mirror of
https://github.com/nmasur/dotfiles
synced 2025-11-04 11:43:16 +00:00
67 lines
1.8 KiB
Nix
67 lines
1.8 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.nmasur.presets.services.restic;
|
|
in
|
|
{
|
|
|
|
options.nmasur.presets.services.restic = {
|
|
enable = lib.mkEnableOption "Restic backup service";
|
|
resticPassword = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.path;
|
|
description = "Password file path for Restic backups";
|
|
default = ./restic.age;
|
|
};
|
|
s3 = {
|
|
endpoint = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
description = "S3 endpoint for Restic backups";
|
|
default = "s3.us-east-1.amazonaws.com";
|
|
};
|
|
bucket = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
description = "S3 bucket for Restic backups";
|
|
default = "noahmasur-restic";
|
|
};
|
|
accessKeySecretPair = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.path;
|
|
description = "Path to file containing S3 access and secret key for Restic backups";
|
|
default = ./s3-glacier.age;
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf (cfg.enable) {
|
|
|
|
secrets.restic-s3-creds = {
|
|
source = cfg.s3.accessKeySecretPair;
|
|
dest = "${config.secretsDirectory}/restic-s3-creds";
|
|
};
|
|
secrets.restic = {
|
|
source = cfg.resticPassword;
|
|
dest = "${config.secretsDirectory}/restic";
|
|
};
|
|
|
|
services.restic.backups = {
|
|
default = {
|
|
repository = "s3:${cfg.s3.endpoint}/${cfg.s3.bucket}/restic";
|
|
paths = [ ];
|
|
environmentFile = config.secrets.restic-s3-creds.dest;
|
|
passwordFile = config.secrets.restic.dest;
|
|
pruneOpts = [
|
|
"--keep-daily 14"
|
|
"--keep-weekly 6"
|
|
"--keep-monthly 12"
|
|
"--keep-yearly 100"
|
|
];
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
RandomizedDelaySec = "3h";
|
|
};
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|