patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: paperless backups

Browse source
This commit is contained in:
Patrick Großmann 2024-01-19 22:33:03 +01:00
parent 50398de75e
commit f48b25dfbe
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
6 changed files with 107 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
hosts/elisabeth/secrets/paperless/generated/paperlessHetznerSsh.age Normal file
View file

Binary file not shown.

15
hosts/elisabeth/secrets/paperless/generated/resticpasswd.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 k9S1TqxAKH41Lq6xpAYBaMd9f90qCAQmyxrq0chU+Tc
irgvzLHOIREuCUA2k1+FnxZCXNTIpChKE3uNN5l48OA
-> piv-p256 XTQkUA A/Jy50UrN5mbigxkQI5K1Q0FQTor4ocPQh1YJXYnWMvl
z73ZTKho/qeVH2XyneDKUxw+eg2FrHDfrllHVaj3s5U
-> piv-p256 ZFgiIw AlVTQpjtIYs7vQ/M0jDmRzRebsIQ+Kj39qyeQk1OIwZ+
jAPOyDEuginirLTSUFJ2oW1VsdpWN1ASdfR7ybU+G0M
-> piv-p256 5vmPtQ AhiueRGQs93xrLgEwnhC/G3GZfB8WnU/U6fP4Zoj6CAm
Zrx69DLkn13YXMPzyVgzKCakPwMuuqhc9ev1JZ6O19o
-> piv-p256 ZFgiIw ApvxXQDq40lC1AHIi/Goo7zdxBNMzdyaICbc99l+7AKV
HaqccPBNp4O5HG5HXqkV4ks6/egCx83KTHFNHek8/VI
-> "[q9C-grease &e7[}5WO @C'4x =
3OGP2dJt6w
--- 0GHa/cHUag5xe+LPDSEgHvSWTi9tNDdaq1FQZIsK2uc
–øÈǨ`pcé'³Æâ ®,Ýœñ8‰EŽ<E280B9>B®¥ÞGÞ%¿ºF ÖØòtŹKVN¹~ TJÉ2IVêaš…<àI+¶Fë<46>°¼oO>â Û•

55
modules/services/paperless.nix
View file

@ -4,7 +4,62 @@
... ...
}: let }: let
paperlessdomain = "ppl.${config.secrets.secrets.global.domains.web}"; paperlessdomain = "ppl.${config.secrets.secrets.global.domains.web}";
paperlessBackupDir = "/var/cache/backups/paperless";
in { in {
systemd.tmpfiles.settings = {
"10-paperless".${paperlessBackupDir}.d = {
inherit (config.services.paperless) user;
mode = "0770";
};
};
age.secrets.resticpasswd = {
generator.script = "alnum";
};
age.secrets.paperlessHetznerSsh = {
generator.script = "ssh-ed25519";
};
services.restic.backups = {
main = {
inherit (config.services.paperless) user;
timerConfig = {
OnCalendar = "06:00";
Persistent = true;
RandomizedDelaySec = "3h";
};
initialize = true;
passwordFile = config.age.secrets.resticpasswd.path;
hetznerStorageBox = {
enable = true;
inherit (config.secrets.secrets.global.hetzner) mainUser;
inherit (config.secrets.secrets.global.hetzner.users.paperless) subUid path;
sshAgeSecret = "paperlessHetznerSsh";
};
paths = [paperlessBackupDir];
pruneOpts = [
"--keep-daily 10"
"--keep-weekly 7"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
};
systemd.services.paperless-backup = let
cfg = config.systemd.services.paperless-consumer;
in {
description = "Paperless document backup";
serviceConfig =
lib.recursiveUpdate
cfg.serviceConfig
{
ExecStart = "${config.services.paperless.package}/bin/paperless-ngx document_exporter -na -nt -f -d ${paperlessBackupDir}";
ReadWritePaths = cfg.serviceConfig.ReadWritePaths ++ [paperlessBackupDir];
Restart = "no";
Type = "oneshot";
};
inherit (cfg) environment;
requiredBy = ["restic-backups-main.service"];
};
networking.firewall.allowedTCPPorts = [3000]; networking.firewall.allowedTCPPorts = [3000];
age.secrets.paperless-admin-passwd = { age.secrets.paperless-admin-passwd = {
generator.script = "alnum"; generator.script = "alnum";

