Restic: Difference between revisions
m fixed user Tags: Mobile edit Mobile web edit Advanced mobile edit Visual edit |
m added section for connecting to a REST server with secrets Tags: Mobile edit Mobile web edit Advanced mobile edit Visual edit |
||
| Line 26: | Line 26: | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
$ nix shell nixpkgs#apacheHttpd -c htpasswd -B -c .htpasswd | $ nix shell nixpkgs#apacheHttpd -c htpasswd -B -c .htpasswd YOUR_USER | ||
</syntaxhighlight> | </syntaxhighlight>To declaratively use the <code>htpasswd</code> file you will need to use a [[Comparison of secret managing schemes|secret management method]]. The following example uses [https://github.com/Mic92/sops-nix sops-nix]. | ||
To declaratively use the <code>htpasswd</code> file you will need to use a [[Comparison of secret managing schemes|secret management method]]. The following example uses [https://github.com/Mic92/sops-nix sops-nix]. | |||
{{File|3={config,inputs,...}: | {{File|3={config,inputs,...}: | ||
| Line 58: | Line 54: | ||
}|name=configuration.nix|lang=nix}} | }|name=configuration.nix|lang=nix}} | ||
==== Connecting a client ==== | |||
If using a <code>htpasswd</code> file, you will need to pass the URL to the configuration in this format: | |||
<code>rest:<nowiki>https://user:pass@host:port/</nowiki></code> | |||
The user will need to be the same user as used when you created the <code>htpasswd</code> file. If your password includes special characters you will need to [[wikipedia:Percent-encoding|percent-encode]] the characters within the URL. See additional information in the [https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#rest-server restic docs REST server section]. | |||
Below is an example of a configuration that connects to a remote repository using sops-nix for secrets. | |||
{{File|3={config, inputs, pkgs, ...}: | |||
{ | |||
imports = | |||
[ | |||
inputs.sops-nix.nixosModules.sops | |||
]; | |||
sops = { | |||
age.keyFile = "/home/YOUR_USER/.config/sops/age/keys.txt"; | |||
defaultSopsFile = ./secrets.yaml; | |||
secrets = { | |||
"restic/repo_password" = {}; | |||
"restic/server_url" = {}; | |||
}; | |||
}; | |||
# For debugging | |||
environment.systemPackages = with pkgs; [ | |||
restic | |||
]; | |||
services.restic.backups.restic_repo_example = { | |||
initialize = true; | |||
paths = [ | |||
"/home/YOUR_USER" | |||
]; | |||
pruneOpts = [ | |||
"--keep-daily 7" | |||
"--keep-weekly 5" | |||
"--keep-monthly 12" | |||
"--keep-yearly 75" | |||
]; | |||
timerConfig = { | |||
OnCalendar = "daily"; | |||
Persistent = true; | |||
}; | |||
# Encryption key for repository | |||
passwordFile = config.sops.secrets."restic/repo_password".path; | |||
# Server URL | |||
repositoryFile = config.sops.secrets."restic/server_url".path; | |||
}; | |||
}|name=configuration.nix|lang=nix}} | |||
== Security Wrapper == | == Security Wrapper == | ||