From edc88873323973c6a15544ec367fb70bf214e14a Mon Sep 17 00:00:00 2001
From: jolheiser <john.olheiser@gmail.com>
Date: Mon, 26 Feb 2024 20:35:55 -0600
Subject: [PATCH] feat: backup ugit repos

Signed-off-by: jolheiser <john.olheiser@gmail.com>
---
 flake.nix                        |  1 +
 machines/dragonwell/default.nix  |  2 +-
 machines/dragonwell/restic.nix   | 19 +++++++++++++++++++
 secrets/personal/restic-env.age  |  9 +++++++++
 secrets/personal/restic-pass.age | 11 +++++++++++
 secrets/personal/restic-repo.age | 10 ++++++++++
 secrets/secrets.nix              |  3 +++
 7 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 machines/dragonwell/restic.nix
 create mode 100644 secrets/personal/restic-env.age
 create mode 100644 secrets/personal/restic-pass.age
 create mode 100644 secrets/personal/restic-repo.age

diff --git a/flake.nix b/flake.nix
index dde5f48..5cc6df1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -243,6 +243,7 @@
         };
         dragonwell = {
           imports = [
+            inputs.agenix.nixosModules.default
             inputs.golink.nixosModules.default
             inputs.ugit.nixosModules.default
             ./machines/dragonwell
diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index 1828604..14d13f6 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -2,7 +2,7 @@ let
   username = "jolheiser";
   key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./gotosocial.nix ./ugit.nix ./hardware.nix];
+  imports = [./caddy.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
diff --git a/machines/dragonwell/restic.nix b/machines/dragonwell/restic.nix
new file mode 100644
index 0000000..9885bdf
--- /dev/null
+++ b/machines/dragonwell/restic.nix
@@ -0,0 +1,19 @@
+{config, ...}: {
+  age.secrets = {
+    restic-env.file = ../../secrets/personal/restic-env.age;
+    restic-pass.file = ../../secrets/personal/restic-pass.age;
+    restic-repo.file = ../../secrets/personal/restic-repo.age;
+  };
+  services.restic.backups.ugit = {
+    initialize = true;
+    environmentFile = config.age.secrets.restic-env.path;
+    passwordFile = config.age.secrets.restic-pass.path;
+    repositoryFile = config.age.secrets.restic-repo.path;
+    paths = ["/var/lib/ugit/repos"];
+    pruneOpts = ["--keep-daily 7" "--keep-weekly 2" "--keep-monthly 2"];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+  };
+}
diff --git a/secrets/personal/restic-env.age b/secrets/personal/restic-env.age
new file mode 100644
index 0000000..bd913d0
--- /dev/null
+++ b/secrets/personal/restic-env.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 E8j6/g 1HJtBNf8fXHgPxE/igj2b6z9o4Etlp+GHoLo8L6YnRs
+v+Sh2QlLbfixF7YkHTHM1luL4/SGlFzhNqQASH1UGDk
+-> ssh-ed25519 f31uNA 7HHWKFc59n5Y2UJ+qaNoYDfLJZbry/pZRvIFR4DWBWc
+DXcG+KGcE8JMPQt8cv4ted6vtkBf+u2uZsyPm4MMkwI
+-> psKyV-grease "MM~T(~g tK+-AO4 >-T !n090?K|
+Dtc2xPmFxFcTTC48EGs6awFQszoIjNY
+--- 7U9PGgjHxlCoYcyS5Mke4lhCcdqkQLjc9M5UycDSYWk
+�2�� 5͈��vUC��&���v5���R�ܹq��-˺Z��[ U%�k�r�V֙,�Q#jZ��y�nJd9��~z^��\ފ�Byv�/qI��Q"�U����	�d+�A���g���� ����l�E�-�
\ No newline at end of file
diff --git a/secrets/personal/restic-pass.age b/secrets/personal/restic-pass.age
new file mode 100644
index 0000000..d130979
--- /dev/null
+++ b/secrets/personal/restic-pass.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 E8j6/g IxilZcPJYM7QuBM+2/NTzzv4YNJVI41FvmTlkL+KoUw
+P7RK+wlfEdBeGVIU52QG43sRDJ9KxF0/6TarT9W+wbc
+-> ssh-ed25519 f31uNA pQCg9BCiIk//YdV3AHr3w2Y84K6MwH/HK/k7w4EapQQ
+9EySD+N5XEz/w4AyRBsLioYhr6PaPOkckMLhE7LONdk
+-> M-grease d_4>8< / 1V($
+yc2NhRg1u6HU1bAVVTqdi4qKyHdPINhhZt7HUPubLWR0KJyPb2Aaz6c66UmMu8La
+49kh/q2eAcgQ+GVOHUSc6ZYEf+WD
+--- YX4Fl76QjEubDmrpQcVx1ihZiVY2hQJhzrnIlxNlEHw
+�{�t��i��Hљ��xŦ��At+epVJ�ˬ�L��pY�
+L��

\ No newline at end of file
diff --git a/secrets/personal/restic-repo.age b/secrets/personal/restic-repo.age
new file mode 100644
index 0000000..6f42f47
--- /dev/null
+++ b/secrets/personal/restic-repo.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 E8j6/g rowSqBtScMXL4bm55633pfNeqZoRm3SCn4L34tcImSg
+Q//MbLOkqaEdyXoh7a/Tpfpn9hZ/CvZkERbyCE3Mu/c
+-> ssh-ed25519 f31uNA Uqd3VFq2E3eDn+PS2nA8+PiDgWquMXiVdpvZBxilwWE
+NI8cPIAgqyEujRyfEzk1JfqBhegLz35YuqgvCGaz1eE
+-> Le"!A-grease NuqxJ(p+ Cm'a)_Cn n7jH*
+repfVIM56jfigReUYNUiwkvhAuudOWqanbOrnwK7koarB8J7IYtufWh0GZT+Jusg
+oxlDpgqYkIcqwt2Zw+cjuUnWEKKv0o9OUw
+--- h6ZaemRWYqiGTTMvTpfDUpuxEdAi6xYp95wLHEBDO3E
+%”/4�0ƌ��Tr�v�0�1hTu��:�kH
�c���U�`�,�k�d����@õ`�?��	�ҿ�����t7r�	���4�LA
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 0cf619b..a38e355 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -18,4 +18,7 @@ in {
   "work/pip.conf.age".publicKeys = [jolheiser chai masala];
   "work/pypirc.age".publicKeys = [jolheiser chai masala];
   "work/cifs.age".publicKeys = [jolheiser chai masala];
+  "personal/restic-env.age".publicKeys = [jolheiser dragonwell];
+  "personal/restic-pass.age".publicKeys = [jolheiser dragonwell];
+  "personal/restic-repo.age".publicKeys = [jolheiser dragonwell];
 }