38 lines
1.2 KiB
Nix
38 lines
1.2 KiB
Nix
{ config, lib, ... }: {
|
|
options.snowflake.services.restic = {
|
|
enable = lib.mkEnableOption "enable restic";
|
|
|
|
name = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "name to backup under, preferably use hostname";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf config.snowflake.services.restic.enable {
|
|
# TODO: potentially use a security wrapper on the restic binay, instead of
|
|
# running it as root
|
|
services.restic.backups = {
|
|
kryo = {
|
|
user = "root";
|
|
repository =
|
|
"sftp:cc@kryo.v2.n1.codingcoffee.me:/home/cc/${config.snowflake.services.restic.name}-backup";
|
|
initialize =
|
|
true; # initializes the repo, don't set if you want manual control
|
|
timerConfig = {
|
|
# backup daily
|
|
OnCalendar = "daily";
|
|
# to take care of backup if system was turned off during designated
|
|
# backup time
|
|
Persistent = true;
|
|
};
|
|
passwordFile = "/home/cc/.dotfiles/nix/conf/restic/password";
|
|
extraBackupArgs = [
|
|
# "--dry-run"
|
|
"--exclude-file=/home/cc/.dotfiles/autorestic/.autoresticignore"
|
|
];
|
|
pruneOpts = [ "--keep-last 10" ];
|
|
paths = [ "/home/cc" ];
|
|
};
|
|
};
|
|
};
|
|
}
|