backups on vpsfree, esp foundryvtt

This commit is contained in:
Cyryl Płotnicki 2022-08-20 10:13:25 +01:00
parent 19ab12fcea
commit 62549875c4
6 changed files with 154 additions and 1 deletions

View file

@ -7,7 +7,7 @@ keys:
- &vpsfree1 age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla - &vpsfree1 age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
- &vultr1 age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla - &vultr1 age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
creation_rules: creation_rules:
- path_regex: /[^/]+\.yaml$ - path_regex: /[^/]+.*$
key_groups: key_groups:
- age: - age:
- *foureighty-source - *foureighty-source

View file

@ -0,0 +1,27 @@
{ config, pkgs, ... }: {
environment.systemPackages = with pkgs; [ restic ];
sops.secrets."restic-backups-b2-repo-password" = {
sopsFile = ./restic.sops.yaml;
};
sops.secrets."restic-backups-b2-environment" = {
sopsFile = ./restic-environment.sops;
format = "binary";
path = "/etc/nixos/secrets/b2-env";
};
services = {
restic.backups.b2 = {
passwordFile = "/run/secrets/restic-backups-b2-repo-password";
paths = [ "/var/lib/foundryvtt" ];
repository = "b2:cyplo-restic-vpsfree";
timerConfig = { OnCalendar = "hourly"; };
environmentFile = "/etc/nixos/secrets/b2-env";
};
};
systemd.services.restic-backups-b2.serviceConfig = {
Nice = 19;
IOSchedulingClass = "idle";
};
}

View file

@ -7,6 +7,7 @@
./foundryvtt.nix ./foundryvtt.nix
./cryptpad.nix ./cryptpad.nix
./syncthing-relay.nix ./syncthing-relay.nix
./backups.nix
]; ];
services.dockerRegistry = { services.dockerRegistry = {

View file

@ -40,6 +40,12 @@ in {
containerPort = 30000; containerPort = 30000;
hostPort = 30000; hostPort = 30000;
}]; }];
bindMounts = {
"/var/lib/foundryvtt" = {
hostPath = "/var/lib/foundryvtt";
isReadOnly = false;
};
};
config = { config, pkgs, ... }: { config = { config, pkgs, ... }: {
systemd.services."foundryvtt" = { systemd.services."foundryvtt" = {
requires = [ "network-online.target" ]; requires = [ "network-online.target" ];

