nixos-config/modules/restic.nix
Simon Bruder 5108a624f8
Use the same restic password for all machines
Since they use the same repository (for deduplication), everything else
doesn’t make sense.
2020-08-24 09:27:16 +02:00

67 lines
1.6 KiB
Nix

{ pkgs, config, lib, ... }:
let
excludes = [
# General
"/home/*/Downloads/"
"/home/*/.cache/"
"/home/*/**/cache/"
"/home/*/.claws-mail/imapcache"
"/home/*/.local/share/Trash"
"/home/*/.local/share/nvim/"
# Rust
"/home/*/**/target/debug/"
"/home/*/**/target/doc/"
"/home/*/**/target/release/"
"/home/*/**/target/rls/"
"/home/*/**/target/tarpaulin/"
"/home/*/**/target/wasm32-unknown-unknown/"
"/home/*/.rustup/toolchains/"
"/home/*/.cargo"
# Python
"/home/*/.local/share/pyppeteer"
"/home/*/.local/share/virtualenvs/"
"/home/*/.platformio/"
# Node
"/home/*/**/.local-chromium"
# Project related
"/home/*/Music"
"/home/*/mount"
"/home/*/projects/vapoursynth/data/"
"/home/*/projects/vapoursynth/out/"
"/home/*/projects/vapoursynth/src/"
# Docker
"/var/lib/docker/"
];
excludesFile = pkgs.writeText "exludes.txt" (builtins.concatStringsSep "\n" excludes);
maybePath = path: (lib.optional (builtins.pathExists path) (toString path));
in
{
services.restic.backups."${config.networking.hostName}-system" = {
passwordFile = toString (../secrets/restic_password);
s3CredentialsFile = toString ../secrets/s3_credentials;
repository = "s3:https://s3.eu-central-1.wasabisys.com/sbruder-restic";
paths = lib.mkDefault (
[]
++ maybePath /data
++ maybePath /home
++ maybePath /srv
++ maybePath /var
);
initialize = true;
extraBackupArgs = [
"--exclude-caches"
"--exclude-file=${excludesFile}"
];
timerConfig = {
OnCalendar = "20:00";
RandomizedDelaySec = "2h";
};
};
}