Commit ee32d2d
Changed files (5)
hosts
chaser-pardofelis
secrets
hosts/chaser-pardofelis/restic.nix
@@ -0,0 +1,46 @@
+{
+ config,
+ lib,
+ ...
+}: {
+ services.restic.backups."${config.modules.currentHost}-backup" = {
+ initialize = true;
+ passwordFile = config.sops.secrets.restic-backup-password.path;
+ rcloneConfigFile = config.sops.templates."rclone-restic-backup.conf".path;
+ repository = "rclone:Backup:/Backups/${config.modules.currentHost}-backup/";
+ paths =
+ (lib.mapAttrsToList (n: v: "/var/lib/authelia-${n}") config.services.authelia.instances)
+ ++ [
+ "/var/lib/fail2ban"
+ config.services.freshrss.dataDir
+ "/var/lib/gotosocial"
+ config.services.grafana.dataDir
+ "/var/lib/${config.services.victoriametrics.stateDir}"
+ ];
+ exclude = [
+ "tmp"
+ ".git"
+ "cache"
+ ".cache"
+ "*_cache"
+ ];
+ timerConfig = {
+ OnCalendar = "04:00";
+ RandomizedDelaySec = "1h";
+ };
+ pruneOpts = [
+ "--keep-daily 3"
+ "--keep-weekly 3"
+ "--keep-monthly 3"
+ "--keep-yearly 3"
+ ];
+ };
+
+ sops.templates."rclone-restic-backup.conf".content = ''
+ [Backup]
+ type = onedrive
+ drive_id = 52CE3DAB18B4C557
+ drive_type = personal
+ token = ${config.sops.placeholder.rclone-restic-backup-token}
+ '';
+}
secrets/hosts/pardofelis/default.nix
@@ -103,6 +103,10 @@ in
// autheliaMainConf
// secretFileConf;
}
+ {
+ name = "restic-backup-password";
+ value = {key = "services/restic/password";} // secretFileConf;
+ }
]
)
)
secrets/hosts/pardofelis/secrets.yaml
@@ -11,6 +11,8 @@ services:
s3Endpoint: ENC[AES256_GCM,data:zUe0nDSW1T9i3YOq2Cao87nM4I05yquKMLsD7gMKYJ/M8bj9usBiFr3aAOW5mEiATzSy4VtupTDT,iv:UluVNVCcF1LUWYJWlCVS4y197TSuD34MNuUC7Mr+Tjg=,tag:AyLcTDPZoleKSMDX39ApBg==,type:str]
s3AccessKey: ENC[AES256_GCM,data:2hOwCwYROPZ/ZBs+QHjuaHZR8DZdBoz96Dh0g6ohFpg=,iv:6FGLKG+Y9/8tFqLsC+h7oBbT2HkMBDF1zobv61/a6j0=,tag:0OZ5KpK3P47ZqyEWdUEGRQ==,type:str]
s3SecretKey: ENC[AES256_GCM,data:zg0JEJvuGDLuEgm1clp7CI4tF47CtLsyR9kn9vr8YJvyDxPL9cSWgGMVffrGFf/AY9q4k7SSrNS047k5SB1nHQ==,iv:0LAatRgKfCrkdvQLfrCLl/BvdwkzH0SSRp17/6ssClA=,tag:U520Cp1+XZMjdW9RpwX2YQ==,type:str]
