machines/lollo/syncthing: add restic-backups

commit 3a79e491404dbdf4ea3f9471ba95ad2a02184d01
parent 4f24c228b2011f10caa722d5d5072e57b6cd5161
Author: Leah (ctucx) <git@ctu.cx>
Date: Mon, 27 Mar 2023 15:19:02 +0200

machines/lollo/syncthing: add restic-backups

15 files changed, 178 insertions(+), 6 deletions(-)

machines/lollo/configuration.nix

++--

machines/lollo/syncthing.nix

++++++++++++++++++++++++++++++++++++++++++++++

secrets/lollo/restic/syncthing-audiobooks-orig.age

+++++++++++

secrets/lollo/restic/syncthing-audiobooks.age

++++++++++

secrets/lollo/restic/syncthing-bahn-richtlinien.age

+++++++++++

secrets/lollo/restic/syncthing-blechelse.age

secrets/lollo/restic/syncthing-cutieshare.age

+++++++++++

secrets/lollo/restic/syncthing-documents.age

++++++++++

secrets/lollo/restic/syncthing-media.age

+++++++++++

secrets/lollo/restic/syncthing-music-orig.age

+++++++++++

secrets/lollo/restic/syncthing-music.age

++++++++++

secrets/lollo/restic/syncthing-pictures.age

++++++++++

secrets/lollo/restic/syncthing-wiki.age

+++++++++++

secrets/lollo/restic/syncthing-windoofs.age

++++++++++

secrets/secrets.nix

++++++++++++++----

diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix
@@ -20,13 +20,13 @@
 
     ../../configurations/linux/services/prometheus-exporters.nix
     ../../configurations/linux/services/restic-server.nix
-    ../../configurations/linux/services/syncthing-nginx.nix
+
+    ./syncthing.nix
 
     ./smarthome
     ./websites
   ];
 
-
   networking.usePBBUplink = true;
 
   dns.zones."ctu.cx".subdomains."${config.networking.hostName}"      = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host "195.39.246.42" "2a0f:4ac0:acab::42");

diff --git a/machines/lollo/syncthing.nix b/machines/lollo/syncthing.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ...}:
+
+let
+  backups = {
+    audiobooks       = "/nix/persist/home/leah/syncthing/Audiobooks";
+    documents        = "/nix/persist/home/leah/syncthing/Documents";
+    music-orig       = "/nix/persist/home/leah/syncthing/Music (Originals)";
+    music            = "/nix/persist/home/leah/syncthing/Music";
+    pictures         = "/nix/persist/home/leah/syncthing/Pictures";
+    media            = "/nix/persist/home/leah/syncthing/Media (legacy)";
+
+    bahn-richtlinien = "/nix/persist/home/leah/syncthing/Bahn-Richtlinien";
+    blechelse        = "/nix/persist/home/leah/syncthing/Bahn-Blechelse";
+    cutieshare       = "/nix/persist/home/leah/syncthing/Cutieshare";
+    wiki             = "/nix/persist/home/leah/syncthing/Wiki";
+  };
+
+in {
+
+  imports = [
+    ../../configurations/linux/services/syncthing-nginx.nix
+  ];
+
+  age.secrets = lib.mapAttrs' (
+    name: path: lib.nameValuePair "restic-syncthing-${name}" {
+      file = ../../secrets/lollo/restic + "/syncthing-${name}.age";
+    }
+  ) backups;
+
+  systemd.services = lib.mapAttrs' (
+    name: path: lib.nameValuePair "restic-backup-syncthing-${name}" {
+      serviceConfig.ProtectHome = lib.mkForce false;
+    }
+  ) backups;
+
+
+  restic-backups = lib.mapAttrs' (
+    name: path: lib.nameValuePair "syncthing-${name}" {
+      user         = "leah";
+      passwordFile = config.age.secrets."restic-syncthing-${name}".path;
+      paths        = [ path ];
+      targets      = [ "wanderduene.ctu.cx" ];
+    }
+  ) backups;
+
+}

