From 69db034caffc8d7ac2f3c4a18eb72c686145cf76 Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Wed, 17 Jul 2024 17:29:25 -0400
Subject: [PATCH] rpi4: configure backups (not automated yet)

---
 hosts/rpi4/backup.nix        | 39 ++++++++++++++++++++++++++++++++++++
 hosts/rpi4/configuration.nix |  2 ++
 2 files changed, 41 insertions(+)
 create mode 100644 hosts/rpi4/backup.nix

diff --git a/hosts/rpi4/backup.nix b/hosts/rpi4/backup.nix
new file mode 100644
index 0000000..759c306
--- /dev/null
+++ b/hosts/rpi4/backup.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+let
+  secret = name: config.age.secrets."${name}".path;
+in
+{
+  config = {
+    age.secrets.restic-rclone.file   = ../../secrets/restic-rclone.age;
+    age.secrets.restic-password.file = ../../secrets/restic-password.age;
+    services.restic.backups.system = {
+      rcloneConfigFile = secret "restic-rclone";
+      passwordFile = secret "restic-password";
+      repository = "rclone:restic:";
+      exclude = [
+        ".snapshots"
+        "gdlmirror"
+        "gitea-dump-*"
+      ];
+      paths = [
+        "/srv"
+        "/srv/media"
+        "/srv/syncthing"
+        "/srv/http"
+        "/opt"
+        "/var/lib/gitea"
+        "/var/lib/tailscale"
+        "/etc"
+      ];
+      dynamicFilesFrom = ''
+        find /var/lib -mindepth 1 -maxdepth 1 -type d -name 'authelia-*'
+      '';
+
+      extraBackupArgs = [
+        "--tag=auto"
+        "--group-by=host,tag"
+      ];
+
+    };
+  };
+}
diff --git a/hosts/rpi4/configuration.nix b/hosts/rpi4/configuration.nix
index 4a99065..d9beed0 100644
--- a/hosts/rpi4/configuration.nix
+++ b/hosts/rpi4/configuration.nix
@@ -9,6 +9,8 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./services.nix
+
+      ./backup.nix
     ];
 
   fileSystems = let