From 6de16fb116f85cd5dfbfa6e035eb736f9b2bd9d4 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Fri, 4 Oct 2024 21:37:14 +0200
Subject: [PATCH] challenger: Fix nfs-client, replace borg with restic

---
 hosts/challenger/backup.nix        | 60 ++++++++++++++----------------
 hosts/challenger/filesystems.nix   |  6 +++
 secrets/challenger/challenger.yaml | 10 ++---
 3 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/hosts/challenger/backup.nix b/hosts/challenger/backup.nix
index 34c7dc7..b9a31f0 100644
--- a/hosts/challenger/backup.nix
+++ b/hosts/challenger/backup.nix
@@ -1,38 +1,32 @@
 { config, pkgs, lib, ... }:
 {
-  services.borgbackup.jobs =
-    let
-      borgJob = name: {
-        environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
-        environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
-        repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/voyager/${name}";
-        compression = "auto,zstd";
-      };
-    in {
-      postgresDaily = borgJob "postgres::daily" // {
-        paths = "/var/backup/postgres";
-        startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
-        extraInitArgs = "--storage-quota 10G";
-        encryption = {
-          mode = "repokey-blake2";
-          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
-        };
-      };
-
-      postgresWeekly = borgJob "postgres::weekly" // {
-        paths = "/var/backup/postgres";
-        startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
-        extraInitArgs = "--storage-quota 10G";
-        encryption = {
-          mode = "repokey-blake2";
-          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
-        };
-      };
-
-      # TODO: timemachine, nextcloud, komga, calibre
-
+  services.restic.backups = let
+    localJob = name: paths: {
+      inherit paths;
+      repository = "/mnt/feal-syn1/backup/challenger/${name}";
+      passwordFile = config.sops.secrets."restic/${name}".path;
+      initialize = true;
+      pruneOpts = [
+        "--keep-daily 7"
+        "--keep-weekly 4"
+        "--keep-monthly 3"
+        "--keep-yearly 10"
+      ];
+    };
+  in {
+    postgres = (localJob "postgres" [ "/var/backup/postgres" ]) // {
+      timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
     };
 
-  sops.secrets."borg/postgres" = { };
-  sops.secrets."borg/transmission" = { };
+    transmission = localJob "transmission" [ "/var/lib/transmission" ];
+
+    # TODO: timemachine, nextcloud, komga, calibre
+  };
+
+  sops.secrets."restic/postgres" = { };
+  sops.secrets."restic/transmission" = { };
+
+  environment.systemPackages = with pkgs; [
+    restic
+  ];
 }
diff --git a/hosts/challenger/filesystems.nix b/hosts/challenger/filesystems.nix
index ddfbb2f..264e877 100644
--- a/hosts/challenger/filesystems.nix
+++ b/hosts/challenger/filesystems.nix
@@ -22,6 +22,12 @@
     "/mnt/feal-syn1/backup" = {
       device = "feal-syn1.home.feal.no:/volume2/backup";
       fsType = "nfs";
+      options = [
+        "defaults"
+        "noatime"
+        "rw"
+        "nfsvers=3"
+      ];
     };
   };
 }
diff --git a/secrets/challenger/challenger.yaml b/secrets/challenger/challenger.yaml
index 789c62a..cdb5579 100644
--- a/secrets/challenger/challenger.yaml
+++ b/secrets/challenger/challenger.yaml
@@ -3,9 +3,9 @@ transmission:
 nextcloud:
     adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
     secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
-borg:
-    transmission: ENC[AES256_GCM,data:umr0UEKMT/n0ZRTyfq/qWX4A,iv:R92qRZqQ8onLYDlkYMtHiumFqjVuxOIZAp+k2qTcDps=,tag:WhCP5YmIutR3ckgNIw/Hww==,type:str]
-    postgres: ENC[AES256_GCM,data:KHL02u+X2fGlZSUrujvkkGI=,iv:gjdPbmRHmO0APXvMJzqN+Swuh2l9mdsUJQRKsSYkEyM=,tag:0Rf9MeW7xTpj2uvnAOhuBA==,type:str]
+restic:
+    transmission: ENC[AES256_GCM,data:RrnlOXT6sNoUh8MF8JXFTygN+cBV+CS0xdvE9SMTAVV0,iv:0Irhejn2TQSI7h9e4G8a65EpIKmwco9ue93lgo4jC6I=,tag:RAd2pvtL++C8rdlqch4g6Q==,type:str]
+    postgres: ENC[AES256_GCM,data:MaKQs6f2sp1e42u4DRx/PUsSFnJN0Ks+BtUrMJkUwD28,iv:Wz/MtaC/hg5zVxcdZWKEHeQb5KGio653mgHf4IrE7mk=,tag:7kaYJ1DnxNGbcr31bHb0zA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -30,8 +30,8 @@ sops:
             bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
             heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-07-03T20:11:44Z"
-    mac: ENC[AES256_GCM,data:feOeO7XrNEtbxp2c2a0EbwVAWUJ+PCZavmRT/4DMFfsJWwjogCqAia2KfC249RufAL2WFVZAw8UfymjtHHKp2v7alN3kqcIZ2rjwtkkzi8JqRQvbbCJwTXLkl8wr21lZD7UdNuAfZHxbwJRchRR/6bsLnxipW8AH8YCv1/Knsg0=,iv:fO4dUfRgJOaDuvJNgl6CVZFovVphQB4rlLIKGgzy7S4=,tag:8Ts1XozKYoSghho4ORDW0Q==,type:str]
+    lastmodified: "2024-10-04T19:11:52Z"
+    mac: ENC[AES256_GCM,data:sTsTQOCO6ggoz6hXKU/Nnfuvs2UjYwuYLhMZ/P+jHLV2Jn3gBnUUTsn3lEtG7fi9MOfILuTA93wdRciahAElY9me86j+TVa/9PdbW9Earh5rH7M91LyRRS74C99LedXco05gjxqc2s27ea0n25A8UF7eCgvAlD+4DP0WNUiDUcE=,iv:wn9ahsWE2RYy9pSi30Uy2/vStQCHNiwk6ZJU/OdNDuk=,tag:SZe/b9+2PuoBNZcwuS8Ong==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1