diff --git a/secrets/lollo/restic/syncthing-audiobooks-orig.age b/secrets/lollo/restic/syncthing-audiobooks-orig.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 xnww3SeoLPqCbn8sMOuIgtO4sJLXFvL0miHMEqgnoEI
+2S6wq36R5vMhk+o4HQwaSjnPPECnJaxKShy6tcJoM1w
+-> ssh-ed25519 1rccKw pbHZOeIMiXDNryyxiadrfZuIpqwUEvsNJI/X0HUwujo
+eZ3D3IH8bForMLOs1d/ITCnRYKnAuCwp6JyOst/ftmc
+-> ,-grease oR3 wYPl 6
+agDF9dbr7dQCoZkm07ju0v/TFT21eHjQJy0yAXUlNMpCBbwXOvNgRWl8
+--- TGZ6Vx2SADIq2EXagOAi1RPUha2dOEv4ciBGK4ngCvI
+�/w�}҇��K9A�'�y��E?C�!�!h!���
+��H�U#�1!��B+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-audiobooks.age b/secrets/lollo/restic/syncthing-audiobooks.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 1PdSAHfYA6KiEstW4YtwIh26lKyJJSs0GQjLJfCP+So
+EWMhecU9rnnbtpcenu4igne5xHhTiCGg7m+htm1EGnI
+-> ssh-ed25519 1rccKw lTkD+UIalqAE02qI6mwon0CTRmFG+OjkLzb5AwkeABE
+C8bL3fB0ktfPqBpwueTRFf4aMUp9reh5+Y7MQ0B6jfY
+-> "7<-grease {sz
+mvuMtEMYCYiEjBaPCEInojv8clKTmETTpd/ViqsaSIaq5lHUdBbc
+--- M/anubxFBL84YtP6fMJYpOn+jzZa3CG3b2ebBPs7VBo
+u��O�s��-C���fL��pB�m����RcՓ ������� �?Dh+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-bahn-richtlinien.age b/secrets/lollo/restic/syncthing-bahn-richtlinien.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 BnnpmAqjDWOn7bquPO4wjuA8TvPXXyWUBf1Ui8ANcmk
+G17kJOGHUG96QvNxGBG8TU0GD3KFMQhtk/yzvBQ4vrw
+-> ssh-ed25519 1rccKw QeTRq3p4pwCa7MCAcYl3pbIMIZo5ZlmLzd2xH5g6M2Q
+fhwsy647yV0uxyi42uQbZOvCIOWgRHjSH6aK79vJEX0
+-> l;?W-grease "@;>c
+ptYKjVCVSL5Vq6ZwCdkddWDetIacP186NIh+mx1jomvAr28shqPRYT/OMwQFHT7l
+oHHv9uFnzKkgLmn6Hii0ovFQ3ARuvpMbidLwiIaK+mxpG0H7zws
+--- SM1U2Yr3GAHFSwX8R7Dn1X6G7myyhAsaVQlm6Jb1eZg
+߮�W��K��U!�e�r�^�cPa輽����s;�<�z�T�r46��D+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-blechelse.age b/secrets/lollo/restic/syncthing-blechelse.age  Binary files differ.

