFLARE_DNS_API_TOKEN=${cfg.cloudflare.apiKey}
|
CLOUDFLARE_DNS_API_TOKEN=${cfg.cloudflare.apiKey}
|
||||||
CLOUDFLARE_ZONE_API_TOKEN=${cfg.cloudflare.apiKey}
|
CLOUDFLARE_ZONE_API_TOKEN=${cfg.cloudflare.apiKey}
|
||||||
'';
|
'';
|
||||||
|
rcloneConfig = builtins.replaceStrings [ "\n" "\"" "\\" ] [ "\\n" "\\\"" "\\\\" ] ''
|
||||||
|
[backblaze]
|
||||||
|
type = b2
|
||||||
|
account = ${cfg.backblaze.accountId}
|
||||||
|
key = ${cfg.backblaze.accountKey}
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
[
|
[
|
||||||
"d /var/restic 0660 restic - - -"
|
(if cfg.bitwarden.enable then "d /var/lib/bitwarden 0777 bitwarden_rs bitwarden_rs -" else "")
|
||||||
"d /var/bitwarden 0777 bitwarden_rs bitwarden_rs -"
|
(if cfg.bitwarden.enable then "d /var/lib/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -" else "")
|
||||||
"d /var/bitwarden/backup 0777 bitwarden_rs bitwarden_rs -"
|
(if cfg.pleroma.enable then "d /var/lib/pleroma 0700 pleroma pleroma - -" else "")
|
||||||
"d /var/lib/pleroma 0600 pleroma pleroma - -"
|
"d /var/lib/restic 0600 restic - - -"
|
||||||
"f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -"
|
"f+ /var/lib/restic/pass 0400 restic - - ${resticPass}"
|
||||||
"f /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
|
"f+ /root/.config/rclone/rclone.conf 0400 root root - ${rcloneConfig}"
|
||||||
"f /var/restic/restic-repo-password 0660 restic - - ${resticPass}"
|
(if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
|
||||||
"f /var/nextcloud-db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}"
|
"f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
|
||||||
"f /var/nextcloud-admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}"
|
(if cfg.nextcloud.enable then "f+ /var/lib/nextcloud/db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}" else "")
|
||||||
"f /var/cloudflareCredentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
|
(if cfg.nextcloud.enable then "f+ /var/lib/nextcloud/admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}" else "")
|
||||||
|
"f+ /var/lib/cloudflare/Credentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
|
||||||
];
|
];
|
||||||
}
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
let
|
let
|
||||||
domain = config.services.userdata.domain;
|
domain = config.services.userdata.domain;
|
||||||
in
|
in
|
||||||
|
@ -11,6 +11,7 @@ in
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
clientMaxBodySize = "1024m";
|
clientMaxBodySize = "1024m";
|
||||||
|
sslProtocols = lib.mkForce "TLSv1.2 TLSv1.3";
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
|
|
Loading…
Reference in New Issue