View file

@ -0,0 +1,44 @@
{
"data": "ENC[AES256_GCM,data:XbZZT4EvSrmaL3ISyEQjTWnnOKoWZ/uEyZr275eXlJFXL2V1y11IzOOaEanXEKvcyAmW62j034IWoM1hMAmGC0UFC74pKsubw71pjKQb9UclOeMPTAZBdw==,iv:/BJY2a65QAm3+9Ohvvp+VxMPXedPDbcGFglDgQPCZMM=,tag:i1oSYO24z/TaG2w62XMoAg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc0pLQ0t4K280WVVwRnJ0\nYnZ3RGtXQ01PaE45N0tmTC9aOVBKdkp5dm5NCnN6bHlTeFBoazdKOWthdDE2dHBO\naXFTR1NETHZINzk0UkpFL3RobjJTQ0EKLS0tIHBwNmQrd0xHQWx3eG1UdzJ1THdv\naFBTeG9mR09XMmZsNFBGUzIzNnZsb1EK6tkaiqS2s3BKNUSzD/wt6T/RPlz8hM/u\nmzBKryrlYszGV76kKPO3XBtze7lqnsY3E/Mi01AvWH9jJeaI8X69Jg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc1Q1Q2g5My9BL3dVUEp1\nRjJjclkxdWd6bXVqUThuK3hON2NHaVZRTndFClpxM1hWUUJieGYzTVVWWHdiM2xH\naWJpSlBTSEhoMTVXWGJoTWt1UTl5Rk0KLS0tIENwMlFiZndtWWhwV2NNOVhtQk5l\nSzV4VGg5ZU8yaXY1UWJSK1JVWjZDZFEKAXPLsV5ytWUcBw2Qf3l0HOp/ASWKqjJk\ncD0OZXNd+1yKoC6TtZxhhp7rO8RQrggoo+0mQMqDe9NJPRnTqannjg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU0NSN1VDYUlFbkNUaTN6\nWVFBbXRneXJwWTBuRFUwenRwOFVINjVwa0NrCm5rMjFJK1p6Q09pR3pzazdhNHhP\nNGdFdlJhdC9LZ3Z5bGU0c1A1K2Y0bjgKLS0tIFQ1c3dySHVpK1hDckswTlMxTC9O\nSTE3MG5tWEdjNFQ3R2xrSW5HdDFOU28KJbV+leDxSf/CfCbZbiKx1bb2uE9UQhis\nFTLregz9Wg20ZOY5+/Mn+p2FHs1VFmm5LSkzLd4dDodf4XB7X5L03g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmxPNjMvOE1IWjNGN2ZG\nUGh2UWhxN2xjTEFiWHMzYy96clJpbktYeDBNCldiSVpDNEdSLzhIbHc2NUg2Sm53\nRW5HK21KV3JGRGs5V0NmQzMvSVQ0UUUKLS0tIDRtWUVVSFFGSkhhbGp4UjNER01S\nRllaZDhXTGJ5V2ZtS2F1WWJ0UithbGcKG3FFQmyzGstt8RRx/56f2L+d7lknLs9U\nzjgedEKFlVeWh9nbvV3D5Fqh4ekoSmZE0KJZKcjEcBDrMYeU0fcc2w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkdCb1hhQkljSFh6UHkx\ncGFnSTJDcDV1am0wd0IvOXdxWW5jMSswN0FBCnU3QVhsT1JGQzg2TGRZU1ltWmRN\ncjhrYTdtUnFUb3BvWGYyRkhjSHpnRUUKLS0tIEVLeWY3MWxTZUJzTWw0dVBoUVdv\nV3NFTHdRVWp4WEh1MGp6SnBjRGtZNGcKVJToOhX2ptmsvTA2B8VSiZ1e9te+SOIN\nrEdEH47h4/t4pswnZSZg9Ll8asYbmtbPNBWdEKtO/80cFMMz4N4QBQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRGIzbzhzZ2pjVXhDci9S\nV0JOcHlOcDVhM0pzb0c3Q01ZYXp3ek1CY0dNCnhGY2NMM3dhVUpWUFhiQUNUcXlL\nMTNNN2xnTWZqWWVkeGhURkNCU01Cd0kKLS0tIGg3eEZZOGhoakZ4Ni9DMzBvcllx\nREJTOHFOWHdwTU80QzMxamkzc2JsTVUKnmxnq+4LBfHxyIomCE8JeiNLloXEygGd\nx0Sm3hN99Qohp2IEKF9UiSfzcmoUgC0yzXal4GxkE4zO/5EkxMoBfw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3ZSVEFOZ2o1eVR4Z21R\nM1JtTFVuSUpjNWJreERHUlpPVHlTS0paVHpjClRqamhjUVpMZFhHb0dRZ0lCbGhV\nTWtIM3luODlqalNUN3VqU3g1RHhFUzAKLS0tIERNSWRCQUxDd3ZMNFFYamRLYXUv\nTDQrbTVremRWNFpqWFZrWlBpUUpXcUUKEyBwbsNf3EF05EbIxLBECNlkEaQ0+B96\nEDVOiMYyStKRSJvaaiJK2mNSizc8qs6aJvyF/F5qeJUWSa2JguzBtQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-08-20T08:49:31Z",
"mac": "ENC[AES256_GCM,data:+yp1/bwAu8cN0i6yec2iTbBTwIOnO7465nX3+Qkex1sRGMB6hra92jEZyo2sVgFl8ws5APzGmmsyAeAaKqdzvC/8OGbqlSb+SXKqaa9mxZA58+NnIuAI8gtYQKz1gZ/N6gr0gZpllF+u622ooHrwiL2/GmzOYVApBmSpAROOGsw=,iv:rJzDHQH6Urwb2E1u5nT3dTtlEqGCFQME0uChghG1G94=,tag:vC20wbEyiwvvDpxMD4uYJA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View file

