From 40d4792bc802309593b18db98fff29e7e7b4d04f Mon Sep 17 00:00:00 2001 From: "Chinmay D. Pai" Date: Mon, 30 Sep 2024 01:17:54 +0530 Subject: [PATCH] feat: enable restic backup service for vaultwarden and paperless Signed-off-by: Chinmay D. Pai --- data.nix | 4 ++++ modules/nixos/services/paperless/default.nix | 10 ++++++++++ .../nixos/services/vaultwarden/default.nix | 19 ++++++++++++------- .../{backup => backups}/environment.age | 0 .../services/{backup => backups}/password.age | 0 systems/x86_64-linux/bicboye/default.nix | 7 +++++++ 6 files changed, 33 insertions(+), 7 deletions(-) rename secrets/services/{backup => backups}/environment.age (100%) rename secrets/services/{backup => backups}/password.age (100%) diff --git a/data.nix b/data.nix index c39b39f..4b95345 100644 --- a/data.nix +++ b/data.nix @@ -16,6 +16,10 @@ }; }; services = { + backups = { + environment.file = ./secrets/services/backups/environment.age; + password.file = ./secrets/services/backups/password.age; + }; gitea = { password.file = ./secrets/services/gitea/password.age; }; diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 95f19d8..2d42615 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -63,5 +63,15 @@ }; }; }; + + snowflake.services.backups.paperless.config = { + dynamicFilesFrom = let + path = config.services.paperless.dataDir; + in '' + mkdir -p ${path}/exported + ${path}/paperless-manage document_exporter ${path}/exported + echo ${path}/exported/ + ''; + }; }; } diff --git a/modules/nixos/services/vaultwarden/default.nix b/modules/nixos/services/vaultwarden/default.nix index 891146f..6a02bd1 100644 --- a/modules/nixos/services/vaultwarden/default.nix +++ b/modules/nixos/services/vaultwarden/default.nix @@ -3,8 +3,7 @@ lib, pkgs, ... -}: -{ +}: { options.snowflake.services.vaultwarden = { enable = lib.mkEnableOption "Enable vaultwarden service with postgres and nginx"; @@ -19,10 +18,12 @@ }; }; - config = - let - cfg = config.snowflake.services.vaultwarden; - in + # TODO: when upgrading stateVersion to 24.11, the data directory will + # change from /var/lib/bitwarden_rs to /var/lib/vaultwarden. + # We need to move the data and then change the backup service directory. + config = let + cfg = config.snowflake.services.vaultwarden; + in lib.mkIf cfg.enable { age.secrets.vaultwarden = { inherit (cfg.adminTokenFile) file; @@ -53,7 +54,7 @@ # NOTE: To upgrade postgresql to a newer version, refer: # https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading package = pkgs.postgresql_14; - ensureDatabases = [ "vaultwarden" ]; + ensureDatabases = ["vaultwarden"]; ensureUsers = [ { name = "vaultwarden"; @@ -75,5 +76,9 @@ }; }; }; + + snowflake.services.backups.vaultwarden.paths = [ + "/var/lib/bitwarden_rs" + ]; }; } diff --git a/secrets/services/backup/environment.age b/secrets/services/backups/environment.age similarity index 100% rename from secrets/services/backup/environment.age rename to secrets/services/backups/environment.age diff --git a/secrets/services/backup/password.age b/secrets/services/backups/password.age similarity index 100% rename from secrets/services/backup/password.age rename to secrets/services/backups/password.age diff --git a/systems/x86_64-linux/bicboye/default.nix b/systems/x86_64-linux/bicboye/default.nix index 0916366..2e5e9bf 100644 --- a/systems/x86_64-linux/bicboye/default.nix +++ b/systems/x86_64-linux/bicboye/default.nix @@ -121,6 +121,13 @@ services = { arr.enable = true; + backups = { + enable = true; + repository = "b2:restic-nix"; + resticPasswordFile = userdata.secrets.services.backups.password; + resticEnvironmentFile = userdata.secrets.services.backups.environment; + }; + gitea = { enable = true; domain = "git.deku.moe";