commit b244b08a642265d1599bea2e186f9b6e6400ac3c
parent ae0130e609864775708e9da971c304e5054a5954
Author: Leah (ctucx) <leah@ctu.cx>
Date: Thu, 3 Feb 2022 14:26:08 +0100
parent ae0130e609864775708e9da971c304e5054a5954
Author: Leah (ctucx) <leah@ctu.cx>
Date: Thu, 3 Feb 2022 14:26:08 +0100
machines/deastro: backup syncthing-shares to hector
2 files changed, 46 insertions(+), 2 deletions(-)
diff --git a/machines/desastro/configuration.nix b/machines/desastro/configuration.nix @@ -4,8 +4,11 @@ imports = [ ./hardware-configuration.nix ../../configurations/common.nix + ../../configurations/notify-failure.nix + ../../configurations/services/prometheus-node-exporter.nix ../../configurations/services/restic-server.nix + ./syncthing.nix ]; @@ -36,7 +39,8 @@ }; }; - age.secrets.wireguard-privkey.file = ../../secrets/desastro/wireguard-privkey.age; + age.secrets.wireguard-privkey.file = ../../secrets/desastro/wireguard-privkey.age; + age.secrets.restic-server-hector.file = ../../secrets/restic-server/hector.age; networking = { hostName = "desastro";
diff --git a/machines/desastro/syncthing.nix b/machines/desastro/syncthing.nix @@ -1,10 +1,50 @@ {config, lib, pkgs, ...}: -{ +let + backups = { + audiobooks-orig = "/home/leah/syncthing/Audiobooks (Originals)"; + audiobooks = "/home/leah/syncthing/Audiobooks"; + documents = "/home/leah/syncthing/Documents"; + music-orig = "/home/leah/syncthing/Music (Originals)"; + music = "/home/leah/syncthing/Music"; + pictures = "/home/leah/syncthing/Pictures"; + media = "/home/leah/syncthing/Media (legacy)"; + windoofs = "/home/leah/syncthing/Windows-Stuff"; + + bahn-richtlinien = "/home/leah/syncthing/Bahn-Richtlinien"; + cutieshare = "/home/leah/syncthing/Cutieshare"; + wiki = "/home/leah/syncthing/Wiki"; + }; + +in { + imports = [ ../../configurations/services/syncthing.nix ]; + + age.secrets = lib.mapAttrs' ( + name: path: lib.nameValuePair "restic-syncthing-${name}" { + file = ../../secrets/desastro/restic + "/syncthing-${name}.age"; + } + ) backups; + + systemd.services = lib.mapAttrs' ( + name: path: lib.nameValuePair "restic-backup-syncthing-${name}" { + serviceConfig.ProtectHome = lib.mkForce false; + } + ) backups; + + + restic-backups = lib.mapAttrs' ( + name: path: lib.nameValuePair "syncthing-${name}" { + user = "leah"; + passwordFile = config.age.secrets."restic-syncthing-${name}".path; + paths = [ path ]; + targets = [ "hector.ctu.cx" ]; + } + ) backups; + services = { syncthing = { guiAddress = "0.0.0.0:8384";