backups on vpsfree, esp foundryvtt
This commit is contained in:
parent
19ab12fcea
commit
62549875c4
6 changed files with 154 additions and 1 deletions
|
@ -7,7 +7,7 @@ keys:
|
|||
- &vpsfree1 age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||
- &vultr1 age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||
creation_rules:
|
||||
- path_regex: /[^/]+\.yaml$
|
||||
- path_regex: /[^/]+.*$
|
||||
key_groups:
|
||||
- age:
|
||||
- *foureighty-source
|
||||
|
|
27
nixos/boxes/vpsfree1/backups.nix
Normal file
27
nixos/boxes/vpsfree1/backups.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{ config, pkgs, ... }: {
|
||||
|
||||
environment.systemPackages = with pkgs; [ restic ];
|
||||
|
||||
sops.secrets."restic-backups-b2-repo-password" = {
|
||||
sopsFile = ./restic.sops.yaml;
|
||||
};
|
||||
sops.secrets."restic-backups-b2-environment" = {
|
||||
sopsFile = ./restic-environment.sops;
|
||||
format = "binary";
|
||||
path = "/etc/nixos/secrets/b2-env";
|
||||
};
|
||||
services = {
|
||||
restic.backups.b2 = {
|
||||
passwordFile = "/run/secrets/restic-backups-b2-repo-password";
|
||||
paths = [ "/var/lib/foundryvtt" ];
|
||||
repository = "b2:cyplo-restic-vpsfree";
|
||||
timerConfig = { OnCalendar = "hourly"; };
|
||||
environmentFile = "/etc/nixos/secrets/b2-env";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.restic-backups-b2.serviceConfig = {
|
||||
Nice = 19;
|
||||
IOSchedulingClass = "idle";
|
||||
};
|
||||
}
|
|
@ -7,6 +7,7 @@
|
|||
./foundryvtt.nix
|
||||
./cryptpad.nix
|
||||
./syncthing-relay.nix
|
||||
./backups.nix
|
||||
];
|
||||
|
||||
services.dockerRegistry = {
|
||||
|
|
|
@ -40,6 +40,12 @@ in {
|
|||
containerPort = 30000;
|
||||
hostPort = 30000;
|
||||
}];
|
||||
bindMounts = {
|
||||
"/var/lib/foundryvtt" = {
|
||||
hostPath = "/var/lib/foundryvtt";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
config = { config, pkgs, ... }: {
|
||||
systemd.services."foundryvtt" = {
|
||||
requires = [ "network-online.target" ];
|
||||
|
|
44
nixos/boxes/vpsfree1/restic-environment.sops
Normal file
44
nixos/boxes/vpsfree1/restic-environment.sops
Normal file
|
