nixos/hosts/common/optional/restic-backup.nix

{
  config,
  configVars,
  ...
}: let
  passwordFile = config.sops.secrets."software/restic-passphrase".path;
  resticServerCredentials = config.sops.secrets."software/restic-server-credentials".path;
  backupServerIp = configVars.networking.addresses.backup-server.ip;
in {
  sops.secrets = {
    "software/restic-passphrase" = {};
    "software/restic-server-credentials" = {};
  };
  sops.secrets = {};
  services.restic.backups = {
    daily = {
      initialize = true;
      passwordFile = passwordFile;
      paths = [
      ];
      repository = "rest:http://${backupServerIp}:8000/";
      environmentFile = "${resticServerCredentials}";
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 5"
        "--keep-monthly 12"
      ];
    };
  };
}
add restic-backup and backup-server configs 2025-01-04 17:19:19 +00:00			`{`
			`config,`
			`configVars,`
			`...`
			`}: let`
			`passwordFile = config.sops.secrets."software/restic-passphrase".path;`
			`resticServerCredentials = config.sops.secrets."software/restic-server-credentials".path;`
			`backupServerIp = configVars.networking.addresses.backup-server.ip;`
			`in {`
			`sops.secrets = {`
			`"software/restic-passphrase" = {};`
			`"software/restic-server-credentials" = {};`
			`};`
			`sops.secrets = {};`
			`services.restic.backups = {`
			`daily = {`
			`initialize = true;`
			`passwordFile = passwordFile;`
			`paths = [`
			`];`
			`repository = "rest:http://${backupServerIp}:8000/";`
			`environmentFile = "${resticServerCredentials}";`
			`pruneOpts = [`
			`"--keep-daily 7"`
			`"--keep-weekly 5"`
			`"--keep-monthly 12"`
			`];`
			`};`
			`};`
			`}`