+ restic:
+ password: ENC[AES256_GCM,data:KrT+kv+1hbWnkZUOw+8m5c0bg2JacV/frOUi6zq6wIA=,iv:n5mIZ8FYcpCC3+RsYInfrYfs1WVBkguFmKT3juYzlMI=,tag:w6mN5hNNbdCK/qdW5U/a7w==,type:str]
authelia:
main:
jwtSecret: ENC[AES256_GCM,data:czKoD+m8bu0ioTjXYmGv8ZhQphTgsv3GEAvgY4JsxbhAEDgzR1U/Pm7n3FuoIbCCPI6TQcRN2cB4NrvNNUoqZg==,iv:MZbgnw3GkgkQQNk2i4wNFkqcrsyIqdB1GbfeN+NTlwQ=,tag:MN7dV2BDjXxI3AxOYNie1Q==,type:str]
@@ -38,8 +40,8 @@ sops:
MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-18T16:50:33Z"
- mac: ENC[AES256_GCM,data:SizC8XKfRlcUitfJMzWUsD8Kio+Spg0Wt/nuxv+a0muV7TwSOpBQCyWgx/l2aSHVTFNST+ZbV+7oazI2iF0VF29CyaAlxfcyLfTdBZ8ODPciD6ceVjxsb2aHMexasrS6ZXJhLYJ98NdmIPYia8yQJGiU0H5zvmtsg2tbIN+cKFw=,iv:StjHLufE4p4X3YWJiG5LCMrQqrigfbU2eSArZDnVhfU=,tag:fJ6RTmvAaMb13AtkKkF6zg==,type:str]
+ lastmodified: "2025-07-20T10:39:18Z"
+ mac: ENC[AES256_GCM,data:Np0rlSXVdtA59ZWCwvUmfFH7GmfzmgQFDHSVwl3tQAgLl6H0vF6Ru9JoskCE1mIa/LIptHi2NlgBhaJMk0H84NVcbvO1iWkf99Ai5AroNotka48KsPmhj0qODqO5mG7sy4GjnuudgPYbdG6xD7x7gHMEP0m3dT4ii/yx8U1uMm8=,iv:EUVQc6+tNLRg7/G24JwSa/UuTsgyIk0zd//yyvK8VD0=,tag:kcK4ne+/+/jxAfLtgm1u5A==,type:str]
pgp:
- created_at: "2025-07-15T13:47:27Z"
enc: |-
secrets/base.nix
@@ -19,7 +19,7 @@
key = "rclone/${k}";
owner = myvars.username;
};
- }) ["onedrive-token"]
+ }) ["onedrive-token" "restic-backup-token"]
);
sops.age = {
secrets/secrets.yaml
@@ -6,6 +6,7 @@ mihomo:
aria2-rpc-secret: ENC[AES256_GCM,data:I6FYN/TRRP2ceQ==,iv:18dOBc/3WTden6Za2IaSoUOX5aY6M0jAwt94il0f5OI=,tag:WZf3xu7EC7cVlZU5urNWzQ==,type:str]
rclone:
onedrive-token: ENC[AES256_GCM,data:0y0eThYoeJtJ7I5Y9ZE2N4N8TH01yU7xRXHUhYRcj8uHn185VxHvXIhlKMgmZJCfc6qPAYroWkZtxID64/kXxwbhdfd0kLUwiH0Gnv41tb3KA7cxS3r4yvIStLdaax7Ui7ntwYREgLABdL/UdIzeEO2XNs7PaLYI5mQi06A4pmNIZolHP8xgBXiMeSF4cKR/WXGu0m9Y2bv1ci67BJ/BfNjA+ah3HV8vbk93xW7oc+x+7Vh3tiySy+82iNuuDOPzD9/+ImgY9X3kKZeZCG78QYIlRMmwo44WSh+1Or1DyAw/4Y2rE+qNxi6zGWFjC4c80JLAJh8bOb6Yari9oSBZB9MHNxwY0Xrd4K3g2ipsts22N0iqfH+SOfAgMWuRpZkx7j6kPaLA+fDJJTXQ2GK/LKcHaxYin3RMfVq5RD8nTPLJ/tlMNQUxIS+fkE9HIa3uGerdpGRcdUWGX8q+FqbAw+Hg+b+TEwDBLAE0PLm1NjsMDs/0y7Oe3JduoeKWvsDjkdNvoRemXF/tPtBZp4CXZ5fnqRIxOcD3SXJ3MxXtWJ6o0G536jb/AxcpVxX71774vcAcP5uS6HIq80yZAGeD6MKkpZUAtgKWee5y2FnWoDks0NMLgb4TYbqbTHFBKEBAjXPADeKismt2tGF031E524EizfLF6IbfVYOAK6CMOVerjMsKEaTOmuq0VDOTxZ7udIfLQaKhW/xVAXnmi9m4JdrMLkajcfQNIRGoKOsZF1jALp2h6TznjgVWatJZPPzHfLnRckEhDQ+IxsXtrn1VPaADBvGxiWQdfV2994v0xcjwAbx/BO8B3vqbVscXOLqdAQk0hU+Tn7/28+2jfNn8+3U1qGVUxIJxTIyYvewT+Ef85N6aMcxrkfgY+czqg3BZmnZib4dELBwOT+OdCPxd98fDmTPd4bAeLLpt/9XOYpUQlaT2HH61XoI0OuThHL+5lfzsSEwtbOCegBiVLbuv68bLmV9L9F8GhYCZZCv+fCs72FXI7ZF6FyBbElDlrCnh3wCRbXE24eGROKLOlHuAPXi7oFkfKJQy5k9S0JqpNFBaMis6V0C0Xw2oA7lL4IswSj/dcePwWUkAr6fCF7XEEmVXhWRjucMsrDCT+L0wxbwq0cif7Eo3cMeoAk2/Jidj0BcZgoRChfOeeVU6E1MXqhqFxoqALUf1KEJZ8/puZMxjhIKMd+Pe7T18P+tUQtcrTC41R2U+uF2eUnhpTfY25rwXl67G/PLg/GxJ0h0FBIfWCofxqRWMvTm/g50hbw+ERNn6d/GhHJLc3D7QsGTKv6SwZ2FukpP2hxfDBH1hL+8GVrVmMYDjLh9dlmGAvsymUYsqRGUpTZ85/hBV+ZzedJKrkoOlZWrm5/e9QGSIgpTX4xWy8/vsAYrufIxhehrbU7DZoq2WMxEF0ozC1iJeEl8h7EYFcCNZPaRAhq+7JeNfAQKzLx77JqnoGpY6FlnqDbRUP5ZR+Zz09uH9pt+cwJ1BLj3pNwtrnwknlZtQyRy1XTVv5KIp2q4R10PpiEuIUlO5FswWTyCZot9diV1ff/e5WMxngExRxBUEBsTAbrD8q0BBLspixYuswjyn0BU2dwdxfHnbk9O9JSAAZFPwpRYOXv3kYlRHd8EIW6UC+m6i8UpHofVaAaifiIUSRajqQJT6/EZw3GgEw/azWUtz+8SFyFV1Gx5J2enxuCGJ3UV7+osbmSuHcfo4tSF2zna4OUQ6KEveCSzOdWqSx4gYf7WNnbIcgCEmDPnssCsJmPO1GcSdoGGVHBPFwewZjmen6zWUusNHPbtixVB6HtKL8A71IWTAo1BdBSjclOw0czj9DOPLHQOBjx+GrWNTPyxxflJ5Jbxnm83n4aZk5ldTccef9ayD1ud+kMVWhRRIXn7N9YUQkhv/YMUatqcgAcgwnUmIJ+TmIZq8/0FLH9z+ltDeB0zNMTilyeKPp2Yz6uOtjvVW51gU6lJiRVNYbok9dn7RxcPY0BxUOWPrO993h8D9YxPdiIsSnVlM1fgL2kE1Ir39PXjHuLyGTMWWbhojb9kbMF9xhtjpgRrNmM6InYBB7XJB6tSu4OCcBbrc/BEGWzy6hH1jH7iNTqG0r2Nx6AANhBOXN9KNC9qqs1O3MmxBswOF6dPu0g0nLpfT4TxUNyLpYz0+v/pbokjcBaBjFjVXIKTDRf6/DayUPhKtZn7V1wbOq9169253KnYZhzsfsYKEUCqt/oZkyFZZDAG76tFizieks4ZHx00NV9uOR5kkSem72WDap3p0uqQcZHe7hKs8ppuEs/SMShO3xpV06WQ2prP/Hu2xl20StRuiLqAxDmd5r22BSaHllr2rKCZjUb0V/3TqnEt5CqFF7idD5tpNXWfW3x0271NXokYTZ5ipgSHiueQzhE4XOFUttxCSfD+QZI+83n81i8uZfPSwzWw6LzVKoUZT+0O5wrT61tGtlamYhEKNCoNdbw4ksxLQNEqRVAbJwIe7e0L7sFThlbPaReYWgcBedIVjChM2pWSAxTp14ZxIjGO7lWJKibKo2ySAdSCUfTduULTMzQrVqyWFs6PzHNyiJao6gSpM2XCwegjILitP1CzYgco5B5OTOJLqvCrXyMdgdNb8CU0LZ+Jvz5TmH3g8BMKn0/SCkRNVkEC00xGsG63m,iv:oP3gNO0t97BgN30SQRVcVztW9m364ii7mVwFzcBYLg8=,tag:bN9X8GIy+3DfvxX2uDHqdw==,type:str]
+ restic-backup-token: ENC[AES256_GCM,data:PmrgiXfALlCfkq7VCF7MgX5s53s9RiS6ynVjH9fn+rsUpufXnBuf+7o+bV/IsWHFWMrASgPHQvvrqs949aQ0Y+4FCLQFJc0BOKZ7kudF52Xgc9r4ipqGitQp6Gxea9TIjsUdRTPvH77QFsOanDeIiNcc5zuv+HT5NSkuZAbJtMpkAugWqFkEK3Gr/C0cMX+Q8Nj7ZHwn39z50BaC9FWXWfz41G9MkeqQXwA0CZruCvr2FufN10p4/2gPrsUBGB1uXHozl2NKrBL2mmZwGbaQDLcDKM1AoA8CpP4P0qmS9OC2iZZN8Se62oMi/asFGScqHlTnMlvfwr+ig274B3jl8TXmn1pe/9SR+I2ze7/AV9nKHmVBOB0zqYsW7hW3zpuPcdh+f509BFxbmxi6enZPaffSJcjNn6XLXjSPyqYou+sClwQUImmcXSpDfrGhZxs25cltSzQibMubNUY5mVR7FrBA1mFE+w3yEcw33AyQUkqHnaipJllp0NHPFBEaqYiBrg7tULjAcvPim2fHxwj6XXmh+HkXFs+21jwjokMgGQ3mJwmHXQgM+zMkwipzrRBjtbaYTVrMJcCws3LM5gYgp5hyEcq+pxGOgQwh1RBb1UfOfI3hdqSyXrYiyg8RA6qaC1rIpMFWX3x/EAZv+5bsTSRXtDV8bUh1bEgsbLVZFNHk4b+9owgt1NxnUPRiOSBQtdONgPCPWI5qVNH5d30v/yus+EBI9t8Qnyd9pyM1rV9zMt9FOXkNb0O5m/AFdgcyz6lW+uJQdVgewF89Pr+azLb2x2rEbM+ny7oAafM1uK2/x+TlgiseZXAyAtIoDXvtVnTqNDbDLAvc6kqlpfPYKzZayPAaEJGlxNo2QskoO7juvkGswdXygfi01o6pbkpcZfA4yyMGv7slquKWd+0QpXHg318amyhbfzPCS50iosBXPd4qDNlKD4Nj4yljIj3H9qHw1PKPgUu5kM6/afM6p6jCeASD2h5R5dMXYtWyF+Wk+7Zrh3CXr5Js8HO5qmE2DVlULkDjt3vQQLBm6AT55pjL4ufpUhiF8PPuVIIxPLQXC2mppm65fS35XuF2ReWjAoB3Yk3EwFe/eSEmzCvUaPS313DzEUNpAFTMoTK3nk7uecCXXCju1jKwbttA7/ZBB66520UoAYxAy7I080p2CECNKKldu0aD2p1nUzNk5m7Q7e0aF4NQn+aqpPozy5kNtYvcse3JCpZoHSGQ3eHOyzzT6xaTKqHRYtvDuyb3Arwy9gPcLF2ZaMF0JA2ul6J+zZkNaUlsvSMQ2xn5BkWaSJfHigCRY5S1kAwYA7cU2hM6IWUYq5r5N7Ff5v+0+jeMyr75g9luVgkuIjqSGatIsywt2JASTaRrmsC+4FYT0BqFCN6/YAP17BHTrmQyBxyOeJTdLIInZOQ5mREWCEE9LrPuWGijRrIid+4/U9qa2q3e6dYZettg2WERendEE7Ci3eY3e3Rw3xsuTrXlPaqPj7jpO28y6lzCh6Y+K/rFd6h8FZYxXNaw1MDspaxq75QN8LqQvOvu0rm6013ZMzB1nLWsV3kvjJ8o7iSWCPavJ/kQrLrVEEAxNe5WA39SCT3dJZcRg+ONHVuG2ypr0DQz0w8