blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *

Browse Source
This commit is contained in:
blake
2025-10-07 16:31:05 -05:00
parent 62011f0d74
commit 82fec595e5
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/system/backups.nix
View File

@@ -38,10 +38,12 @@ in
serviceConfig = {
Type = "oneshot";
EnvironmentFile = config.modules.system.backups.passphraseFile;
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-backup" ''
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${passwd_file})"
export BORG_REPO="${cfg.repo}"
timestamp="$(date +'%Y-%m-%dT%H:%M:%S')"
# Initialize repo if it doesn't exist
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
@@ -58,7 +60,7 @@ in
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::${toString config.networking.hostName}-$(date +'%Y-%m-%dT%H:%M:%S')" \
"$BORG_REPO::${toString config.networking.hostName}-${timestamp}" \
${lib.concatStringsSep " " cfg.paths}
# Prune old backups according to retention policy
@@ -68,11 +70,12 @@ in
--keep-weekly=52 \
--keep-monthly=-1
echo "Backup completed successfully."
echo "${timestamp} - backup completed successfully."
'';
};
};
# create timer to run backups daily
systemd.timers.backups = {
description = "daily borg backup timer";
wantedBy = [ "timers.target" ];
@@ -82,7 +85,15 @@ in
};
};
# install borg binary
environment.systemPackages = [ pkgs.borgbackup ];
# declare secret for repo password
sops.secrets = {
"borg_passwd" = {
owner = "root";
group = "root";
};
};
}

11
modules/system/sops.nix
View File

@@ -40,17 +40,6 @@ in
group = "root";
neededForUsers = true;
};
# "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
# owner = "nginx";
# group = "nginx";
# };
#
# "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
# owner = "nginx";
# group = "nginx";
# };
};
};
};