diff --git a/secrets/lollo/restic/syncthing-cutieshare.age b/secrets/lollo/restic/syncthing-cutieshare.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 oSr1DOR/ZJi/Hx4ur5ds3twLKxXmABXoY3F71v3iAnY
+4dMPy92spjy4LXNHygxGQm0Ef3vdR0oO15qg43JRs0A
+-> ssh-ed25519 1rccKw 0nmq9yFtIxdEtk6RPKzyMoeyUkXvy87MtgAda1r0MxU
+xFMIwwGD4SCA1j1FHqbbM3znD5nGCzOmycmkY9ydAzQ
+-> y-grease +~-C=f
+ZUaldxO28E8Nq5mijXx5FdgnhQ
+--- UCVMrlOpiH21V+9pPNJV4ksSjA9D9cgY30nvfCB1uvY
+�e~@��.7���5��l��^�U�wD��"��
+7
Y\|"�ej���+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-documents.age b/secrets/lollo/restic/syncthing-documents.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 8lj6CualU2XbcH5NCdVkeGZjzZ5uUfkSiPz5HZQ/ul8
++ukAlFDCSDtgOtrXhriDK9TCcn+SRMbTODpvOAJeCkQ
+-> ssh-ed25519 1rccKw ctJ9jZuxDo9lb27qN75PDEO/duPgs0fxrJWXH91ErlY
+nV+ItX2vI/joAdFzaWfrZRbeXhXybkyJNoeHuA314rk
+-> ^dM.nE-grease
+tfiTW6I+cM1WEr2OoT0kfIM3
+--- h51/a/uvHToslKR6uRlZ+7eWltjdGcGUj9FTAMWCObk
+�:r59ݡ�P�g��r���,����h�^�Y�-�j��d�*C�����)�+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-media.age b/secrets/lollo/restic/syncthing-media.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 vc46yrnl+0UlN3UooIHjsUlY5JwIgC2InFa6FOfwWhE
+pIxfhUXjXwcqZ8eHYHisNaPEUC2NQZ02g1Dc0XGlX7c
+-> ssh-ed25519 1rccKw j74hMRg825negcBTGRRZCiYGHB4tmWD8RM1eJ1b3fmY
+MXSmBX2inMA3tTca6Zs/PEANSu5BpwprLPZpYX5GhKU
+-> "q;z[Q)%-grease |f~ nYajWu TSWw9q EJ(T-''
+EJ1ATREOW6kS8pX1fOkNkH3urx7uJ8g22PRHZeSpjtriWuxX3FKxYytYXGnl9SHW
+aaZlTY1IfCtQFJsTlLWVqeHukYQXCToFr0yazeTIVCZBON2pn/nLjVLT4Q
+--- cXhX8OJNIOpEYoBQssdzjwEIzaWAfHc+hO2FhHOwoPY
+�e�X��5_(�$��eᨶ,�!�,lt���&�ۉ/��h|�t�B;+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-music-orig.age b/secrets/lollo/restic/syncthing-music-orig.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 AP7Ir2Zr4g1WYuiOoTqDBsUw0feppAtqZog2dFWXc0E
+YJ575tNEQ4cfixwSXB1GIX2bvsLbQVHp4bRG1V9Kx0Y
+-> ssh-ed25519 1rccKw K3Ay1dLUJRvHA3qvpqfWBIzZGGvj7eSDcAfXyBTnSDg
+8biJhRJor4ooZUXV2O2c2qzn1cyjW6mOCyKUdPVuZ/g
+-> EX~i^-grease MP
+ASejJI4
+--- 3LG2fvX1jdpoxV+47JzROZV2K+Uky9LOTzo5y8aNBnM
+����*�ZeT��0Ev��`>�
+(|Jl����-�4:ܑ�+��V:�+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-music.age b/secrets/lollo/restic/syncthing-music.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 MyF0hGfioRfIYnqC24NTAv2kADil36Fg6GGt7PXwgX0
+Zh1nvuMC5cH65+HImzyoYLhwWv0bhhZbYNi3p+BgrqM
+-> ssh-ed25519 1rccKw 3fLM5fpGYcwRHyXnVesTxqgNjkcIRhJBI7b35X5mbXA
+90wuhoviHi5hjlcw2477Ftn+vsb2RRMgSZknRYZRmCM
+-> d0YBDHL-grease 4dX 'GVF bc2\kF
+kTCpBQ
+--- G2LPXU4/uMKMDfBryuNTS1yoJIPdVC2tjtPbiwHICHM
+ds0A�.~c�α3�B���ł����W�H\g���f�6А%�(�+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-pictures.age b/secrets/lollo/restic/syncthing-pictures.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 weyIJXonxU5fxihUzbiD+F9M3a70RQbqtT+hpIbowl8
+gT3qHkdKaEErZZWxYYunRwJbUoVWSJ9lonIicLjtW4s
+-> ssh-ed25519 1rccKw yyijEHWcpZuxVDnA5lnFtsSesgpKiepO+n6CL/FNf1I
+ivkz5S04qsKyY9hqalYJctprHOTHvURIu/LgERxz4h0
+-> q-grease 1
+YAD0M+E9lP0FEvF6udM9L9lbv+DNDN5Jxn1mpXORliAh3WT2
+--- PhYc07QYhcIo7717SwSnIkvXvM+FjPNv6qL5g7m9sLs
+>�o�ձK-�&ʄ���n�|jMv�>'7�Q���x��%���p��{���+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-wiki.age b/secrets/lollo/restic/syncthing-wiki.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 W1StUK1NqNugpWn1zGPDQCPJuNqYkcFV0D8Ol9B7RCU
+VDD5eTxT5AFj/PBlpgdJCA8DKyXBvN5Nk0JCHJkjW/o
+-> ssh-ed25519 1rccKw 7U9Zi1EOCDhTjH2VCYu7KeKmyNWvoiHVjgjD5azptUM
+cG+ZeAEuIQZrxAgPWPcZj+cy3X9R8kKmoYnrZBcUlZM
+-> <-grease s_MwFD x#`4o ![Pu 65]mr
+9QBkV/vCHOaMg8iiI29oFZNj4Z8MjIV+S52bsAb1RsScU1JqLiM8oPR5+/wOz0ri
+Vy7A2CevkrEqBfTXLW1b1LXHXQ
+--- 13LX0nsM68X6JTm7bq7L+jkGqcl/57TQz55RkqPvhOE
+��cդ��h0��b�9)_3�~�w�U�����@s���G?���2p+
\ No newline at end of file

