From c2e97bb7f0c639d89eb55e74c57cd8079e440ef1 Mon Sep 17 00:00:00 2001 From: thiloho <123883702+thiloho@users.noreply.github.com> Date: Fri, 22 Dec 2023 09:57:07 +0100 Subject: [PATCH] Add restic backups for other services --- flake.lock | 18 ++--- nixos-configurations/server/default.nix | 70 +++++++++++++++++- nixos-configurations/shared-desktop.nix | 1 + .../restic/discord-bot-environment-file.age | Bin 0 -> 564 bytes secrets/restic/discord-bot-password.age | 10 +++ secrets/restic/discord-bot-repository.age | 10 +++ secrets/restic/hedgedoc-environment-file.age | Bin 0 -> 559 bytes secrets/restic/hedgedoc-password.age | 9 +++ secrets/restic/hedgedoc-repository.age | 10 +++ secrets/restic/minecraft-password.age | 10 +++ secrets/restic/password.age | 9 --- secrets/restic/todos-environment-file.age | 9 +++ secrets/restic/todos-password.age | Bin 0 -> 503 bytes secrets/restic/todos-repository.age | 11 +++ secrets/secrets.nix | 11 ++- 15 files changed, 157 insertions(+), 21 deletions(-) create mode 100644 secrets/restic/discord-bot-environment-file.age create mode 100644 secrets/restic/discord-bot-password.age create mode 100644 secrets/restic/discord-bot-repository.age create mode 100644 secrets/restic/hedgedoc-environment-file.age create mode 100644 secrets/restic/hedgedoc-password.age create mode 100644 secrets/restic/hedgedoc-repository.age create mode 100644 secrets/restic/minecraft-password.age delete mode 100644 secrets/restic/password.age create mode 100644 secrets/restic/todos-environment-file.age create mode 100644 secrets/restic/todos-password.age create mode 100644 secrets/restic/todos-repository.age diff --git a/flake.lock b/flake.lock index 8c4784c..7b81806 100644 --- a/flake.lock +++ b/flake.lock @@ -112,11 +112,11 @@ ] }, "locked": { - "lastModified": 1702538064, - "narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=", + "lastModified": 1702937117, + "narHash": "sha256-4GjkL2D01bDg00UZN/SeGrnBZrDVOFeZTbQx6U702Vc=", "owner": "nix-community", "repo": "home-manager", - "rev": "0e2e443ff24f9d75925e91b89d1da44b863734af", + "rev": "e8aaced73ebaf6bfa8e3c6ab0a19cb184bc4d798", "type": "github" }, "original": { @@ -143,11 +143,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "lastModified": 1702830618, + "narHash": "sha256-lvhwIvRwhOLgzbRuYkqHy4M5cQHYs4ktL6/hyuBS6II=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "91a00709aebb3602f172a0bf47ba1ef013e34835", "type": "github" }, "original": { @@ -176,11 +176,11 @@ ] }, "locked": { - "lastModified": 1701538969, - "narHash": "sha256-lew3ve6tYpfZa7tcJBreDstP8tT9DbjFp4XxGZt84Ac=", + "lastModified": 1703227072, + "narHash": "sha256-ysgm3+lAePFCHuklFqNEL6RkmHNV+/ARMUM049vcCzk=", "owner": "thiloho", "repo": "todos", - "rev": "84ccb21a2f1f3690368b62a870755d56a53a782c", + "rev": "2071a45f11c55853cb88bd46211cee28a60cac2a", "type": "github" }, "original": { diff --git a/nixos-configurations/server/default.nix b/nixos-configurations/server/default.nix index f92ab1c..812b2a1 100644 --- a/nixos-configurations/server/default.nix +++ b/nixos-configurations/server/default.nix @@ -15,7 +15,16 @@ todos-environment-file.file = ../../secrets/todos-environment-file.age; "restic/minecraft-environment-file".file = ../../secrets/restic/minecraft-environment-file.age; "restic/minecraft-repository".file = ../../secrets/restic/minecraft-repository.age; - "restic/password".file = ../../secrets/restic/password.age; + "restic/minecraft-password".file = ../../secrets/restic/minecraft-password.age; + "restic/hedgedoc-environment-file".file = ../../secrets/restic/hedgedoc-environment-file.age; + "restic/hedgedoc-repository".file = ../../secrets/restic/hedgedoc-repository.age; + "restic/hedgedoc-password".file = ../../secrets/restic/hedgedoc-password.age; + "restic/todos-environment-file".file = ../../secrets/restic/todos-environment-file.age; + "restic/todos-repository".file = ../../secrets/restic/todos-repository.age; + "restic/todos-password".file = ../../secrets/restic/todos-password.age; + "restic/discord-bot-environment-file".file = ../../secrets/restic/discord-bot-environment-file.age; + "restic/discord-bot-repository".file = ../../secrets/restic/discord-bot-repository.age; + "restic/discord-bot-password".file = ../../secrets/restic/discord-bot-password.age; }; environment.systemPackages = with pkgs; [ @@ -146,12 +155,69 @@ environmentFile = config.age.secrets."restic/minecraft-environment-file".path; repositoryFile = config.age.secrets."restic/minecraft-repository".path; - passwordFile = config.age.secrets."restic/password".path; + passwordFile = config.age.secrets."restic/minecraft-password".path; paths = [ "/var/lib/minecraft/world" ]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + }; + hedgedoc-database-backup = { + initialize = true; + + environmentFile = config.age.secrets."restic/hedgedoc-environment-file".path; + repositoryFile = config.age.secrets."restic/hedgedoc-repository".path; + passwordFile = config.age.secrets."restic/hedgedoc-password".path; + + paths = [ "/var/lib/hedgedoc/uploads" "/var/lib/hedgedoc/hedgedoc.dump" ]; + + backupPrepareCommand = '' + ${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc hedgedoc > /var/lib/hedgedoc/hedgedoc.dump + ''; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + }; + todos-database-backup = { + initialize = true; + + environmentFile = config.age.secrets."restic/todos-environment-file".path; + repositoryFile = config.age.secrets."restic/todos-repository".path; + passwordFile = config.age.secrets."restic/todos-password".path; + + paths = [ "/var/lib/todos.dump" ]; + + backupPrepareCommand = '' + ${config.services.postgresql.package}/bin/pg_dump -U todos -Fc > /var/lib/todos.dump + ''; + + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + ]; + }; + discord-bot-database-backup = { + initialize = true; + + environmentFile = config.age.secrets."restic/discord-bot-environment-file".path; + repositoryFile = config.age.secrets."restic/discord-bot-repository".path; + passwordFile = config.age.secrets."restic/discord-bot-password".path; + + paths = [ "/var/lib/dcbot.dump" ]; + + backupPrepareCommand = '' + ${config.services.postgresql.package}/bin/pg_dump -U dcbot -Fc > /var/lib/dcbot.dump + ''; + pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" diff --git a/nixos-configurations/shared-desktop.nix b/nixos-configurations/shared-desktop.nix index 89aea6a..7daff76 100644 --- a/nixos-configurations/shared-desktop.nix +++ b/nixos-configurations/shared-desktop.nix @@ -46,6 +46,7 @@ }; vscode = { enable = true; + package = pkgs.vscodium; extensions = with pkgs.vscode-extensions; [ svelte.svelte-vscode jnoortheen.nix-ide diff --git a/secrets/restic/discord-bot-environment-file.age b/secrets/restic/discord-bot-environment-file.age new file mode 100644 index 0000000000000000000000000000000000000000..664271e3489230d53402172c8bc3cbbe80b1e48c GIT binary patch literal 564 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7FAqz1aa8aMaLFij z&(HQZ$TRYFNij6bbapN*bIJ?yGR$)-&-2d-@T>|m3ODx;O6M|5b2Lm&%=GaH%nVI+ zbu~7~v`lm@4=5>j@%Jlq^bSfi@~(6)u5k3K%0{;>B`C)rI8ec}GNr`HslYv>z$eHn z*wWj~$2h{z$2=`Ew=}Rc-NPu;Gc#Sg*ef)w+=445Jl7~Rz~9NEpe#JoG0D}@NxvX0 zBd5a8F(kvxH>4~uJs`q6t=Pvs$q{5*ut$!KRh&VxZhBE_VsWZMkb+A>U|E5cn?hZn zgO84CI+s^vXjn;xhecR^QJPtyzKedTd%0PLvqxTefU}WlxAG*)zP`(3^5#?ITdf+5C_C7&G7DDKujD4i4a zl}Tj9lE!HwOSp=z=w6#X;YqowM7kE&uN;Q1n@KPKmKrbx-f(%j=jCe&)49Cr->s?* qPB|Ub`}{Q2?z_$xlgyL{uRG;rPE}sKo_*JHA?xZNPd6$RRRaL{3dzI( literal 0 HcmV?d00001 diff --git a/secrets/restic/discord-bot-password.age b/secrets/restic/discord-bot-password.age new file mode 100644 index 0000000..65231fb --- /dev/null +++ b/secrets/restic/discord-bot-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 owVgDA ch9l8hAmzPcDLcDqgHx7CvEHya5Cc+W6WPG5NFWVWAg +T+Mb5yxPCSo32EKbpxj/Ll8reLe4sosTd9ENjYV3B0c +-> ssh-ed25519 dRl0SQ lPdA7HcBt03GR/EYXs+9N2gPMwEksgQKCSEJHiUYnAU +QXruj7Ao1Tap/ai5JYOmxBjIYvocmMYVX2GuCyxSqdI +-> SN)(9z-grease CF C B!|*qlm +GobRjNqLfEwntbsGa3MpYqYFqkh80ZmtmXVesUKTjAaykeon9mGkW6cI3weL91Dp +Jyk5IF10fScpCERAqgUCMPkQ56oFtGESwnZUILqeKIk0QWAZMJWtkBse+AqizX8 +--- LTF3BpAb4BipCsqr+igNNnu3Guc1JBIgczy5+0S8W4Q +][YWF#pFYh@Ґ|򈪮];V]qew \ No newline at end of file diff --git a/secrets/restic/discord-bot-repository.age b/secrets/restic/discord-bot-repository.age new file mode 100644 index 0000000..adc1f51 --- /dev/null +++ b/secrets/restic/discord-bot-repository.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 owVgDA lQ3x2Yje/1js+SYkhWvkDtglDMOJySt8FyW+FfQY4Es +DfJ3VW7sIx9W7PaLxWod+GSMvYL2763QtI9EJ1Kxt90 +-> ssh-ed25519 dRl0SQ iTLFTejTbILB/obvLiQB9vAVYBzqTAWaQFtU1iSFwAc +/d5xXO4FH57DZQ1bpOom6aX5uujD1SUIpXC9W5u/EKo +-> aHYOr}px-grease z x +ElchruvBqkjNuIDKNjIniZulfDwSc/0zvZDpmIUCjVk2jj2z/Cty0A6yRhDMpr7s +/S5arjCA2zk +--- V3FO3trpSDAmwYqDqiS50rzGT6WlOvb5irsfkTSabdY +Gfqi \v~'nr4!<9fYŽ 8-e b9?xi \ No newline at end of file diff --git a/secrets/restic/hedgedoc-environment-file.age b/secrets/restic/hedgedoc-environment-file.age new file mode 100644 index 0000000000000000000000000000000000000000..a1007b6eca53ba528a3a780114f5864d40e65943 GIT binary patch literal 559 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7FAqz1aa1r4igfh0 zj0%dha0zvB2}mtS5A;sY$TH7LaZU6rN=q!OEGUW0ED0~FOy|liO3qJn%P=rY^-K$L z^(*ssH#7@25A<*`iE{A^(~rTJF!_lD3z$rH% z(Ihg>F{d)sJ=wIN%2V4Z$Skr>Sv(cY%Jc zf4NV%c`}#l430C|>DF5}=|yeeTXxj8#$Ig7rMDX*KhHCNmG$wuZ<5obsjFK!c$AN1 zxZjI;JJ)YR-Tz4T1(Bi0C9=*gKXtV6pvUbMa?v;Wr|SNyX`-#%}(T9Dz@CSURC lOS6rPesgIsd~?<|TcTPpP1!rjJFb1k%_EQ6i?Vp$0sxco#(w|+ literal 0 HcmV?d00001 diff --git a/secrets/restic/hedgedoc-password.age b/secrets/restic/hedgedoc-password.age new file mode 100644 index 0000000..2195371 --- /dev/null +++ b/secrets/restic/hedgedoc-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 owVgDA 4ZzMfDC10jWotfzunUhNdhMg3WPGztmKK2cVQKE9H0Q +9To1L2Zev0U9beZfrc563fliqm0dsQKRaWwOqzBT7Wk +-> ssh-ed25519 dRl0SQ I0l8bUdxSGFB0gcygz0FocuHbrDTJuQuyo8zu++AJns +daSQ3vwjjYfMl9x+gn+Nzr9klIEE8x2+9Zkos7aY5sA +-> ss#ACz=}-grease Xvlm; 1 @A +ou2BEyCRjko +--- KMysJrselsTKj8YQYe3VYdn3MzPFhTnnFAfLexvohIo +:hZVɅOCEЊEѓ ssh-ed25519 owVgDA /9d1EdSTGvjj391MhHmCi34WcSd4YohJuE13f5Gqo24 +BKFoKgiorkWk/J7LsRe14FeuAh8zcVPElOY1Ifapv1Y +-> ssh-ed25519 dRl0SQ BthbYG+p4HcrqcOxpc09n/Fo5OCUKfvVzhvcA3TslCQ +vapeXaR+9hu+eZecYchKxgFy9fSEiMzzpZliMGYx55c +-> V"-grease XZ7z!A^ cxOP:.6 +z9ZbjqFMkBkGCylTNl9dt/5lshUV7kEvdMArCZH+Qc2pAULo6hctOO2sxvqeN9SG +7MlLRz/xhKB+jcxj5dD46LlneS6+dYQ49McCW1YA1l3dIlIVgi8KT0sVlw +--- Ylmc2BDrLW+jcmDs7bbeY3O9d+PjZ33Bs9gb2N7t7ww +O6ηSM`+qQW֠xkpvOc [9#et>QNl \ No newline at end of file diff --git a/secrets/restic/minecraft-password.age b/secrets/restic/minecraft-password.age new file mode 100644 index 0000000..7d81870 --- /dev/null +++ b/secrets/restic/minecraft-password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 owVgDA 7KNI9wfwXEFEERfqr3YlNi3ZxaUVI3pk4dwzRRyr2G8 +TGrNsb6pFzt3lUzCHScrZPdHvDGqvS8nZk0hZN1uU2g +-> ssh-ed25519 dRl0SQ BKqszxsI3ceZkzkNU07MKyF/lpknDgWEymAVkmHJLXA +XIVsjB6jDccNpACZtFyuUo5XpWs5A6lA3BNSbh+6Qlg +-> 31Zf-grease wB]Jb6x 3 2IrizaM N +QA2dGpOzD9vBzjNwbtYX +--- Tv3WURbEvNjLuG2NAjTk7EtpyvlXYvesK/35I7Omkq8 +Z g $N4S#X,z +'$3J \ No newline at end of file diff --git a/secrets/restic/password.age b/secrets/restic/password.age deleted file mode 100644 index bd81c53..0000000 --- a/secrets/restic/password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 owVgDA uHkIaE0OZlf5lfboMt7G1SoTQju7V2KLhavgNUmmemI -LsVhtV7olRXuoOpVlNtQ7/r9mgCk6GYUfH7USnSy8NY --> ssh-ed25519 dRl0SQ QBYcokbUHfBOYxtMQ3lxn8ovtakSq8mclBpef6mXJFk -rwB3HTsbDtzin3UpLEnMzpkBIXMBhM3eS1gA5RkyX6c --> lW-grease H]~ U`GrO @pIL!eeO -KGPJugVtnjtmhSTuModTRF8zu5+BIKA/vKns6hw ---- KIqadbISsYbNfx/tVpsPV6YrjbgbWdGjqabBzg3lBdo -'{4O-%]UQ@4y-5gh{D,ůF@p \ No newline at end of file diff --git a/secrets/restic/todos-environment-file.age b/secrets/restic/todos-environment-file.age new file mode 100644 index 0000000..6d932c2 --- /dev/null +++ b/secrets/restic/todos-environment-file.