kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat: restic

Browse Source
This commit is contained in:
Kierán Meinhardt
2022-01-18 21:29:30 +01:00
parent 9a2205121b
commit 1b7e0f903d
4 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
systems/zaatar/backup.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, ... }:
let
resticPort = 3571;
niveumLib = import <niveum/lib>;
inherit (niveumLib) retiolumAddresses;
firewall = niveumLib.firewall lib;
in
{
services.restic.server = {
enable = true;
appendOnly = true;
dataDir = "/backup/restic";
prometheus = true;
extraFlags = [ "--no-auth" "--prometheus-no-auth" ]; # auth is done via firewall
listenAddress = ":${toString resticPort}";
};
networking.firewall =
let
dport = resticPort;
protocol = "tcp";
rules = [
(firewall.accept { inherit dport protocol; source = retiolumAddresses.kabsa.ipv4; })
(firewall.accept { inherit dport protocol; source = retiolumAddresses.manakish.ipv4; })
(firewall.accept { inherit dport protocol; source = retiolumAddresses.makanek.ipv4; })
];
in {
extraCommands = firewall.addRules rules;
extraStopCommands = firewall.removeRules rules;
};
}