wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

gutterman: add restic backups to minecraft

Browse source
This commit is contained in:
wo2wz 2025-11-22 23:40:47 -05:00
parent 49a5d29b0a
commit 91a0bb384a
6 changed files with 72 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -1,8 +1,13 @@
keys: keys:
- &drone age19ey5xs9gxy0738tcp2a66zcye2cxj6suhcwa6y39x3w0sdvyr5tsxp0rlj - &drone age19ey5xs9gxy0738tcp2a66zcye2cxj6suhcwa6y39x3w0sdvyr5tsxp0rlj
- &gutterman age1t3n08lsemjmflt8nw2je4cr62g8e6evpxsakhcgtzhgp6rmn7u6s29lnpa
creation_rules: creation_rules:
- path_regex: secrets/.+\.yaml$ - path_regex: secrets/drone\.yaml$
key_groups: key_groups:
- age: - age:
- *drone - *drone
- path_regex: secrets/gutterman\.yaml$
key_groups:
- age:
- *gutterman

4
hosts/Gutterman/default.nix
View file

@ -11,7 +11,9 @@
../../modules/nixos/services/tailscale ../../modules/nixos/services/tailscale
../../modules/nixos/services/tailscale/exit-node/server.nix ../../modules/nixos/services/tailscale/exit-node/server.nix
../../modules/nixos/services/gameserver/minecraft-server.nix ../../modules/nixos/services/gameserver
../../modules/nixos/services/restic.nix
../../modules/nixos/services/sops.nix
../../modules/nixos/system/headless.nix ../../modules/nixos/system/headless.nix
../../modules/nixos/system/minimal.nix ../../modules/nixos/system/minimal.nix

9
modules/nixos/services/gameserver/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }:
{
imports = [
./minecraft-server.nix
./restic.nix
./sops.nix
];
}

31
modules/nixos/services/gameserver/restic.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, pkgs, ... }:
{
sops.secrets = {
"restic/password" = {};
"restic/rest-auth.env" = {};
};
services.restic.backups.gameservers =
assert config.users.users.restic-backup != null;
{
user = "restic-backup";
package = pkgs.writeShellScriptBin "restic" ''
exec /run/wrappers/bin/restic "$@"
'';
initialize = true;
repository = "rest:https://restic.taild5f7e6.ts.net/gutterman/gameservers";
environmentFile = config.sops.secrets."restic/rest-auth.env".path;
passwordFile = config.sops.secrets."restic/password".path;
timerConfig = {
OnCalendar = "03:00";
Persistent = true;
};
paths = [
"/var/lib/minecraft"
];
exclude = [ ".*" ];
};
}

5
modules/nixos/services/gameserver/sops.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }:
{
sops.defaultSopsFile = "/etc/nixos/secrets/gutterman.yaml";
}

18
secrets/gutterman.yaml Normal file
View file

@ -0,0 +1,18 @@
restic:
password: ENC[AES256_GCM,data:XQHv85l9cRNmJVknIhNuj7+o5oRvot7rtKdtXY0xO58=,iv:mwV373WSqMxh6ATYPnl4Qcxdim0uCVj/ooXFsturY9c=,tag:a/wCIsMQPVq5+jPf2QVZVA==,type:str]
rest-auth.env: ENC[AES256_GCM,data:O6ujHcZuN2qi4oDknqjNKXtWIil2AIgkeNqhTDWr2XfKxVKeiNEz8cW0a5gXXmqicS0+KHwv32fITN6mA2t4hgJgFItMkAj9dVrnhTFX9UmrV+6qIGZVg+e1L6ZBdFxYJcrughepfvMVT01lG/DU1TJ/aDbK,iv:683BKhhcJOfKR4zu50fGit01bAChooCjt0zpcyJzmAQ=,tag:3ymmH4PU9+Q+J3TmJgZ2YA==,type:str]
sops:
age:
- recipient: age1t3n08lsemjmflt8nw2je4cr62g8e6evpxsakhcgtzhgp6rmn7u6s29lnpa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YzZGa09sWlBEVUJMcHpL
Wi9zbHREOTNoTndSU2s3RVhJQi9KN1ZMMTFFCk4zUHpHcThlYmthQmdmOVRPYlo2
Wkc4RHQ0ZVB5aVVvRUpGei9YVW1RV0kKLS0tIHNpY2p6a21FbUxtT1VZNHVmdW9Z
UFR2UTJWSHJGcGFIV25Wb1B5U1ZCalkKapZc3gwAVsVyStau64dSYuperbTvw73c
EKfjlFriowQ6V5MUewoV1OaXx4SW2ExzccnhMXE6UdpoDGRZkNGk6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-23T02:29:47Z"
mac: ENC[AES256_GCM,data:NRcaylRx2paVuCO5IahZzgfnwghOZLC2GeIkZDqj9427Een1aopQU0BuQsoiwZWWC1o0ZSN9KkOTnR+2ExVFcJfzqx3n6pguHZ7pCs23OdnQK8hvs0aVn1obrkWGo4jWDCVUQT859J5QGbKxVCJ03dhkFLRknH3+09IcBZUQG2Y=,iv:IwGiSqyttNYWUSKwd/FYvpcXcbqvtRkRfoKtkNtMtk8=,tag:JDGfrvgfxiFCzlL78WdNlQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0