diff --git a/modules/nixos/services/homeserver/restic/backups.nix b/modules/nixos/services/homeserver/restic/backups.nix index 1c188fd..b59f2fa 100644 --- a/modules/nixos/services/homeserver/restic/backups.nix +++ b/modules/nixos/services/homeserver/restic/backups.nix @@ -4,12 +4,14 @@ sops.secrets = { "restic/password" = {}; "restic/rest-auth.env" = {}; + + "restic/rclone/onedrive" = {}; }; systemd.services = { db-backup = { - wantedBy = [ "restic-backups-main.service" ]; - before = [ "restic-backups-main.service" ]; + wantedBy = [ "restic-backups-main.service" "restic-backups-offsite.service" ]; + before = [ "restic-backups-main.service" "restic-backups-offsite.service" ]; script = '' DB_BACKUP_DIR=/var/backups/db-backup @@ -36,8 +38,8 @@ }; db-backup-cleanup = { - wantedBy = [ "restic-backups-main.service" ]; - after = [ "restic-backups-main.service" ]; + wantedBy = [ "restic-backups-main.service" "restic-backups-offsite.service" ]; + after = [ "restic-backups-main.service" "restic-backups-offsite.service" ]; script = "rm -r /var/backups/db-backup"; serviceConfig.Type = "oneshot"; }; @@ -83,6 +85,27 @@ ]; }; + services.restic.backups.offsite = { + user = "restic-backup"; + package = pkgs.writeShellScriptBin "restic" '' + exec /run/wrappers/bin/restic "$@" + ''; + + passwordFile = config.sops.secrets."restic/password".path; + timerConfig = { + OnCalendar = "03:05"; + Persistent = true; + }; + + repository = "rclone:remote:restic/drone"; + initialize = true; + rcloneConfigFile = config.sops.secrets."restic/rclone/onedrive".path; + rcloneOptions = { temp-dir = "/tmp"; }; + + paths = config.services.restic.backups.main.paths; + exclude = config.services.restic.backups.main.exclude; + }; + services.restic.backups.syncthing = { user = "restic-backup"; package = pkgs.writeShellScriptBin "restic" '' @@ -92,7 +115,7 @@ environmentFile = config.sops.secrets."restic/rest-auth.env".path; passwordFile = config.sops.secrets."restic/password".path; timerConfig = { - OnCalendar = "03:05"; + OnCalendar = "03:10"; Persistent = true; }; diff --git a/secrets/drone.yaml b/secrets/drone.yaml index cf42338..ff5f1b2 100755 --- a/secrets/drone.yaml +++ b/secrets/drone.yaml @@ -25,6 +25,8 @@ restic: rest-auth.env: ENC[AES256_GCM,data:MAJVkdiutkhY8MCLrg1EMumAblektgO85VQLD65McX/VYInYDihxwJOV21+SAJSaN/8vA/MqUEmzsrUb04hgvqPYjXIyyUYpDrE8us47eqjF3SoZJsf70Ukps0lv3+L3LViRSpKJ+2v2v7GenaA/jAk=,iv:5yzIiEpQ1jvl9SDu/MxsAl25PmxmmuPxjRAa+iEGJRU=,tag:9UBXGt0vXj3F0YndwkeQaw==,type:str] rest-server: .htpasswd: ENC[AES256_GCM,data:605u/QTk6j1s3Wn3Lg2M0BDhy4WbVFIZRYijhLeGmPHC2sZUY0Ngoq8bkr/Jf97Erh+CM4oqiHXA+Jct8Yq0ml6MMFKk0v602yHRxIEn5MOBETygUz889kJnNLGsXDHJeJFCX5J5qmlnj9DZ+93hNEQJAzEP2CvzH/JoHJA/bMrCGl0aZyExrxJi,iv:wuTER92WYPUGm0QNpfoOepZSGcOmq2M16Xa3RVJFYAo=,tag:qgLqtf41735ajBvlEBlJCw==,type:str] + rclone: + onedrive: ENC[AES256_GCM,data:Pt8uYuo62XHVoV9nnMr1pic7fJ29jkJhF6BRDRFrRjia2F4Q+3IBXTmsx9MVv7JM+noHrnRqvKlpOG+CiC5fzz5t2sup+swiAgWq6SfwsAtyQJJY2vS3uPYRksdIOad8plbA8SYKWhBD1g9sQpEoVN9ErpAMH3apqvxvo25jKyobaIm0fYNS2lOsc1nTaGvADm4V3KR4jC/GhVkvawRDDkFnbS3OclmauOpvxV8wucrQDI9Sbbr9Hk0Vp2rQjPa649o7N8c7xlyQ5vLiLd0Lat+h6ziKgAjWLW5uwA0e2KK2532iH4WCYq0RA+i6tFa1GHyJ/8rapn5pLAMTZSxip9T5FoNxjvqxTxuurgS2AqQXsTZ+I8DNNQolME8oAISiaw/2qRF0qOuGtPGvtIIaQ0tkbvIbHwV2YEZe79wEEwiwjxlGW/XP1BgGp4WzWFlgSfoExtp+yTTC+XbgB6uB0KJsFChF4OzqHyRo/1p8fJ6adf0DAopt3+fq32Dp1fvOLWsJLbS+Rp0tguf2SqDiErBmW3aOnAdw6YK3M9KfVhh8jiO61rrVNoccGC1F92OoDIIgLHON2BH2s58D2oitbB2BcYVuZlXihlPNrBfr4gzJTTjnTDC7A7x8QvvSfO1NLi4Ihi+alwKGxbYvtnzVfLNx+Vfz1Sriigm8MP2pPTwcSLQzqyxr6mmLGaJ+J3ufq7ykD5YK3gPbbFF290qtUCcLV1EBr7q4Oc1lt4iXfzf2WfTDkfwMOmq4KJ1qIrCvW590kE9ZDrNDJir/tx3suSA3lkPzk4zrVC1D1w+0lFKAZ9FTpE2ePMsDJUVv+U7SyXlHOA+P33NSdvZZdE9ym4+CBI8bmRtekSI4ljt7I9AvFTUOvkcx4/hAX+TYBPJ2mgFvEx9VRKwSgMxjuWp7ZXlQU1+Az6Zc0S2xgyajKAnaShd+ekcPR98AOo6lMrBim39NQmcRfCMX/nFDLhi/h6NF0WsBi6/lGyq+tvTBNWskf8OAlXKS4XvgoA6HUOJW4ekY17ysQz/DGboUxmjLPPycJkK3bXMf1FXdt5eZMHrdixG8xyy9ZgL6d/arvM8sk88gLhYhmpqmBuFBDBVvcoKREjKK+DYhoxDTFj192