services: forgejo: enable backups using restic

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2024-06-24 23:11:25 +02:00 · 2024-06-24 23:11:25 +02:00 · 417ff5defa
parent d94687c812
commit 417ff5defa
1 changed files with 22 additions and 1 deletions
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -1,4 +1,4 @@
-{ config, my, secrets, ... }:
+{ config, my, pkgs, secrets, ... }:

 let fqdn = "git.${my.domain}";
 in {
@ -87,6 +87,12 @@ in {
        PASSWD = secrets."forgejo/mail/password".path;
      };
    };
+    dump = {
+      enable = true;
+      backupDir = "/var/backup/forgejo";
+      interval = "04:15";
+      type = "tar.zst";
+    };
  };

  assertions = let cfg = config.services.forgejo;
@ -126,4 +132,19 @@ in {
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINVZ8zYHz1pUFzM8AKwMTWTTTvQTw10RyZJUVwXMt0FS"
    ];
  };
+
+  services.restic.backups.forgejo = {
+    environmentFile = secrets."restic/rest-env".path;
+    initialize = true;
+    repository =
+      "${my.homelab.services.restic.repositoryBase}/${config.networking.hostName}";
+    passwordFile = secrets."restic/repo-password".path;
+    inherit (config.services.forgejo) user;
+    paths = [ "/var/backup/forgejo" ];
+    timerConfig.OnCalendar = "*-*-* 5:30:00"; # daily at 05:30
+    backupCleanupCommand = my.mkResticBackupNotificationCmd {
+      name = "forgejo";
+      inherit pkgs secrets;
+    };
+  };
 }