@ -0,0 +1,44 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:XbZZT4EvSrmaL3ISyEQjTWnnOKoWZ/uEyZr275eXlJFXL2V1y11IzOOaEanXEKvcyAmW62j034IWoM1hMAmGC0UFC74pKsubw71pjKQb9UclOeMPTAZBdw==,iv:/BJY2a65QAm3+9Ohvvp+VxMPXedPDbcGFglDgQPCZMM=,tag:i1oSYO24z/TaG2w62XMoAg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKc0pLQ0t4K280WVVwRnJ0\nYnZ3RGtXQ01PaE45N0tmTC9aOVBKdkp5dm5NCnN6bHlTeFBoazdKOWthdDE2dHBO\naXFTR1NETHZINzk0UkpFL3RobjJTQ0EKLS0tIHBwNmQrd0xHQWx3eG1UdzJ1THdv\naFBTeG9mR09XMmZsNFBGUzIzNnZsb1EK6tkaiqS2s3BKNUSzD/wt6T/RPlz8hM/u\nmzBKryrlYszGV76kKPO3XBtze7lqnsY3E/Mi01AvWH9jJeaI8X69Jg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzc1Q1Q2g5My9BL3dVUEp1\nRjJjclkxdWd6bXVqUThuK3hON2NHaVZRTndFClpxM1hWUUJieGYzTVVWWHdiM2xH\naWJpSlBTSEhoMTVXWGJoTWt1UTl5Rk0KLS0tIENwMlFiZndtWWhwV2NNOVhtQk5l\nSzV4VGg5ZU8yaXY1UWJSK1JVWjZDZFEKAXPLsV5ytWUcBw2Qf3l0HOp/ASWKqjJk\ncD0OZXNd+1yKoC6TtZxhhp7rO8RQrggoo+0mQMqDe9NJPRnTqannjg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKU0NSN1VDYUlFbkNUaTN6\nWVFBbXRneXJwWTBuRFUwenRwOFVINjVwa0NrCm5rMjFJK1p6Q09pR3pzazdhNHhP\nNGdFdlJhdC9LZ3Z5bGU0c1A1K2Y0bjgKLS0tIFQ1c3dySHVpK1hDckswTlMxTC9O\nSTE3MG5tWEdjNFQ3R2xrSW5HdDFOU28KJbV+leDxSf/CfCbZbiKx1bb2uE9UQhis\nFTLregz9Wg20ZOY5+/Mn+p2FHs1VFmm5LSkzLd4dDodf4XB7X5L03g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcmxPNjMvOE1IWjNGN2ZG\nUGh2UWhxN2xjTEFiWHMzYy96clJpbktYeDBNCldiSVpDNEdSLzhIbHc2NUg2Sm53\nRW5HK21KV3JGRGs5V0NmQzMvSVQ0UUUKLS0tIDRtWUVVSFFGSkhhbGp4UjNER01S\nRllaZDhXTGJ5V2ZtS2F1WWJ0UithbGcKG3FFQmyzGstt8RRx/56f2L+d7lknLs9U\nzjgedEKFlVeWh9nbvV3D5Fqh4ekoSmZE0KJZKcjEcBDrMYeU0fcc2w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkdCb1hhQkljSFh6UHkx\ncGFnSTJDcDV1am0wd0IvOXdxWW5jMSswN0FBCnU3QVhsT1JGQzg2TGRZU1ltWmRN\ncjhrYTdtUnFUb3BvWGYyRkhjSHpnRUUKLS0tIEVLeWY3MWxTZUJzTWw0dVBoUVdv\nV3NFTHdRVWp4WEh1MGp6SnBjRGtZNGcKVJToOhX2ptmsvTA2B8VSiZ1e9te+SOIN\nrEdEH47h4/t4pswnZSZg9Ll8asYbmtbPNBWdEKtO/80cFMMz4N4QBQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRGIzbzhzZ2pjVXhDci9S\nV0JOcHlOcDVhM0pzb0c3Q01ZYXp3ek1CY0dNCnhGY2NMM3dhVUpWUFhiQUNUcXlL\nMTNNN2xnTWZqWWVkeGhURkNCU01Cd0kKLS0tIGg3eEZZOGhoakZ4Ni9DMzBvcllx\nREJTOHFOWHdwTU80QzMxamkzc2JsTVUKnmxnq+4LBfHxyIomCE8JeiNLloXEygGd\nx0Sm3hN99Qohp2IEKF9UiSfzcmoUgC0yzXal4GxkE4zO/5EkxMoBfw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZ3ZSVEFOZ2o1eVR4Z21R\nM1JtTFVuSUpjNWJreERHUlpPVHlTS0paVHpjClRqamhjUVpMZFhHb0dRZ0lCbGhV\nTWtIM3luODlqalNUN3VqU3g1RHhFUzAKLS0tIERNSWRCQUxDd3ZMNFFYamRLYXUv\nTDQrbTVremRWNFpqWFZrWlBpUUpXcUUKEyBwbsNf3EF05EbIxLBECNlkEaQ0+B96\nEDVOiMYyStKRSJvaaiJK2mNSizc8qs6aJvyF/F5qeJUWSa2JguzBtQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2022-08-20T08:49:31Z",
|
||||
"mac": "ENC[AES256_GCM,data:+yp1/bwAu8cN0i6yec2iTbBTwIOnO7465nX3+Qkex1sRGMB6hra92jEZyo2sVgFl8ws5APzGmmsyAeAaKqdzvC/8OGbqlSb+SXKqaa9mxZA58+NnIuAI8gtYQKz1gZ/N6gr0gZpllF+u622ooHrwiL2/GmzOYVApBmSpAROOGsw=,iv:rJzDHQH6Urwb2E1u5nT3dTtlEqGCFQME0uChghG1G94=,tag:vC20wbEyiwvvDpxMD4uYJA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
75
nixos/boxes/vpsfree1/restic.sops.yaml
Normal file
75
nixos/boxes/vpsfree1/restic.sops.yaml
Normal file
|
@ -0,0 +1,75 @@
|
|||
restic-backups-b2-repo-password: ENC[AES256_GCM,data:Th/Uz+kcaWdz8GcRoU0uACOqV51n42FkcheSuK99h1VIN4tg1Qrjd38tEWCsrqswURWQdNdVnR+AmQlm3lmmT/aQBhHSwWRgxLjnx1WRvNANS4jC/OImr0u8/1Z6rfVwaHCIgkWOpsG1BSWYmGrX1+Lpx8+YpP6RUVy1csLforDoukvRhtGPjz/TfKs0pVkTmoSJvyCNnzjeHAMrpGYiUSTqhUNCr78OW1EQhDUjoNMHNQZJN8yiDykA83OQiyZRfvpYJyk5QrLIbmBwdj7fjMSvV4X7gWjpYn/hm4pqfFSTMhIcBDtmRouohsAElMAt1VFDTh+dSbITfhLTiHr6IQ==,iv:V/ZyW1yqlN8ZbeyTlkztBNtUF+H7BfKK6hgTtX2T6Jw=,tag:HQjlo4GxpGsOzybSWtfM1A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdXh2MGtKc0lrRG0rWWFF
|
||||
bnFidy90a1IzcXV1U0dFWW1pdmg2MGNxQkhrClU2NUdtZU83aGhuWlBRMDdLQjFm
|
||||
T2VJMlJvMWc2YlNGT29Oem9VT0lxUG8KLS0tIG92c3VsWi9JK0xKNjliY1MzWTZs
|
||||
WmdMUXBEYzluWHNJTklYRVhmMGF4dDAK6+vMr86fOjy0Bw4e+7MPSrOqQ7m50MNc
|
||||
Aj4btH7NffuUrOsjpxCos0y8q6oQxOFpOAt2N6jhx9QyXAmxKeHZpg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWVRFZnV1YjhsZFNZUVhq
|
||||
NU1TZ1JFV09vY212aHVXT21LZmVUYXRIMkJRClhPQStSN1BmL2NweTlhMkRLQVht
|
||||
dUd2YTVkZnJkWVZueFdMNGRFcDlkRFUKLS0tIEM2WGpCd3BwakRIL0RLS2tJMVQ1
|
||||
Qm1hZ0dHTzRWdWs0bnFpTUJaS0NiT2MKzabwKNeYP13NDjqNis9jk5su2EwZLanX
|
||||
TOToLrk8NmARHAyqGPrHGDCJb7y3o34sAFbXeRTtkpeyC4PXo3DA1A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQzFsa2pIVnA1NmhiZFFa