36
modules/services/samba.nix
View file

@ -234,21 +234,57 @@
systemd.tmpfiles.settings = lib.mkMerge (lib.flip lib.mapAttrsToList config.services.samba.shares (_: v: systemd.tmpfiles.settings = lib.mkMerge (lib.flip lib.mapAttrsToList config.services.samba.shares (_: v:
lib.optionalAttrs ((v ? "#paperless") && v."#paperless") { lib.optionalAttrs ((v ? "#paperless") && v."#paperless") {
"10-smb-paperless"."/paperless/consume/".d = {
user = "paperless";
group = "paperless";
mode = "0770";
};
"10-smb-paperless"."/paperless/consume/${v."#user"}".d = { "10-smb-paperless"."/paperless/consume/${v."#user"}".d = {
user = "paperless"; user = "paperless";
group = "paperless"; group = "paperless";
mode = "0770"; mode = "0770";
}; };
"10-smb-paperless"."/paperless/media/".d = {
user = "paperless";
group = "paperless";
mode = "0770";
};
"10-smb-paperless"."/paperless/media/documents/".d = {
user = "paperless";
group = "paperless";
mode = "0770";
};
"10-smb-paperless"."/paperless/media/documents/archive/".d = {
user = "paperless";
group = "paperless";
mode = "0770";
};
"10-smb-paperless"."/paperless/media/documents/archive/${v."#user"}".d = { "10-smb-paperless"."/paperless/media/documents/archive/${v."#user"}".d = {
user = "paperless"; user = "paperless";
group = "paperless"; group = "paperless";
mode = "0770"; mode = "0770";
}; };
"10-smb-paperless"."/paperless/media/documents/archive/${v."#user"}/.keep".f = {
user = "paperless";
group = "paperless";
mode = "0660";
};
"10-smb-paperless"."/paperless/media/documents/originals/".d = {
user = "paperless";
group = "paperless";
mode = "0770";
};
"10-smb-paperless"."/paperless/media/documents/originals/${v."#user"}".d = { "10-smb-paperless"."/paperless/media/documents/originals/${v."#user"}".d = {
user = "paperless"; user = "paperless";
group = "paperless"; group = "paperless";
mode = "0770"; mode = "0770";
}; };
"10-smb-paperless"."/paperless/media/documents/originals/${v."#user"}/.keep".f = {
user = "paperless";
group = "paperless";
mode = "0660";
};
})); }));
environment.persistence = lib.mkMerge (lib.flip lib.mapAttrsToList config.services.samba.shares (_: v: environment.persistence = lib.mkMerge (lib.flip lib.mapAttrsToList config.services.samba.shares (_: v:
lib.optionalAttrs ((v ? "#persistRoot") && (v."#persistRoot" != "")) { lib.optionalAttrs ((v ? "#persistRoot") && (v."#persistRoot" != "")) {

3
modules/services/vaultwarden.nix
View file

@ -28,7 +28,7 @@ in {
}; };
services.restic.backups = { services.restic.backups = {
main = { main = {
user = "root"; user = "vaultwarden";
timerConfig = { timerConfig = {
OnCalendar = "06:00"; OnCalendar = "06:00";
Persistent = true; Persistent = true;
@ -75,7 +75,6 @@ in {
smtpSecurity = "force_tls"; smtpSecurity = "force_tls";
smtpPort = 465; smtpPort = 465;
}; };
#backupDir = "/data/backup";
environmentFile = config.age.secrets.vaultwarden-env.path; environmentFile = config.age.secrets.vaultwarden-env.path;
}; };

BIN
secrets/secrets.nix.age
View file

Binary file not shown.