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 owVgDA e5rW7H9HgvaH+pBahXl0NVLHauyTiMJZ09Y25uE7oFU +iZf1dOAdiXMhL6X6Wz9F+Qjn1gOkOIRGkpd5FkNKmJA +-> ssh-ed25519 dRl0SQ o22AeR8iBA2BqiBoR1bBzEJ4VUK7l3li7W0/CxpfaWQ +glw7c+VY2hWOOfPaGt1dTGXOMovZ4L6FHELNLqsYpgM +-> I:-grease QNX|`\ `,>k[ z!/ajk} ~OE +IDHem1mSEg +--- K5e+NoqGSWtZ0iwNiWviniiORG0yT0qvf/xoqIxofiw +Q0C` ٭|Xydb73`x%ƺ{ "ryz,LizVZ?ZW}>]U|n if&O{ֳiΦ1p]'dے \ No newline at end of file diff --git a/secrets/restic/todos-password.age b/secrets/restic/todos-password.age new file mode 100644 index 0000000000000000000000000000000000000000..4d797f75e029f1c5631abc4bf552d095d4cbf61b GIT binary patch literal 503 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7FAqz1aa71GPO31f zGIjAYa7?yL_D#$z%}Gku&MGv`bqselOZM?Hb`Fkk)ei_wH{eQ53Jv#m%{Nc>bqP%~ z4>U>f$nY%+tu%@-*UnCj@=N!O@Xk#S%{0sN$VRs(X z(#tg1+0v}iBqAu^C^J7QFFeaX-w|Y+dYOTzl3IXndQoa(ajHUXc0_HZf}_2bPmR7p zq!m|sR-U&>p|NprNlH?=w{~J~akyEDOQD%lSZcX`WPYi$VUlZcmV2J7k56PocA2S< zN2p1fqf3@YnzKb^Vr3*(Sy`H^ez0j`riH&zKxjZvhF55Mh@qi}p{apeNvN^5qq(Pc zqLZn1sc)KvsfTk>VTws=acGsRv0I=sm#(g^LS}hlVOe&lYj}!plABpUsbOw@xu;8* zc8X_VhFgBPzh8K+W3hRJdqHwBSM}?X-6@t_UyWwBYZskN?ywK2_fJ_|_qw3CDq`{X c?CB@86usGnrlsl>xwsg7Wk}ag5cn4j034j9xc~qF literal 0 HcmV?d00001 diff --git a/secrets/restic/todos-repository.age b/secrets/restic/todos-repository.age new file mode 100644 index 0000000..ca37c40 --- /dev/null +++ b/secrets/restic/todos-repository.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 owVgDA LAiIoN6jO47UdnkN2rZiayFuYNLDzvPYTrBIcyoNego +t0O3SjuBGqWl7apz8LIdemxWIOYgJtml0uTpihbu+UY +-> ssh-ed25519 dRl0SQ YB735jB9c4KHDcoPL9AdgDWlJ01MDzioenShpCEuSHw +ePM/LJ5b3Lc6mH8sYSEgnw40cHpxcSBLTT+BRThPc8o +-> sf;0zl-grease \R8 XL!~>Q# +vqybxsDF6ttWkv27cUrFrrpToAmTvq03nDYiMEYO5OA8n8tIN5HVri7hxJOVCLwJ +5TkgdX2a+JiODe0vM8Tp3UaQIHeyuQA8FzMhowJ5gY+3vNtiJvxa/XZeQ/gsx//4 +5w +--- 48SbG3pL8jLUA3EteqZ3AC3s8gC84VHgfrxnUqCpeX8 +xt{ׂ$%zV۵UՎ-.|>ǪM5' ZX;K)ƙ2|i \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 389e848..d3793e8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,7 +6,16 @@ in "hedgedoc-environment-file.age".publicKeys = [ server pc ]; "discord-bot-token.age".publicKeys = [ server pc ]; "todos-environment-file.age".publicKeys = [ server pc ]; - "restic/password.age".publicKeys = [ server pc ]; + "restic/minecraft-password.age".publicKeys = [ server pc ]; "restic/minecraft-environment-file.age".publicKeys = [ server pc ]; "restic/minecraft-repository.age".publicKeys = [ server pc ]; + "restic/hedgedoc-password.age".publicKeys = [ server pc ]; + "restic/hedgedoc-environment-file.age".publicKeys = [ server pc ]; + "restic/hedgedoc-repository.age".publicKeys = [ server pc ]; + "restic/todos-password.age".publicKeys = [ server pc ]; + "restic/todos-environment-file.age".publicKeys = [ server pc ]; + "restic/todos-repository.age".publicKeys = [ server pc ]; + "restic/discord-bot-password.age".publicKeys = [ server pc ]; + "restic/discord-bot-environment-file.age".publicKeys = [ server pc ]; + "restic/discord-bot-repository.age".publicKeys = [ server pc ]; }