fhJZc9Z3bQCYvykrY7hMg55KAYR/N0utBnz7VXuwZWLT+lxcEty0XCjaaLj2rJFAFWy1004IOTcRICDR8JRH9NOFAXZWwUpfN7lQZtiBY5QfL/O5n2sZwbs5aBnBpJQBM1Q6f5Cb9i0JUcu9kNmDSh2X4syG31OOjFLoyVdu2MQKUNTWzGvc3CKBOaU2TFfGdjIhvWRK58UQvctCTJCVsm/UGRE5jlEsSlOB2QhQZHyiWTF+HvK6bdjXN5QXmcUWtq1diGPWN6Kayjk8MUvXKCk5v615t2sCG2eTk0CMewDfnDTC8suebpJ6SoRIxGMxCfh43plRJNwKI3L/k6q8wopNd8XXF2z8ZNtN+H/Jj5J1yyZbl4dt+MbpkND1fCQFbHJnDBY+z5C732B/d4nsHZB7Gz4EQ/JgvHviROEEx7FMbBxaRYeJ0I4eIkm3SLzJytZWaUVPuaamWnJ/mMGx9T0+aUAlHzbRpu6IErn20W79k/EoKsn0qhyF4+0K7Oln8V279Jinq2zXpLB73K6wM667jkHrOn9cZS3FLLs5Q03rLOVot9zKT/TJctUKaAsO5gaIsBmkKVwUmsrr+aQl48v3gQNxFdM55h/a11HMhXerqtKjmEGtHMaSQqPrAm2KzsLZF6lXW/gp6hB34QD+1EUr05ZPt26pwv0KibGH51EMl9VuQ2E0VSot57wdCnDIMdeLdZxl0qbTVMiYsNxNhjOs5QEJN+LTe6cIRdQvjOAWvEqRfhPYQHuxuGFndT7CNz/toOhHP6ee4trsGwRJuKeqTruBOaV64fhHUQtt0tg4iLVLp0NbMO9ARgwEk5HQ1X+2JpB472hR4UBQYcdi3XHRrfOSBmLpp+3c9OytHYMRIVAgCjQyFpxCvHid8p0Fkym0G673QfBUeA2f3aicqPAzEAb3DQRDYaO85eibPi8TawaZGqj48Z2ySNfZpEabQLLvv98tTb0rH9zKBNrytm1IT0UQ17LrDTlfiYVtUc1smyTju9yZTwUokmon9yxs4V+dklbLqCgvsAgr7Ft/qPkAAkbN2dqS5smiNZnAa3cOEs1EgFxxHusDqB8rOCgKhBaEKrYVFKHQxgATULpyWG0+zpshdXK9Vy4RXrKFyRn/sLpui8QoiMk3jik3JqwnlTl+7jhIg0iZGokkPiAH0Tftc5AN6Nrvf8TrZFAj2EJ0MOUPyHqklsAGFPQSc7aSoiSS2X1Xzry0bi6QVZpPfCNR2w+D3ToY3UVv0mx8BSmyWvaNDcuhuMn/ORuZQUp2RPp/cPiUfqsHdKGr1ta+h7R+O2nNscs444URhkOcRH/5quhrTpvyNhsrZaJYyfgsCJL0ESNjZDM8g0gBFR2vsPzX5B94tRBJ/IHrIqW0lZnSx2i5YshBcrA+ElIj+534j+iUx2x0l1GRV8EOzD6cE/SJYbcl3+xl/HDB7Y7d9V3+V+npXWWurowDqPQBMrf1QVoCsbuLY7LzPS8H5Y7Asgj0NPGBXhCnFRzpoXJV+jL87JqBszptbJjsQNfYGx5nDqZ4dzg/OBhXGmbhC1XmPmv0+4LVnGl3gjesUEbobtGSJY5a+J+3ZgozFsX171rFwhpGozPL5bDZAX6Phcis/kiEZnoLiRv3teUxCQ3Ez6d5AC2hw5XkRMoClL0XlPVEaiPKjdJP+zpnflcQzlw5Sg4uqqIkDK9zTrxhMxo9x6oMSI7zh/64xGRRnU7k3O6L/3cl11fOoxzxx1txH9isLp355fwKsi1UrGoZSffQRnPYyzVnQ65DXOkKxZTmqWVM7m0pzfSe17twrcanp1eFbv7DX6UzcLYOSKfmMdpXZHBk5tuFHSKGHglCG8Lcn+Cway3O660sAZ1fnU6L30nZ2lD+ReGSK8c0qa6a3+tWc1XUH/t7NxwBOx1y3wak+ft1VX+3SUVtbUL6PhM/EuBiqDXAdSVnPtiabOpMIoB3IBqMt4Tf2Ix7g2IxEu8eBh/+QTfHcR8WEbNTPS1nzjJkVCztjo4i6i4TdCtILvnvbfjfiJ10esMMYM70bveuPlco/tfhrOoXGnk3wV48TXCe9tRHN0xmU6pkfgKJCFIJaXT7vRSgRCVl8yREpjIw74EJ7drrcRS7rXznMhTO1Ye4IB9zEjFVSikH617O1Ze6SzUlG4CunIkK+5NXci26M3Y+hrIOXK+fvah++XRzMGUEtmG7IOpUiPHtvhlwwPWzhZWoR7t85Wyydb5K8A9zMOnpD8Lpu7DM1yhZtRrchkirywLYxuC1aI2jTEvV52tF0DMIbMzulTAjnVObzDPHNldowx/JIMz9E5gE3FNPvKJ1AJRkaZKXX1lVz4jWVawP3OeSsKDFTVTsLTvE0BwznolSR/x4opKY35jJ/F6mW4gG1N41ywBdnC+lrxEQPGfToiFfzrhlph0yrn+YDpA6N6uJXElU7AQWx0gcrdmbvhnCaEJVJ6YBWUQTBeQr5OBPC/QnXDO71MZeAf3Jml7wwftnb3AQ3F8y9JXht3eztnWeztSx5vtb05DWG7ggpy6UtljPW5pX+zk+Zd3XvBGZnI2lUGnF0yIu1arXt+9kEl0IDQsuvrbH0jl0TJH4dnSQS7mSQ7Z+B97KdSGo33YLINJQf+aPTha15fEMzDzdYfNKHP+WQnNwD+Hi5FOMxVyToUOYEGcnVtExYy9RQJ9NiEhAqE/tN9RA2TDMdpAm6l2lEpfqJpscWq6canHxhAgXxZXMX+hqHUQuQV3b9ZMEfUNAWvPfUx/RJf6Gqom9VFV/vkTn25YN+9yewwV3LBXsSndV1e3prQqEwHFdq3kCUQHVZIakmDKUVk9C5nxvbAOn8qmbcvs1mDLpofi6CRv8AZb02TQFTVH8+2hKUnCJ9rzNe+qCpVHMoDev+Q+z7WoPeX0jKds46qrUPaoWqku3seTdLbyJG51rn0MyCYp+E1RjLi/1zRj/tdECwkatD53jxmgCThL7+gegH2aDh0qIWk/nj0zRFM/PYkkQsD494Cz0HvzVSy5GXTLZoSHCQBPabpbNFtIYiOKNbUwTX88abzfsSnYaJEk4Ae2QfrxzrhpFX00XGihQ7+swjVywZjJTtfSsyeH+NAINb/wkbh6cz1He+yILIQN5qs4/kl0NQrAhwf1+JWuFaB1s1zHh9KYPD+cb/NEaycNsicrQuqWyHw57ixdyr64+lvfIqAyAGdQR27joGLBSlX0J4wIMbKrPePZMl9YL/WKNcGLwIlGl/tN3DrYyeKg2qjb9Q417HLEGLFV8nryNuIYiV4bn6siq/0nAPAgKUuk7BGWudR7Ed+xWouJ5z5e3hffj//PngbFoxCeor1VFlOEJmqFwuxgtySJW9BiYxcTUVUs1gtxxuLKsRnSlRB7ceSXwMWzar24jCH5Ab+53oeXCu3jCI6Crpav7R0m0OXpXojsmmzolNAsCR3np8sK2snHgHxN8FsjYpY2hAbIGLQv9L+lr3eBS1ijGOASgiRnxcXke/kVq+2zBxTBgpA8BGQ3IRM7LL+5vzD7+rS1xDEvjT/pJ7ZwSX/jaqV6KkytavFkttNZfikGtbxl7rXL6ATkDmusR2ucJNtPAqM0rLIOxTDlWqtTSNQLNbOhHtOVUir1HMMvbPW8/wrANmlsr4y8rRPtNgHW3y9vr6ahBq2SQdL6hsjuA1T9Gy/pEgNbTdDUl0DK3Ca7z1kRyWMhcBt5aSpWyArmquJgnYT9qIld+Eul4vAt3Qp9XCVacmJesPJ1OpMTdRUQVp/+5tWTvYQAcjUdhQDxemKBZ7Z8eRjWjeRFzuJMuF+axwPpECnIDBBPSqFWBdDtCUK1xIo10WYl8XfUHs76gLsJ3yk7L47xobGXdgYkd33ZzaEhZCh6H68Ne+cxDlQ8ItNr/aLMYOAlndAsuMpQrbWF4lnDDBotDA8vGmXwRX0SHcpioIePB/PIocbZdEfhJDi+8O+u7a2y3kTdTrM7fjRW9tiX