noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-12-26 07:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

add restic backups to s3 for immich

Browse Source
This commit is contained in:
Noah Masur 2024-12-12 15:11:35 +00:00
parent 66ef1fa38d
commit b691895e05
No known key found for this signature in database
5 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -247,6 +247,7 @@
mail.imapHost = "imap.purelymail.com"; mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com"; mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles"; dotfilesRepo = "https://github.com/nmasur/dotfiles";
backup.s3.glacierBucket = "noahmasur-archive";
hostnames = { hostnames = {
audiobooks = "read.${baseName}"; audiobooks = "read.${baseName}";
files = "files.${baseName}"; files = "files.${baseName}";

30
modules/nixos/services/backups.nix
View File

@ -22,6 +22,11 @@
description = "S3 access key ID for backups"; description = "S3 access key ID for backups";
default = null; default = null;
}; };
glacierBucket = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 bucket for glacier backups";
default = null;
};
}; };
}; };
@ -69,5 +74,30 @@
# timerConfig = { OnCalendar = "00:05:00"; }; # timerConfig = { OnCalendar = "00:05:00"; };
# environmentFile = backup.s3File; # environmentFile = backup.s3File;
# }; # };
secrets.s3-glacier = {
source = ../../../private/s3-glacier.age;
dest = "${config.secretsDirectory}/s3-glacier";
};
secrets.restic = {
source = ../../../private/restic.age;
dest = "${config.secretsDirectory}/restic";
};
services.restic.backups = {
default = {
repository = "s3:s3.us-east-1.amazonaws.com/${config.backup.s3.glacierBucket}/restic";
paths = [ "/data/images" ];
environmentFile = config.secrets.s3-glacier.dest;
passwordFile = config.secrets.restic.dest;
pruneOpts = [
"--keep-daily 14"
"--keep-weekly 6"
"--keep-monthly 12"
"--keep-yearly 100"
];
};
};
}; };
} }

3
modules/nixos/services/immich.nix
View File

@ -40,6 +40,9 @@
# Point localhost to the local domain # Point localhost to the local domain
networking.hosts."127.0.0.1" = [ config.hostnames.photos ]; networking.hosts."127.0.0.1" = [ config.hostnames.photos ];
# Backups
services.restic.backups.default.paths = [ "/data/images" ];
}; };
} }

17
private/restic.age Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyAvWi9T
NnFzUnlKUGord21NUy9OT1NDRjhIbFB6MUc3TzgwVzY3OHpFSlN3CmhuNFY1L1FB
VFBHY1lNNjFYdFZyeHoxZUZyTFdpVHhqM1JqMUM3YWljVUUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFI4aGU5Z2NUeGNSNmEzNFk0anBBbUw0NUtHTE55WmgxOUN0T1p1
QUZyR2cKeTNack0vMVVsNTFMbmFSUXdUUkw2MTlnSzhRajVSWXJvZmV2QjlFcUZY
QQotPiBzc2gtZWQyNTUxOSBuanZYNUEgc01kWFdYS3BBay96Uzd5cG1MMlNMNXhQ
NTV4NVpvc2lLZkpLWkhZZlRrVQo0SXJhWUVMVUtYb1hEOEtJUnJoY2t0OUlpQVY2
UUZYdHpBcWRvUU0yRHlvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSB2NTZHWUd2c3o1
c0NKTThaMkgyeG54Nmw1dHZBQkZoYmJkOTZNcnVyMUJVCldzQ1NHNk8vTGRMNHlM
eU0yYmltMkhlUjY2NWxhdHQ2N3BMUjdzTk9PMFkKLT4gc3NoLWVkMjU1MTkgejFP
Y1p3IHh3OEEzTmIrQXhtSTE2REFUV1loVE5vNTRUbEJmNEE4YmhBckRmZGpwVXMK
OEo5RXdwU1JuY3FPQnJNQ1hMdHJxcE4xVnVVWVVLREROYjNsZkN3ZzV2cwotLS0g
aXMrandHZTJzME95VFRuUDRzWDQ5Z3N5RGxVOUUxQ1FGNGpvN3Y4SllSNApAOIi/
0iP9cccbkUqLZJicpIlKAP+QsYM8Bfb/wYyaQPnh4vlKqil4LpQEfFW+/J82DIti
8o/ddK8YDlLg3lwyiZ2dUm3O87jA7KEgd/g=
-----END AGE ENCRYPTED FILE-----

18
private/s3-glacier.age Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuQTZM
TTg0ai9yNi9Ia3pFNW0vb3JQczZtVEVyNkFNVzBlUVpVd3ZBbndrCklqdS8zeGky
WEN0YW5xck5sSXpXeFZCbHY0NHhDMU5SeGlaYmN4Szc0b1EKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIGJVZTZBdERTNUt6d0sxeGVOcnRtNmdCSlRKWUNjRHByMkZucUlz
Nm5FMTQKbHFtNnM4ZCtzdFNTa214ZVRkaFdmZnFYOCs1Z25YTDVVKzloYUVHVlg1
cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgOXFwSzByaUdidFRWbE5seFNEVDYxRWtq
OXZURnEzVWphM0VoVnJvSURoUQpGbEt4YmcraDZOcXRTQUF1ekw4RTRCN2JRR1NK
QlRQaGRZd1RIMWNiRWpjCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBzTTVsbnVjWUxt
L0hyM21RS2w2a2NIY2xvSmZ0OUdDWGFVcG5IYlNhUFNzClY1bmdNUkRYR2QyYVFW
VHF3enZqUlZqUWlvZlI2aHZrREdwZGUwdzdXUHMKLT4gc3NoLWVkMjU1MTkgejFP
Y1p3IDN4cThQRjdvTWJ2S2FaMjZ0RHlDeElDc1BuU0JDSzlpcFdzT2ZhLzA1QmcK
TjlFMkgzOFhKbkdvUWt2SGhaUUJXdjBxK2hUeE1sSzBsNWJyNG8rUlZRbwotLS0g
SGw4VmpCMktjQ0ZpUExnWUtsOHhHS0tZckoxeTdtZXMyVXpWT09Ea1NUMAoRRzA+
0rbfJ+eVeccDaulmqh+Wv3T1/+SQQJYD5trume3vSzXgRxJYeXR/BespsDzWJ3yg
McHYNvEK76stD3vopKvpDU3Nk861xp++SavJtrIVKon6YJl6a6Ox+GxhrNk0+5f9
xgDWhIHwzHLPvyseYNjRFy8GsYaP2tT9TGMrQHFTAKeuvA==
-----END AGE ENCRYPTED FILE-----