refactor

2026-03-23 07:17:32 +00:00
parent 9598d68a84
commit 0a79986914
26 changed files with 134 additions and 114 deletions
--- a/modules/hosts/_parts/michael/backups.nix
+++ b/modules/hosts/_parts/michael/backups.nix
@@ -0,0 +1,58 @@
+{
+	config,
+	lib,
+	pkgs,
+	...
+}: {
+	services.restic.backups.gitea = {
+		repository = "s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories";
+		paths = ["/var/lib/gitea"];
+		exclude = [
+			"/var/lib/gitea/log"
+			"/var/lib/gitea/data/gitea.db"
+			"/var/lib/gitea/data/gitea.db-shm"
+			"/var/lib/gitea/data/gitea.db-wal"
+		];
+		passwordFile = config.sops.secrets.michael-gitea-restic-password.path;
+		environmentFile = config.sops.secrets.michael-gitea-restic-env.path;
+		pruneOpts = [
+			"--keep-daily 7"
+			"--keep-weekly 4"
+			"--keep-monthly 6"
+		];
+		timerConfig = {
+			OnCalendar = "daily";
+			Persistent = true;
+			RandomizedDelaySec = "1h";
+		};
+	};
+
+	systemd.services.restic-backups-gitea = {
+		wants = ["restic-init-gitea.service"];
+		after = ["restic-init-gitea.service"];
+		serviceConfig = {
+			User = lib.mkForce "gitea";
+			Group = lib.mkForce "gitea";
+		};
+	};
+
+	systemd.services.restic-init-gitea = {
+		description = "Initialize Restic repository for Gitea backups";
+		wantedBy = ["multi-user.target"];
+		after = ["network-online.target"];
+		wants = ["network-online.target"];
+		path = [pkgs.restic];
+		serviceConfig = {
+			Type = "oneshot";
+			User = "gitea";
+			Group = "gitea";
+			RemainAfterExit = true;
+			EnvironmentFile = config.sops.secrets.michael-gitea-restic-env.path;
+		};
+		script = ''
+			export RESTIC_PASSWORD=$(cat ${config.sops.secrets.michael-gitea-restic-password.path})
+			restic -r s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories snapshots &>/dev/null || \
+				restic -r s3:s3.eu-central-003.backblazeb2.com/michael-gitea-repositories init
+		'';
+	};
+}