@ -0,0 +1,75 @@
restic-backups-b2-repo-password: ENC[AES256_GCM,data:Th/Uz+kcaWdz8GcRoU0uACOqV51n42FkcheSuK99h1VIN4tg1Qrjd38tEWCsrqswURWQdNdVnR+AmQlm3lmmT/aQBhHSwWRgxLjnx1WRvNANS4jC/OImr0u8/1Z6rfVwaHCIgkWOpsG1BSWYmGrX1+Lpx8+YpP6RUVy1csLforDoukvRhtGPjz/TfKs0pVkTmoSJvyCNnzjeHAMrpGYiUSTqhUNCr78OW1EQhDUjoNMHNQZJN8yiDykA83OQiyZRfvpYJyk5QrLIbmBwdj7fjMSvV4X7gWjpYn/hm4pqfFSTMhIcBDtmRouohsAElMAt1VFDTh+dSbITfhLTiHr6IQ==,iv:V/ZyW1yqlN8ZbeyTlkztBNtUF+H7BfKK6hgTtX2T6Jw=,tag:HQjlo4GxpGsOzybSWtfM1A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdXh2MGtKc0lrRG0rWWFF
bnFidy90a1IzcXV1U0dFWW1pdmg2MGNxQkhrClU2NUdtZU83aGhuWlBRMDdLQjFm
T2VJMlJvMWc2YlNGT29Oem9VT0lxUG8KLS0tIG92c3VsWi9JK0xKNjliY1MzWTZs
WmdMUXBEYzluWHNJTklYRVhmMGF4dDAK6+vMr86fOjy0Bw4e+7MPSrOqQ7m50MNc
Aj4btH7NffuUrOsjpxCos0y8q6oQxOFpOAt2N6jhx9QyXAmxKeHZpg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWVRFZnV1YjhsZFNZUVhq
NU1TZ1JFV09vY212aHVXT21LZmVUYXRIMkJRClhPQStSN1BmL2NweTlhMkRLQVht
dUd2YTVkZnJkWVZueFdMNGRFcDlkRFUKLS0tIEM2WGpCd3BwakRIL0RLS2tJMVQ1
Qm1hZ0dHTzRWdWs0bnFpTUJaS0NiT2MKzabwKNeYP13NDjqNis9jk5su2EwZLanX
TOToLrk8NmARHAyqGPrHGDCJb7y3o34sAFbXeRTtkpeyC4PXo3DA1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQzFsa2pIVnA1NmhiZFFa
eFVkSERHeVp2Z3FRbXNFNUJaVER2czFOOEVrCm9ZYWVOWXdsSnk4OUxtdnlUYnRo
TjhTc01UYTFNQWNwWkFpNmt0WGtiRkUKLS0tIDV4QUxpZVB3NG1tQi9QTFdLcERF
TG03SGoxYkNqVG1DZ29LV3JES1MyMlUKsmORsigoSec0HAa3UzFEi2YDVdvONKhT
rgPBLCVDsHgrH+b3NYcTyiGG1cwiEoy3EDIDCDorN4a0XytpRhw6jQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0M4cVdod3RzVmN1elJC
UW1ZSy82R2J1V2dSTk9EZC9xOVI3NTFBQTBZClkxZGJoSEQ4YVlnQWZzbnJkbHBG
NVdYYkdOalk0cjZYWDFnSEtrWFpTZ0EKLS0tIFFORzRtRkFMNzRMWFVWY2xQTmpm
RWsxWVVwYXV5U1E1MWZSNmxQQnhGeGcKPQUxaJwfKEc8/NUdALftg9t4ZfX2xKOJ
BEEcTAo+eS+TQ10gPBrhX6fmuQcWkKH27AcooQczLRj7h0KWm4mNiQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSStiYjRFNUtaTFc0bGpJ
TkdQbDlVTGxJSkpPL3VEZ3VSMmEwMHdYc3lnCmdqRDc2Y2E1R2MwR2ljWG9CcEha
MklxSkZOUTVCNXpuTS8yTUVDNXUvb0kKLS0tIHZKWGFOd3l5ZnllbnJOVmdzN1FS
d1JMNFNxTS85K09zMXZsdVIvbThiaWsK8GAykyhoW+/iOgfbgQCtblA4BjlrIVcY
6uw00sByQB0e2KT48Lb/hiWDnNbyH8nv9U2K3Iyo/BFkbCQ/GJOXTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbFBVTFFvU05XUGptb2hj
eTZaUm16bE9xZFJUUEZNVTE1ZGpYRVh2dlNRCjRabWxzcTE3UDBsRXUvVG82dXkw
elFONkU5UkVoY3Z4OU9ZbG9CdldUd00KLS0tIDFvSGRid3RMMHZETDFURHNnVThW
cHE4Y2F1ZWh6Q2tGZ1ZUaGlPT1JGck0KV4hiMystiZ/nD/8D9nPF5JrtSauj9GIO
4E/2syq+dXp8o5UPf3zCYfAiVm0hurFNIv3noS0t5ucIEELQ2bsH/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZFZjU1R1L3F6RjJNdjVB
MksxSVVtdlh0Vm9LZ1JVVHVjV0ZMa042N3drCmErOUpaOUFVR3BVVWVqUVErajR0
bkpXMCtHaHJNYmhKTTlpTzJId1o1UmMKLS0tIGs3VUtmaC9DSDZIenpYMmZibVpi
UGs3bmVxNkF0NVNDSit3UDJOMGpNMkUKg0A+T0zMthtarMORQk9P8F0Eh4kNYAdO
0VgyYS5JfJ76Le9YJGRMygUciidptyfK4W1MJ5D1lPceNmCQ7uLSdg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-08-20T08:34:12Z"
mac: ENC[AES256_GCM,data:WXYIXl20eI4YwvWfrlY0Kje947u5b2xcGunFLB6KQkuoBM/3Mv9MNJ5NsWpPruRiX5BEIW7rIFfsuVYBn0EVZOPR2xGUsgGWxQ7hU1C0GNVB4NODoQ1iW0W75fM3XW+vzEE6SIxxAkFJK470JwpJpWI/TNC28gj16Z2Kt6yAuBU=,iv:YmyxRbrw8SgxVccRBwVVuqNBFw8LNCUQsDD6ds8qzUk=,tag:16B2m9p/VAVY1VvZdxBBYw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3