nmcdaniel/tty.garden
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement basic backups with restic

Browse Source
This commit is contained in:
Nicholas McDaniel
2026-01-24 01:13:32 -05:00
parent 7842126a66
commit 5ba7e22e8a
3 changed files with 52 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
configuration.nix
View File

@@ -14,6 +14,7 @@
./modules/nginx.nix ./modules/nginx.nix
./modules/gitea.nix ./modules/gitea.nix
./modules/pds.nix ./modules/pds.nix
./modules/restic.nix
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
@@ -43,6 +44,7 @@
users.users.admin = { users.users.admin = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEyvP3QsMUk8k+h/gjmHUZvic/lKVfQDNISIhwiJ4OArcvo8Y1c9Hg+wagVkSw3xA+ggBQw/E7VYoMvx/JtcAQsAAAAEc3NoOg== ssh:" "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEyvP3QsMUk8k+h/gjmHUZvic/lKVfQDNISIhwiJ4OArcvo8Y1c9Hg+wagVkSw3xA+ggBQw/E7VYoMvx/JtcAQsAAAAEc3NoOg== ssh:"
]; ];
@@ -59,11 +61,14 @@
# Global packages # Global packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
zsh
fish
neovim neovim
nano nano
git git
]; ];
programs.zsh.enable = true;
programs.bash.completion.enable = true; programs.bash.completion.enable = true;
security.sudo = { security.sudo = {

2
modules/gitea.nix
View File

@@ -3,6 +3,8 @@
services.gitea = { services.gitea = {
enable = true; enable = true;
dump.enable = true;
settings = { settings = {
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
server = { server = {

45
modules/restic.nix Normal file
View File

@@ -0,0 +1,45 @@
{pkgs, config, ...}:
{
systemd.tmpfiles.rules = [
"d /backup - root backup-sync -"
];
services.restic.backups = {
garden = {
initialize = true;
paths = [
"/var/www" # Webserver data
"/var/lib/pds" # ATProto PDS
"/home" # User data
"${config.services.gitea.stateDir}/dump" # Gitea repository
];
pruneOpts = [
"--keep-daily 14"
];
# Stop bluesky-pds during backup to ensure usable database files.
backupPrepareCommand = "systemctl stop bluesky-pds";
backupCleanupCommand =
''
systemctl start bluesky-pds
chgrp -R backup-sync /backup
chmod -R g+rX /backup
'';
repository = "/backup";
passwordFile = "/root/restic_pass";
};
};
# User used for fetching the backup repository
users.groups.backup-sync = {};
users.users.backup-sync = {
isSystemUser = true;
group = "backup-sync";
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCzn4bk+onpJHltUmc/Axqux1l+gdZ1iXuC4ra2FTs1"
];
};
}