0Sd5w2OIZy0zUgYMx6rTIjs0tBY3vH131rIE2MAIECP7b7IJMOqCal7LNvUVR/KicPdS9J3QPjwC2WzOhttE6/24O5gU8MSAcWn/GDea/V29cMgBIsBhaT1ZYDKQX3Gn8/DXzRXczWJL9Wy+drVKF3YyYX65xEL52+N2WsvNsXtuy5ct/QOW30NtfCZ2XcAWdfXWJqpFEOso2bTkRF0x7RaFL4jKYHwbLUi8c4j8YsDMSKOYx/KAN8pGXf+WUDn1HDErzTFy7VnAvKleWW15oYqPTKW3j9S8nN8op1+SXSiUAgvUy1HLPRSIksrIRjthOWwsh5vqTi8+lldvi2pSiLcwBwo44ppzp9ms9hTeoTtcP9UEnjTh+mWbxE4aUtuVmderGlrMbBYeaiNZj7fK6P3MzPan9NTq1Hctv+DFHRNcCLNeU8eZeT4sf0PwFLIxIGrYkkBHbzlV+9cuJT8GutcWzu++Gaq+ZJgXtZU4qwVysd4F6w94YZFlmkp3GoeyWBxvfbiKYYieQMcn7J1j5PPidfBT7nWhRgXKraBfhvf4eOhk6JA8aFH6meAhx7BIK1wmXSn9PtVRexXJTmyAMiyyPT2trXycGCmEIUCUND8QylT/rtYOEZ/zQiG7uFi5JgWOkv7qlZXljwaG9qKThRZadbkSXGWvDdBi8qLAEdMg7/PG5KEgdF9fRae23zuaStTzkjkgr0+qQ5dvf80+ZEu/lhrFO/Kio7FcEtrfcEIrh3i1vqdkbsCtrnUG482CTikQbDqigrCuYEeCwjdqEE2/XHQS0odxXO++qUYMFzqTNT9DQRaI7QCcDDtWu8PZ5rm+ScGSXZXDvdXdNV+Yarfn0XFSFXxo7mUpWS1G1wh0RH0yNpNnOT0a0cCN8w==,iv:30CpiyoG2UNk8ualZH0AovgtezpSA0RDVaiIEzQofkI=,tag:/mp5o14geQ+1kTdbYYzFTQ==,type:str] searxng: secrets.env: ENC[AES256_GCM,data:oOEHk2rHzQ5db8U3JfTyTFgvQsz2G/MWFOedvb3BAYrT7tRVP2x8868nlqjHkeo6GkLevw4ejghUJ/tRVdYEqfxAnTlQtRDhp6r1vxW07Lh3N+a6HQ==,iv:XUysHB/fLwbKEDJFkuhg3Y9D9qERJ/qErJ20AlcVjX4=,tag:NtYx1BcMLphMwgAD/MMCCA==,type:str] syncthing: @@ -43,7 +45,7 @@ sops: N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-23T19:01:32Z" - mac: ENC[AES256_GCM,data:zJalz3o5HGhlSrmBBMQ0nRBnry/rJPymQlszJYXDPi7fK7utZpMkYRH7DxrT4U5xM7q36mFiFm4O/m8BFXdoKsOzCxpCsvHHhfVvOFuR1Knoza33xeej/gEvqQmImBO6oauFBi3ZJ8ABbV8JbzkE33tu0qaE4xgQ9kC2q/6utck=,iv:oP1BGicUARP+HGhmhLbgssx1xLiPoBdNdNXk7gFLqdY=,tag:LhJbW5SmxFQzYYLjIWeH0Q==,type:str] + lastmodified: "2026-02-05T14:48:03Z" + mac: ENC[AES256_GCM,data:4xjci10r/reABYCATMOay5VGn/lhLLpojgSQ2QjVkgxyKM2zcJleJjOwbxdj+D55ntlxlJSEEhxBZ/Ie8BujqQv/01FQrdUwRWEFqD/aHtAhFkUjsEFlpHhN2mzXQpqFB4WQDrjkqKkPpcw9PmrNlf9TOjPrl4CS+9b2HtDnYmw=,iv:L/3c+amIPkP9n8A3ECLewi8NlsiVr9GCQOKs1N0jK+c=,tag:TS/wqMF+n8Sux7k4ANv6NA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0