wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

drone: add restic rest server

Browse source
This commit is contained in:
wo2wz 2025-11-22 22:33:43 -05:00
parent 3899927ced
commit 49a5d29b0a
4 changed files with 40 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/nixos/services/homeserver/restic/backups.nix
View file

@ -1,7 +1,10 @@
{ config, pkgs, lib, ... }:
{
sops.secrets."restic/password" = {};
sops.secrets = {
"restic/password" = {};
"restic/rest-auth.env" = {};
};
systemd.services = {
db-backup = {
@ -49,7 +52,8 @@
'';
initialize = true;
repository = "/mnt/external/backup/restic";
repository = "rest:http://localhost:8001/drone";
environmentFile = config.sops.secrets."restic/rest-auth.env".path;
passwordFile = config.sops.secrets."restic/password".path;
timerConfig = {
OnCalendar = "03:00";

1
modules/nixos/services/homeserver/restic/default.nix
View file

@ -3,5 +3,6 @@
{
imports = [
./backups.nix
./rest-server.nix
];
}

28
modules/nixos/services/homeserver/restic/rest-server.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, ... }:
{
sops.secrets."restic/rest-server/.htpasswd" = {
owner = "restic";
group = "restic";
};
services.caddy.virtualHosts."restic.taild5f7e6.ts.net".extraConfig =
assert config.services.caddy.enable;
''
import default-settings
bind tailscale/restic
reverse_proxy localhost:8001
'';
services.restic.server = {
enable = true;
dataDir = "/mnt/external/backup/restic";
listenAddress = "127.0.0.1:8001";
htpasswd-file = config.sops.secrets."restic/rest-server/.htpasswd".path;
privateRepos = true;
appendOnly = true;
};
}

7
secrets/drone.yaml
View file

@ -17,6 +17,9 @@ nextcloud:
adminpass: ENC[AES256_GCM,data:eSQQkhcXB4s9pnJ1hToGgyEr+rGlMIKHLsU0EemMOng=,iv:USq1winT7GPGVKwDjfF+cFs/dj395zgXyTVQ/x1KNS0=,tag:Me6MKsZwUc4sjZIPfZmk+A==,type:str]
restic:
password: ENC[AES256_GCM,data:sWFhBWXpYktef9Ajf5eDlOljcMmJur1PkKSalrmt9yXPYto117YMeI7zyXDZqlk9bDoqj28d8/pl2lP0itBpOZc+GoPZfDns+RyJUrP0S/0pV5gXA72/9g4Yqg9eSuXdeAbFYb9CnuHUi8+HJnIULPKOaqpwpwKaRsDAN5KVsAA=,iv:RCXcp0/cpT6WHM6v4zZtwD+w1epYp/JXvSWON8/Txyk=,tag:ffdQYuuIfuJQJGIXi1HaMw==,type:str]
rest-auth.env: ENC[AES256_GCM,data:MAJVkdiutkhY8MCLrg1EMumAblektgO85VQLD65McX/VYInYDihxwJOV21+SAJSaN/8vA/MqUEmzsrUb04hgvqPYjXIyyUYpDrE8us47eqjF3SoZJsf70Ukps0lv3+L3LViRSpKJ+2v2v7GenaA/jAk=,iv:5yzIiEpQ1jvl9SDu/MxsAl25PmxmmuPxjRAa+iEGJRU=,tag:9UBXGt0vXj3F0YndwkeQaw==,type:str]
rest-server:
.htpasswd: ENC[AES256_GCM,data:605u/QTk6j1s3Wn3Lg2M0BDhy4WbVFIZRYijhLeGmPHC2sZUY0Ngoq8bkr/Jf97Erh+CM4oqiHXA+Jct8Yq0ml6MMFKk0v602yHRxIEn5MOBETygUz889kJnNLGsXDHJeJFCX5J5qmlnj9DZ+93hNEQJAzEP2CvzH/JoHJA/bMrCGl0aZyExrxJi,iv:wuTER92WYPUGm0QNpfoOepZSGcOmq2M16Xa3RVJFYAo=,tag:qgLqtf41735ajBvlEBlJCw==,type:str]
vaultwarden:
secrets.env: ENC[AES256_GCM,data:bvAAiZ/MTqwHzaNFw8C23R4w2wg7v01yL/Oz3PLty6VRCgivwvySVShV3ijde/zW/N4d6dYlG76sCemlWi/79/UcIV8sZivnLZ124oYh2iuBMNv9cLrwG/PiPYO74lyq+WcIhIimnur4f/o5PbqoanDfVTru50v5+3ovwuK1MsjOaLGU,iv:rrDfCcmzl3vpr6JVoNU5rlxYfCCZi3hUzEX5IlEoThU=,tag:dSEY6NOxRggyd28pbvV30w==,type:str]
sops:
@ -30,7 +33,7 @@ sops:
N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P
RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-18T17:23:13Z"
mac: ENC[AES256_GCM,data:1+R7ctuEqovBsKdq7VyhTIVhEewbiFKqS7Cy9VYZtAdBJyvWRtEvAG3/OOr/zzkkswLHP90iE5HExDCrH/TBnSakJzqYeUxmEi84H0CGvnq4nxCs+0QYGIrlAiDqIOr1+ESpKFq+3VGJwb5mdzYVqeFXwIKE44+L4YvhtsXH3ys=,iv:LXJ31X5riqNm1XQuH/jIWuWl3Rts+PQyMxChPlx8S88=,tag:QGDnbzPaj4/hm5Rky0Soaw==,type:str]
lastmodified: "2025-11-23T02:32:16Z"
mac: ENC[AES256_GCM,data:lN8ZOO1V1bl4dP1J2qAHSwLGx6AlM9vXHvHZ7BNHtdqWqf+H4ufOQV1TAfviyfG7fFbNbHov4NO2Oukr5ynfnjrgjcNtJgApgIEFgttyoJlW3oULNTo5N9b+15T7fSeOZj+utKlISh/K2Yagt+36ZM4ND6LN/T9+AlODFXYPENA=,iv:eBgMfO/1gPfLSerO0JlBJdhFb5GVuDbbWIVb8goIb7I=,tag:QyUxt9iprJNYxZk9WTDH4g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0