|
||||
eFVkSERHeVp2Z3FRbXNFNUJaVER2czFOOEVrCm9ZYWVOWXdsSnk4OUxtdnlUYnRo
|
||||
TjhTc01UYTFNQWNwWkFpNmt0WGtiRkUKLS0tIDV4QUxpZVB3NG1tQi9QTFdLcERF
|
||||
TG03SGoxYkNqVG1DZ29LV3JES1MyMlUKsmORsigoSec0HAa3UzFEi2YDVdvONKhT
|
||||
rgPBLCVDsHgrH+b3NYcTyiGG1cwiEoy3EDIDCDorN4a0XytpRhw6jQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK0M4cVdod3RzVmN1elJC
|
||||
UW1ZSy82R2J1V2dSTk9EZC9xOVI3NTFBQTBZClkxZGJoSEQ4YVlnQWZzbnJkbHBG
|
||||
NVdYYkdOalk0cjZYWDFnSEtrWFpTZ0EKLS0tIFFORzRtRkFMNzRMWFVWY2xQTmpm
|
||||
RWsxWVVwYXV5U1E1MWZSNmxQQnhGeGcKPQUxaJwfKEc8/NUdALftg9t4ZfX2xKOJ
|
||||
BEEcTAo+eS+TQ10gPBrhX6fmuQcWkKH27AcooQczLRj7h0KWm4mNiQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSStiYjRFNUtaTFc0bGpJ
|
||||
TkdQbDlVTGxJSkpPL3VEZ3VSMmEwMHdYc3lnCmdqRDc2Y2E1R2MwR2ljWG9CcEha
|
||||
MklxSkZOUTVCNXpuTS8yTUVDNXUvb0kKLS0tIHZKWGFOd3l5ZnllbnJOVmdzN1FS
|
||||
d1JMNFNxTS85K09zMXZsdVIvbThiaWsK8GAykyhoW+/iOgfbgQCtblA4BjlrIVcY
|
||||
6uw00sByQB0e2KT48Lb/hiWDnNbyH8nv9U2K3Iyo/BFkbCQ/GJOXTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbFBVTFFvU05XUGptb2hj
|
||||
eTZaUm16bE9xZFJUUEZNVTE1ZGpYRVh2dlNRCjRabWxzcTE3UDBsRXUvVG82dXkw
|
||||
elFONkU5UkVoY3Z4OU9ZbG9CdldUd00KLS0tIDFvSGRid3RMMHZETDFURHNnVThW
|
||||
cHE4Y2F1ZWh6Q2tGZ1ZUaGlPT1JGck0KV4hiMystiZ/nD/8D9nPF5JrtSauj9GIO
|
||||
4E/2syq+dXp8o5UPf3zCYfAiVm0hurFNIv3noS0t5ucIEELQ2bsH/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJZFZjU1R1L3F6RjJNdjVB
|
||||
MksxSVVtdlh0Vm9LZ1JVVHVjV0ZMa042N3drCmErOUpaOUFVR3BVVWVqUVErajR0
|
||||
bkpXMCtHaHJNYmhKTTlpTzJId1o1UmMKLS0tIGs3VUtmaC9DSDZIenpYMmZibVpi
|
||||
UGs3bmVxNkF0NVNDSit3UDJOMGpNMkUKg0A+T0zMthtarMORQk9P8F0Eh4kNYAdO
|
||||
0VgyYS5JfJ76Le9YJGRMygUciidptyfK4W1MJ5D1lPceNmCQ7uLSdg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-08-20T08:34:12Z"
|
||||
mac: ENC[AES256_GCM,data:WXYIXl20eI4YwvWfrlY0Kje947u5b2xcGunFLB6KQkuoBM/3Mv9MNJ5NsWpPruRiX5BEIW7rIFfsuVYBn0EVZOPR2xGUsgGWxQ7hU1C0GNVB4NODoQ1iW0W75fM3XW+vzEE6SIxxAkFJK470JwpJpWI/TNC28gj16Z2Kt6yAuBU=,iv:YmyxRbrw8SgxVccRBwVVuqNBFw8LNCUQsDD6ds8qzUk=,tag:16B2m9p/VAVY1VvZdxBBYw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in a new issue