mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

restic

Browse Source
This commit is contained in:
mjallen18
2026-03-24 13:23:38 -05:00
parent 540dabcb5d
commit 35ac45f5ce
4 changed files with 296 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

106
systems/x86_64-linux/matt-nixos/services/restic/default.nix
View File

@@ -1,59 +1,59 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
restic
# restic-browser
restic-integrity
];
config,
namespace,
...
}:
{
${namespace}.services.restic = {
enable = true;
services.restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
# -------------------------------------------------------------------------
# ntfy notifications
# -------------------------------------------------------------------------
ntfy = {
enable = true;
server = "https://ntfy.mjallen.dev";
topic = "backups";
# SOPS secret keys — these must be declared in sops.nix with the correct
# sopsFile so that sops-nix knows how to decrypt them.
userSecret = "desktop/ntfy/user";
passwordSecret = "desktop/ntfy/password";
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
# -------------------------------------------------------------------------
# Excludes shared by every job on this host
# -------------------------------------------------------------------------
defaultExcludes = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
# -------------------------------------------------------------------------
# Backup jobs
# -------------------------------------------------------------------------
backups = {
jallen-nas = {
paths = [ "/home/matt" ];
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
};
proton-drive = {
paths = [ "/home/matt" ];
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
};
};
};
}

8
systems/x86_64-linux/matt-nixos/sops.nix
View File

@@ -51,6 +51,14 @@ in
sopsFile = desktopSopsFile;
mode = "0600";
};
"desktop/ntfy/user" = {
sopsFile = desktopSopsFile;
mode = "0600";
};
"desktop/ntfy/password" = {
sopsFile = desktopSopsFile;
mode = "0600";
};
# ------------------------------
# SSH keys
# ------------------------------