Added backup script for key services to gdrive

2026-03-29 14:30:54 +02:00 · 2026-03-29 14:30:54 +02:00 · f9043fcb1a
commit f9043fcb1a
parent 8c1db38398
2 changed files with 99 additions and 0 deletions
--- a/maskiner/node/configuration.nix
+++ b/maskiner/node/configuration.nix
@ -10,6 +10,39 @@
 }:
 let
  modulesDirectory = ../../moduler;
+  backupScript = pkgs.writeShellScript "rclone-backups" ''
+    set -euo pipefail
+
+    declare -A SOURCES=(
+      [vaultwarden]="/var/lib/vaultwarden/"
+      [tailscale]="/var/lib/tailscale/"
+      [kitchenowl]="/var/lib/kitchenowl/"
+    )
+
+    REMOTE_BASE="gdrive:backups"
+    NOW="$(date +%Y-%m-%d_%H%M)"
+
+    for name in "''${!SOURCES[@]}"; do
+      SRC="''${SOURCES[$name]}"
+      DEST="''${REMOTE_BASE}/''${name}/''${NOW}"
+
+      rclone copy "''${SRC}" "''${DEST}" --create-empty-src-dirs \
+        --config /root/.config/rclone/rclone.conf
+
+      mapfile -t dirs < <(
+        rclone lsf "''${REMOTE_BASE}/''${name}" --dirs-only --format p \
+          --config /root/.config/rclone/rclone.conf | sort
+      )
+
+      if [ "''${#dirs[@]}" -gt 7 ]; then
+        remove_count=$(( ''${#dirs[@]} - 7 ))
+        for d in "''${dirs[@]:0:''${remove_count}}"; do
+          rclone purge "''${REMOTE_BASE}/''${name}/''${d%/}" \
+            --config /root/.config/rclone/rclone.conf
+        done
+      fi
+    done
+  '';
 in
 {
  # You can import other NixOS modules here
@ -36,6 +69,7 @@ in
    (modulesDirectory + /services/immich)
    (modulesDirectory + /services/paperless)
    (modulesDirectory + /services/filebrowser)
+    (modulesDirectory + /services/mediamtx)
  ];

  sops.defaultSopsFile = ../../secrets/sops.yaml;
@ -48,8 +82,63 @@ in
  environment.systemPackages = with pkgs; [
    git
    vim
+    rsync
+    rclone
+    fuse
  ];

+  programs.fuse.userAllowOther = true;
+
+  systemd.tmpfiles.rules = [
+    "d /mnt/gdrive 0755 root root - -"
+    "d /mnt/gdrive/backups 0755 root root - -"
+  ];
+
+  systemd.services.rclone-gdrive = {
+    description = "Rclone mount for Google Drive";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = ''
+        ${pkgs.rclone}/bin/rclone mount \
+          gdrive: /mnt/gdrive \
+          --config /root/.config/rclone/rclone.conf \
+          --allow-other \
+          --dir-cache-time 12h \
+          --vfs-cache-mode writes
+      '';
+      ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/gdrive";
+      Restart = "on-failure";
+      RestartSec = "10s";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+  systemd.services.rsync-backups = {
+    description = "Rclone snapshot backups to Google Drive";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = backupScript;
+      User = "root";
+    };
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    path = [
+      pkgs.coreutils
+      pkgs.findutils
+      pkgs.rclone
+    ];
+  };
+
+  systemd.timers.rsync-backups = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 00,06,12,18:00:00";
+      Persistent = true;
+    };
+  };
+
  home-manager.users.fw = {
    # imports = [
    #   (modulesDirectory + /programs/beets)
@ -101,6 +190,11 @@ in
    port = 8126;
    domain = "files.wastring.com";
  };
+  mediamtx = {
+    enable = true;
+    host = "0.0.0.0";
+    rtspPort = 8554;
+  };
  glance = {
    enable = false;
    host = "127.0.0.1";
@ -112,6 +206,10 @@ in
    domain = "wish.wastring.com";
  };

+  wedding = {
+    enable = true;
+  };
+
  forgejo = {
    enable = false;
  };
--- a/moduler/programs.nix
+++ b/moduler/programs.nix
@ -81,6 +81,7 @@
 	bitwarden-cli
 	lagrange
 	jujutsu
+	rclone
 	

    dbeaver-bin