S3LfIBzMoDd2hFw3KWv7Bt9D4nq5gSo3rnROs/zhRquNyz/4C844M+PHBZHPD06BJapLZnbIuAh3fmW4T0+hE2YT9yaLCId3q+XsUiGKuxqch1LBrxmjWjHAGZmky6c2Z2HrFkOTO8306hZ6KVbie0FqRdz6l3iBAvuPp43XWC/TgyXtJcKbuDxNz5swvB9TaWBChitd13xhhpEDYuHmU1YcOPfchcRlS7ezcqkaKpuSM6tIKMfyFr9z6SHmRECr+YGBiWS0/0MHPGL6vviZ2/oL74r8+Z6Q3Rwnku4/DaZFwKtPL2x68bXuYHJZYS09grIaSsQsFkJ+mISg2q3tObhppT5lNFBHIHsO5lZO8m0aw4M630bAqr94wRAcNNfQ9o3cmSCzbNiQHRDZvWxp4E9AGyEu9N1/+IzidPDkfc3CDNxX1wV9WXoS/kmmbXeoXxSDPIkGlz3SkmL/Nv1GrYDtVMT/8mjzqsYQhUDPQTY41LzZlfMaTgsiKVwJ+RFIgw2URabl8xejpAo6t9SJ5QXhFYPHbY6i9oV+hhmbfhtkF2Z5+ZQ9i7p+PO3XDhvJuA1y/b8oTt6IQ0l/xcVgBNlE9xyXoJ6u4bI/6c5bjIydLtY1VaHgWVdAIDTe0G+gk3BwgnJmpNsWatf+zpCn2KCN4obmaBlU5ypm73vPrJr/uArC1+MlU+SyzcABQv+1fk+gRc//DI4OcjYndqoBn5BKU2V74cZ08GgWwqdYRDLXAia2dx2Zxhl2yhLnpB9P6ttMZtZ0uib1jtjO+Vkm9nsjvMQeXVuqBG1FwRa8hhzc0+1xLuR4nZ3AdnvV2rYOya1UAXa+S19mbhzIc03b0zzd8oyA0SgPiJb7zoWxvBSBilvKwcZnO6B87He/8fpLdrxhzGlhQUeDj1TkfRnIPEeXtVvrrF473mqnMAUGs0UCAjObpN407lLp1zkpU3CFTwXPPFhv+FTq5WLackw==,iv:MTbA3m44lzQtRGq6gBDV1DlUzud370jTz2uiI0y5LSw=,tag:nlofOjYpJ1+HV+Dzy1+dsg==,type:str]
sops:
age:
- recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -26,8 +27,8 @@ sops:
TE44VlBtZjJHbDR0eFlHUDFDN0JjZG8KVgM+r7pLSJAnaHcyVF4TfkRCTk0EkHlu
TpZ9r+JFVToXp0QXXMoQeGHo8LhKhrztiK2YvQ2czXY6QO4MpqwfOQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-19T08:42:29Z"
- mac: ENC[AES256_GCM,data:D4UaDnI6zkvd+6xEiGkUZqy+oTc7FdiaSe1Vk/M4cwH1wYrMiVLIkwemHGzTLsJnFn21hSSK5QZDoYfsOn/VLSxJf3dpL2/ZUJ+yfXjIXUdvnXkQJShcBz841oyRMyVY/lARM1sslb0/17/90rCaNZaslxWKImYPgjSh8ReF2YE=,iv:ptCmkRASHJRp9W2E3aH3Bh7HJD1mssOvCOCaBFv0I1Q=,tag:BtuQoVcSqCL1nx6EJ50HgA==,type:str]
+ lastmodified: "2025-07-20T10:30:50Z"
+ mac: ENC[AES256_GCM,data:AemJ9Z/kZH3ekTaLRMUL+LUONqOCvDaNneqceXToudky3x1tc900IA2yOTqnYs7tAhK52fEnFAcyIGamm9Vzn50dHvpUzzA/p3DSP4JDtrQ6IQ/qwtrNqy8lkuQZN8SEUsJfgAbQzhCPsfx9S02aIMQMukb6iHJu+BLJzJl7wqM=,iv:Gf/6JVcRjYIu2r/FekAG0ntfwGJXFdsqoNSUwRzOpzU=,tag:luI/ZZsYpukXNxru0/A9eQ==,type:str]
pgp:
- created_at: "2025-07-15T09:13:43Z"
enc: |-