2022-11-04 19:35:57 +01:00
|
|
|
{ custom }: { config, pkgs, ... }:
|
2022-01-27 19:32:05 +01:00
|
|
|
let
|
2022-11-10 00:11:55 +01:00
|
|
|
repository = "/var/lib/restic-server";
|
2022-01-27 19:32:05 +01:00
|
|
|
in
|
|
|
|
{
|
2022-11-04 19:35:57 +01:00
|
|
|
age.secrets.resticKey.file = "${custom.inputs.self}/scrts/restic.key.age";
|
2022-11-04 16:49:46 +01:00
|
|
|
|
2022-01-29 14:04:24 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
restic
|
|
|
|
];
|
|
|
|
|
2022-06-07 23:50:33 +02:00
|
|
|
fileSystems."${repository}" = {
|
2022-01-29 14:04:24 +01:00
|
|
|
device = "10.7.89.108:restic-server";
|
|
|
|
fsType = "nfs";
|
2022-06-14 20:44:21 +02:00
|
|
|
options = [ "noatime" "hard" "nfsvers=4.0" ];
|
2022-01-29 14:04:24 +01:00
|
|
|
};
|
2022-01-27 19:32:05 +01:00
|
|
|
services.restic.server = {
|
|
|
|
enable = true;
|
|
|
|
dataDir = repository;
|
|
|
|
extraFlags = [ "--no-auth" ];
|
|
|
|
};
|
2022-01-27 20:08:09 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [ 8000 ];
|
2022-02-28 15:10:58 +01:00
|
|
|
|
2022-02-28 17:16:23 +01:00
|
|
|
systemd.services.restic-prune = {
|
2022-02-28 17:33:18 +01:00
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
User = "restic";
|
|
|
|
};
|
2022-02-28 15:10:58 +01:00
|
|
|
script = ''
|
|
|
|
${pkgs.restic}/bin/restic \
|
|
|
|
--repo ${repository} \
|
2022-11-04 16:49:46 +01:00
|
|
|
--password-file ${config.age.secrets.resticKey.path} \
|
2022-02-28 16:23:03 +01:00
|
|
|
prune \
|
2022-02-28 15:10:58 +01:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-02-28 17:16:23 +01:00
|
|
|
systemd.timers.restic-prune = {
|
2022-02-28 15:10:58 +01:00
|
|
|
wantedBy = [ "timers.target" ];
|
2022-02-28 17:16:23 +01:00
|
|
|
partOf = [ "restic-prune.service" ];
|
2022-02-28 15:10:58 +01:00
|
|
|
timerConfig.OnCalendar = [ "*-*-* 12:00:00" ];
|
|
|
|
};
|
2022-01-27 19:32:05 +01:00
|
|
|
}
|