defiant: Fix nfs-client, replace borg with restic

2024-10-05 10:53:54 +02:00
parent 6de16fb116
commit b17ff565c3
5 changed files with 63 additions and 73 deletions
--- a/hosts/defiant/backup.nix
+++ b/hosts/defiant/backup.nix
@@ -1,62 +1,30 @@
 { config, pkgs, lib, ... }:
 {
-  services.borgbackup.jobs =
-    let
-      borgJob = name: {
-        environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
-        environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
-        repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
-        compression = "auto,zstd";
-      };
-    in {
-      postgresDaily = borgJob "postgres::daily" // {
-        paths = "/data/backup/postgresql";
-        startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
-        extraInitArgs = "--storage-quota 10G";
-        encryption = {
-          mode = "repokey-blake2";
-          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
-        };
-      };
-
-      postgresWeekly = borgJob "postgres::weekly" // {
-        paths = "/data/backup/postgresql";
-        startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
-        extraInitArgs = "--storage-quota 10G";
-        encryption = {
-          mode = "repokey-blake2";
-          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
-        };
-      };
-
-      gitea = borgJob "gitea::weekly" // {
-        paths = "/tank/services/gitea";
-        startAt = "Mon *-*-* 05:15:00";
-        extraInitArgs = "--storage-quota 20G";
-        encryption = {
-          mode = "repokey-blake2";
-          passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
-        };
-      };
-
-      minecraft = borgJob "minecraft::weekly" // {
-        paths = "/var/lib/minecraft-wack";
-        startAt = "weekly";
-        extraInitArgs = "--storage-quota 20G";
-        encryption.mode = "none";
-
-        preHook = ''
-          ${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
-        '';
-
-        postHook = ''
-          ${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
-        '';
-      };
-
+  services.restic.backups = let
+    localJob = name: paths: {
+      inherit paths;
+      repository = "/mnt/feal-syn1/backup/defiant/${name}";
+      passwordFile = config.sops.secrets."restic/${name}".path;
+      initialize = true;
+      pruneOpts = [
+        "--keep-daily 3"
+        "--keep-weekly 4"
+        "--keep-monthly 3"
+      ];
+    };
+  in {
+    postgres = (localJob "postgres" [ "/tank/backup/postgresql" ]) // {
+      timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
    };

-  # TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
-  sops.secrets."borg/postgres" = { };
-  sops.secrets."borg/gitea" = { };
+    gitea = (localJob "gitea" [ "/tank/services/gitea" ]);
+    matrix-synapse = (localJob "matrix-synapse" [ "/var/lib/matrix-synapse" ]);
+    vaultwarden = (localJob "vaultwarden" [ "/var/lib/bitwarden_rs" ]);
+  };
+
+  # TODO: home-assistant, pihole
+  sops.secrets."restic/postgres" = { };
+  sops.secrets."restic/gitea" = { };
+  sops.secrets."restic/matrix-synapse" = { };
+  sops.secrets."restic/vaultwarden" = { };
 }