Merge 'Add backups config' (#9)

Reviewed-on: #9
This commit is contained in:
Riley Apeldoorn 2023-06-17 07:33:22 +02:00
commit 2e288c1a03
11 changed files with 145 additions and 5 deletions

View file

@ -1,5 +1,47 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1684153753,
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
@ -17,7 +59,28 @@
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1684596126,
@ -50,6 +113,22 @@
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1683286087,
"narHash": "sha256-xseOd7W7xwF5GOF2RW8qhjmVGrKoBz+caBlreaNzoeI=",
@ -65,7 +144,7 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs_3": {
"locked": {
"lastModified": 1684570954,
"narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
@ -122,8 +201,9 @@
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2",
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_3",
"pwnix": "pwnix"
}
}

View file

@ -7,9 +7,10 @@
inputs.nixpkgs.follows = "nixpkgs";
url = git+https://im.badat.dev/bad/pwnix.git;
};
agenix.url = github:ryantm/agenix;
};
outputs = args@{ home-manager, nixpkgs, ... }: with nixpkgs; {
outputs = args@{ home-manager, nixpkgs, agenix, ... }: with nixpkgs; {
# Configurations for NixOS machines.
nixosConfigurations =
@ -32,8 +33,10 @@
system = "x86_64-linux";
modules = [
(mkUserConfig ./system/strawberry)
agenix.nixosModules.default
./system/strawberry/core.nix
./shared/core
./shared/secrets.nix
];
specialArgs = args;
};

BIN
secret/backblaze.age Normal file

Binary file not shown.

11
secrets.nix Normal file
View file

@ -0,0 +1,11 @@
let strawberry = [
(builtins.readFile ./system/strawberry/keys/riley.pub)
(builtins.readFile ./system/strawberry/keys/root.pub)
];
dev-lt-63 = [
(builtins.readFile ./system/dev-lt-63/keys/riley.pub)
];
in {
# Secrets for backup cloud storage provider
"secret/backblaze.age".publicKeys = strawberry ++ dev-lt-63;
}

36
shared/core/backups.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, lib, config, ... }:
let cfg = config.custom.backups;
in with lib; {
options.custom.backups = {
enable = mkEnableOption "Automatic backups to Backblaze";
bucket = mkOption {
type = types.str;
default = "ezri-${config.networking.hostName}-backups";
};
};
config = lib.mkIf (cfg.enable) {
services.duplicity = {
enable = true;
secretFile = config.age.secrets."backblaze".path;
frequency = null; # We set this later
root = "/home";
fullIfOlderThan = "1M";
exclude = [
"/home/**/.config"
"/home/**/.cache"
"/home/**/.cargo"
# NixOS configuration, we keep that elsewhere.
"/home/**/os"
];
targetUrl = "b2://005c7170636d5ef0000000001@${cfg.bucket}";
};
systemd.services.duplicity.wants = ["network.target"];
systemd.timers.duplicity.timerConfig."OnBootSec" = "20m";
systemd.timers.duplicity.timerConfig."OnCalendar" = "daily";
systemd.timers.duplicity.timerConfig."Persistent" = true;
};
}

View file

@ -3,6 +3,7 @@
{
imports = [
./backups.nix
./gui.nix
./nix.nix
./ssh.nix

5
shared/secrets.nix Normal file
View file

@ -0,0 +1,5 @@
{
age.secrets = {
"backblaze".file = ../secret/backblaze.age;
};
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDroUHLf56zlYLiMoD1JV5XXZNwY9tftobDttC6hnfiM riley@dev-lt-63

View file

@ -2,6 +2,7 @@
custom = {
gui.enable = true;
backups.enable = true;
};
system.stateVersion = "21.11";

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINV6ECtM7dCAWwGX20Is9dbk9B2SHEGZN8bMzwoq5A3W riley@strawberry

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILniE+LdfdV9V9+Zj5gJXqKEv1CzQaEySy1u5OdbKa8d root@strawberry