cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init backups

Browse Source
This commit is contained in:
Christoph Schmatzler
2026-01-04 19:35:04 +00:00
parent adc8ab055a
commit 9fdf837c5a
2 changed files with 74 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
hosts/michael/secrets.nix
View File

@@ -3,4 +3,18 @@
sopsFile = ../../secrets/michael-litestream; sopsFile = ../../secrets/michael-litestream;
format = "binary"; format = "binary";
}; };
sops.secrets.restic-gitea-password = {
sopsFile = ../../secrets/michael-restic-gitea-password;
format = "binary";
owner = "gitea";
group = "gitea";
};
sops.secrets.restic-gitea-env = {
sopsFile = ../../secrets/michael-restic-gitea-env;
format = "binary";
owner = "gitea";
group = "gitea";
};
} }

61
profiles/gitea.nix
View File

@@ -1,4 +1,9 @@
{lib, ...}: { {
lib,
pkgs,
config,
...
}: {
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
services.redis.servers.gitea = { services.redis.servers.gitea = {
@@ -85,4 +90,58 @@
reverse_proxy localhost:3000 reverse_proxy localhost:3000
''; '';
}; };
services.restic.backups.gitea = {
repository = "s3:s3.eu-central-003.backblazeb2.com/gitea-restic";
paths = ["/var/lib/gitea"];
exclude = [
# Database is backed up via Litestream
"/var/lib/gitea/data/gitea.db"
"/var/lib/gitea/data/gitea.db-shm"
"/var/lib/gitea/data/gitea.db-wal"
# Logs aren't needed in backups
"/var/lib/gitea/log"
];
passwordFile = "/run/secrets/restic-gitea-password";
environmentFile = "/run/secrets/restic-gitea-env";
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
systemd.services.restic-backups-gitea = {
wants = ["restic-init-gitea.service"];
after = ["restic-init-gitea.service"];
serviceConfig = {
User = lib.mkForce "gitea";
Group = lib.mkForce "gitea";
};
};
systemd.services.restic-init-gitea = {
description = "Initialize Restic repository for Gitea backups";
wantedBy = ["multi-user.target"];
after = ["network-online.target"];
wants = ["network-online.target"];
path = [pkgs.restic];
serviceConfig = {
Type = "oneshot";
User = "gitea";
Group = "gitea";
RemainAfterExit = true;
EnvironmentFile = config.sops.secrets.restic-gitea-env.path;
};
script = ''
export RESTIC_PASSWORD=$(cat ${config.sops.secrets.restic-gitea-password.path})
restic -r s3:s3.eu-central-003.backblazeb2.com/gitea-restic snapshots &>/dev/null || \
restic -r s3:s3.eu-central-003.backblazeb2.com/gitea-restic init
'';
};
} }