From 10280b0495c5c8ef56b643332dcffb5c29140bca Mon Sep 17 00:00:00 2001 From: Daylin Morgan Date: Fri, 7 Feb 2025 09:58:06 -0600 Subject: [PATCH] reorg --- hosts/algiz/default.nix | 19 ------------------- hosts/algiz/restic.nix | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 19 deletions(-) create mode 100644 hosts/algiz/restic.nix diff --git a/hosts/algiz/default.nix b/hosts/algiz/default.nix index ede8aed..8ee015e 100644 --- a/hosts/algiz/default.nix +++ b/hosts/algiz/default.nix @@ -1,5 +1,4 @@ { - config, enabled, pkgs, ... @@ -16,24 +15,6 @@ '') ]; - # maybe I don't need to use root and can use this strategy? - # https://wiki.nixos.org/wiki/Restic#Security_Wrapper - # would this make it possible for me to run the binary as my 'normal user'? - services.restic.backups.gdrive = { - # directories created by gitea and soft-serve aren't world readable - user = "root"; - rcloneConfigFile = "/home/daylin/.config/rclone/rclone.conf"; - repository = "rclone:g:archives/algiz"; - passwordFile = config.sops.secrets.restic-algiz.path; - paths = [ - "/home/daylin/services/git/" - "/home/daylin/services/gotosocial/" - "/home/daylin/services/caddy/" - "/home/daylin/services/wedding-website/" - "/home/daylin/services/bsky-pds/" - ]; - }; - # git user handles the forgjo ssh authentication users.users.git.isNormalUser = true; } diff --git a/hosts/algiz/restic.nix b/hosts/algiz/restic.nix new file mode 100644 index 0000000..9097bf7 --- /dev/null +++ b/hosts/algiz/restic.nix @@ -0,0 +1,22 @@ +{ + config, + ... +}: +{ + + services.restic.backups.gdrive = { + # directories created by gitea and soft-serve aren't world readable + user = "root"; + + rcloneConfigFile = "/home/daylin/.config/rclone/rclone.conf"; + repository = "rclone:g:archives/algiz"; + passwordFile = config.sops.secrets.restic-algiz.path; + paths = [ + "/home/daylin/services/git/" + "/home/daylin/services/gotosocial/" + "/home/daylin/services/caddy/" + "/home/daylin/services/wedding-website/" + "/home/daylin/services/bsky-pds/" + ]; + }; +}