diff options
| author | Timo Wilken | 2024-02-16 20:27:04 +0100 |
|---|---|---|
| committer | Timo Wilken | 2024-02-16 20:27:25 +0100 |
| commit | b2e40e5e0d7b02c62764a53b8e52f2c98c5379b1 (patch) | |
| tree | 4ca5f81f96b934283318972c2f2ef85e0e35709d | |
| parent | 1d478adf702367597e51ae897b7542098bd6fa8c (diff) | |
Back up user data on new machines
| -rwxr-xr-x | regenerate-secrets.sh | 2 | ||||
| -rw-r--r-- | tw/home.scm | 12 | ||||
| -rw-r--r-- | tw/home/btl.scm | 36 | ||||
| -rw-r--r-- | tw/home/frm.scm | 22 | ||||
| -rw-r--r-- | tw/home/lap.scm | 19 | ||||
| -rw-r--r-- | tw/system/files/restic/timo-battleship.enc | 7 | ||||
| -rw-r--r-- | tw/system/files/restic/timo-framework.enc | 7 | ||||
| -rw-r--r-- | tw/system/vin.scm | 10 |
8 files changed, 99 insertions, 16 deletions
diff --git a/regenerate-secrets.sh b/regenerate-secrets.sh index f5a448b2..979163f6 100755 --- a/regenerate-secrets.sh +++ b/regenerate-secrets.sh @@ -30,7 +30,7 @@ for host in lap lud vin frm btl; do done # Restic repository passwords. -for repo in vin-grafana timo-laptop timo-phone timo-sync; do +for repo in vin-grafana timo-laptop timo-framework timo-battleship timo-phone timo-sync; do store_restic vin $repo done diff --git a/tw/home.scm b/tw/home.scm index d58c7a1d..c749bbff 100644 --- a/tw/home.scm +++ b/tw/home.scm @@ -21,6 +21,7 @@ #:use-module (tw packages games) #:use-module (tw packages mail) #:use-module (tw packages xorg) + #:use-module (tw services restic) #:use-module (tw system) #:use-module (tw theme)) @@ -640,3 +641,14 @@ show_border=1 (user "timo@twilken.net") (password-eval "pass www/mythic-beasts/email/timo | head -1")))))) (default-account "mythic"))))) + +(define-public (restic-pass-key key) + (restic-password-source (type 'pass) (name key))) + +(define-public (restic-vin.wg-repo path) + (restic-rest-repository + (username "timo") + (password (restic-pass-key "computers/vin/restic-server/timo")) + (hostname "vin.wg") + (port 8181) + (path path))) diff --git a/tw/home/btl.scm b/tw/home/btl.scm index 22053bfe..fe476ad9 100644 --- a/tw/home/btl.scm +++ b/tw/home/btl.scm @@ -107,6 +107,42 @@ (default-key "53EC3C06856883DD92355BC22FC78504681F69B0") (gui-pinentry? #t))) + (service home-restic-backup-service-type + (list (restic-scheduled-backup + (schedule #~"0 */2 * * *") + (paths '(;; important user data + "~/src" + "~/.local/share/zsh/history" + ;; secrets + "~/.local/share/ssh-keys" + "~/.local/share/gnupg" + "~/.config/cern-ca-bundle.crt" + "~/.config/grid-personal-cert.pem" + "~/.config/grid-personal-key.pem" + "~/.config/syncthing" + ;; games + "~/savegames" + "~/.config/simutrans" + "~/.local/share/0ad" + "~/.local/share/warzone2100" + "~/.local/share/widelands" + "~/.local/share/ksp-overlay/upper" + "~/.pioneer")) + (repo (restic-vin.wg-repo "timo/battleship")) + (password (restic-pass-key "computers/vin/restic-repos/timo-battleship"))) + + (restic-scheduled-backup + (schedule #~"20 */2 * * *") ; try to avoid lock contention + (paths '("~/documents" + "~/sync" + "~/audiobooks" + "~/music" + "~/pictures" + "~/videos/youtube/.yt-dlp" + "~/videos/youtube/.config")) + (repo (restic-vin.wg-repo "timo/sync")) + (password (restic-pass-key "computers/vin/restic-repos/timo-sync"))))) + (append (interactive-services) %pim-services %common-services))))) %btl-home diff --git a/tw/home/frm.scm b/tw/home/frm.scm index 56358802..03d07830 100644 --- a/tw/home/frm.scm +++ b/tw/home/frm.scm @@ -114,6 +114,28 @@ (default-key "53EC3C06856883DD92355BC22FC78504681F69B0") (gui-pinentry? #t))) + (service home-restic-backup-service-type + (list (restic-scheduled-backup + (schedule #~"0 */2 * * *") + (paths '(;; important user data + "~/src" + "~/.local/share/zsh/history" + ;; secrets + "~/.local/share/ssh-keys" + "~/.local/share/gnupg" + "~/.config/cern-ca-bundle.crt" + "~/.config/grid-personal-cert.pem" + "~/.config/grid-personal-key.pem" + "~/.config/syncthing")) + (repo (restic-vin.wg-repo "timo/framework")) + (password (restic-pass-key "computers/vin/restic-repos/timo-framework"))) + + (restic-scheduled-backup + (schedule #~"30 */2 * * *") ; try to avoid lock contention + (paths '("~/documents" "~/sync" "~/pictures")) + (repo (restic-vin.wg-repo "timo/sync")) + (password (restic-pass-key "computers/vin/restic-repos/timo-sync"))))) + (append (interactive-services) %pim-services %common-services))))) %frm-home diff --git a/tw/home/lap.scm b/tw/home/lap.scm index d271e268..1a5fb535 100644 --- a/tw/home/lap.scm +++ b/tw/home/lap.scm @@ -40,17 +40,6 @@ #:use-module (tw services restic) #:use-module (tw theme)) -(define (restic-pass-key key) - (restic-password-source (type 'pass) (name key))) - -(define (restic-vin.wg-repo path) - (restic-rest-repository - (username "timo") - (password (restic-pass-key "computers/vin/restic-server/timo")) - (hostname "vin.wg") - (port 8181) - (path path))) - (define-public %lap-home (home-environment (packages @@ -87,7 +76,6 @@ (list (restic-scheduled-backup (schedule #~"0 */2 * * *") (paths '(;; important user data - "~/documents" "~/src" "~/.local/share/zsh/history" ;; secrets @@ -111,11 +99,12 @@ (password (restic-pass-key "computers/vin/restic-repos/timo-laptop"))) (restic-scheduled-backup - (schedule #~"10 */2 * * *") - (paths '("~/audiobooks" + (schedule #~"10 */2 * * *") ; try to avoid lock contention + (paths '("~/documents" + "~/sync" + "~/audiobooks" "~/music" "~/pictures" - "~/sync" "~/videos/youtube/.yt-dlp" "~/videos/youtube/.config")) (repo (restic-vin.wg-repo "timo/sync")) diff --git a/tw/system/files/restic/timo-battleship.enc b/tw/system/files/restic/timo-battleship.enc new file mode 100644 index 00000000..1b0af3a8 --- /dev/null +++ b/tw/system/files/restic/timo-battleship.enc @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBhdEJp +UGwzaEtxY2hRa1BvUlRXNlhkUTdoWUtCd1FmS3hLc2h6akdVeVNRCk5FZ3k5RXBz +NTVrSXlqS0R2UTlFSkZOUDJITzV2cWs4VkY0THJVYi93U3cKLS0tIGxMYkp2QXRX +bzluaS9KdGYyR2dkUDd4ZUs4WUVYRWM5Z05aZE1ITmh1Q2sK4zhaVGwD9zI0TMqv +fIBZhC9Q3dSShTJ/+9SkOHyQ/q3FHEUW0QM0LjYSY+a5p9tH/Q== +-----END AGE ENCRYPTED FILE----- diff --git a/tw/system/files/restic/timo-framework.enc b/tw/system/files/restic/timo-framework.enc new file mode 100644 index 00000000..8cbadd79 --- /dev/null +++ b/tw/system/files/restic/timo-framework.enc @@ -0,0 +1,7 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9TV0hVQSBUMXhZ +TGdWZ2pIUUNoOVdtWm5FZHlyZXM1YnF5Vm9VRlc0K1hDT01Ec0Y0CjlabWN5d2RU +YSszVmcrTmd0OVJpUnQxT3hZR0c2cDVjaUQrdXpvYjNIS2MKLS0tIGZDSU5LYjhD +VHd2VTRpbEMyS1UzSkdtU242dVkyVFNES2xtU1VGWUwrKzQKLoMHOInpU39XVnx6 +5LlhryN+Yvm3r1ZMcn9vQLfq/jyFxzW/lP3AKygBSuU6l4bHRA== +-----END AGE ENCRYPTED FILE----- diff --git a/tw/system/vin.scm b/tw/system/vin.scm index d3567f91..dc5bc756 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -150,6 +150,16 @@ (user "restic") (group "restic")) (secret + (encrypted-file (local-file "files/restic/timo-framework.enc")) + (destination "/etc/restic/timo-framework") + (user "restic") + (group "restic")) + (secret + (encrypted-file (local-file "files/restic/timo-battleship.enc")) + (destination "/etc/restic/timo-battleship") + (user "restic") + (group "restic")) + (secret (encrypted-file (local-file "files/restic/timo-phone.enc")) (destination "/etc/restic/timo-phone") (user "restic") |