diff --git a/secrets/lollo/restic/syncthing-windoofs.age b/secrets/lollo/restic/syncthing-windoofs.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 Ms4XZcaJoIUmd3kt/JYDtmuMPVhMEOK7W/f2zuAkN3A
+Tsfod/bAgtbscugT1Ezp7DLVPuq/BlY2vw/18TmaxNg
+-> ssh-ed25519 1rccKw yamKSKQNh91p/Jni1QLR5CbHiwybJXIax+mDtKgF5ik
+4t6rOUkaDUvENtKrvY7Fb0NRONffT42r7JGJx9iVU7E
+-> wJ[dC-grease
+yDF5GlN3XQ
+--- 6u6fY/7Be/f7yDhIk3rOh4aF1mjX/gAJU3F1MunPvxc
+��v7O8��v���|C7���݂����y}E	L�>�i��O�,~�P�R+
\ No newline at end of file

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -49,13 +49,23 @@ in {
   "lollo/restic/radicale.age".publicKeys                      = [ leah lollo ];
   "lollo/restic/influxdb.age".publicKeys                      = [ leah lollo ];
 
-  "lollo-old/syncthing/key.age".publicKeys                    = [ leah lollo-old ];
-  "lollo-old/syncthing/cert.age".publicKeys                   = [ leah lollo-old ];
-
-
+  "lollo/restic/syncthing-audiobooks-orig.age".publicKeys     = [ leah lollo ];
+  "lollo/restic/syncthing-audiobooks.age".publicKeys          = [ leah lollo ];
+  "lollo/restic/syncthing-documents.age".publicKeys           = [ leah lollo ];
+  "lollo/restic/syncthing-music-orig.age".publicKeys          = [ leah lollo ];
+  "lollo/restic/syncthing-music.age".publicKeys               = [ leah lollo ];
+  "lollo/restic/syncthing-pictures.age".publicKeys            = [ leah lollo ];
+  "lollo/restic/syncthing-media.age".publicKeys               = [ leah lollo ];
+  "lollo/restic/syncthing-windoofs.age".publicKeys            = [ leah lollo ];
 
+  "lollo/restic/syncthing-bahn-richtlinien.age".publicKeys    = [ leah lollo ];
+  "lollo/restic/syncthing-blechelse.age".publicKeys           = [ leah lollo ];
+  "lollo/restic/syncthing-cutieshare.age".publicKeys          = [ leah lollo ];
+  "lollo/restic/syncthing-wiki.age".publicKeys                = [ leah lollo ];
 
 
+  "lollo-old/syncthing/key.age".publicKeys                    = [ leah lollo-old ];
+  "lollo-old/syncthing/cert.age".publicKeys                   = [ leah lollo-old ];
 
 
   "hector/restic-server-htpasswd.age".publicKeys              = [ leah hector ];