diff --git a/hosts/gitea/default.nix b/hosts/gitea/default.nix index f4957dab..92b7e0ff 100644 --- a/hosts/gitea/default.nix +++ b/hosts/gitea/default.nix @@ -131,11 +131,27 @@ package = pkgs.postgresql_15; upgrade.stopServices = [ "gitea" ]; }; + + restic.backups."remote-server8" = { + paths = [ "/var/lib/gitea/" ]; + extraBackupArgs = [ + "--exclude-file=${pkgs.writeText "restic-exclude-file" '' + /var/lib/gitea/data/indexers/ + /var/lib/gitea/data/repo-archive + /var/lib/gitea/data/queues + /var/lib/gitea/data/tmp/ + ''}" + ]; + }; }; sops = { defaultSopsFile = ./secrets.yaml; - secrets."gitea/ldapSearchUserPassword" = libS.sops.permissionForUser "gitea"; + secrets = { + "gitea/ldapSearchUserPassword" = libS.sops.permissionForUser "gitea"; + "restic/gitea/password".owner = "root"; + "restic/gitea/repository".owner = "root"; + }; }; programs.msmtp = { diff --git a/hosts/gitea/secrets.yaml b/hosts/gitea/secrets.yaml index e52a7a2c..af26f971 100644 --- a/hosts/gitea/secrets.yaml +++ b/hosts/gitea/secrets.yaml @@ -1,5 +1,9 @@ gitea: ldapSearchUserPassword: ENC[AES256_GCM,data:c19HAzk0/KYCP9liYTIO8ZgG6T1GYFoQoq/X0oJJbOs=,iv:R1bbx6q+6R0bMP14FjRAug3zfw3+hzJKY9v3CWsNQnc=,tag:O16XCUzWV33ukDUIY9vxow==,type:str] +restic: + gitea: + password: ENC[AES256_GCM,data:KA+m1s914wwhI0RkP2Zt9ECPk8/2fTmmFW6k9CBblTk=,iv:uqUFLF4yG4R/b84DdocNA9F5yvZ2PwSlTVozEeJmqhM=,tag:LjmglZpPeGItnh3YbXvGqQ==,type:str] + repository: ENC[AES256_GCM,data:OsDn4BJWqM0cs4WJtjpfXWLjHWuJmd8zSCNzvnUalyFCfDkvgmaA1AlL6XOtDjphEopoEgZvGA2ps1p7a4Mp2n1dhPDSv8o9apRsjgIhXi6nBzonVaIEGVeABc8HYl2e,iv:PJ4WmJ/B0uJic5VgDua09w5vAYaxekHHZbPhygFx3dQ=,tag:0aLLx9nV7OhCNwBOmW6N1Q==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +28,8 @@ sops: RWhQMzRGZlRtelNyNUEvNUkvL25CcWcKAcvpGL8WLnSsWJa0pItFmboMs+StqFEN 2AIAZuwEA5PHzWxD24/4zS5Hd3GSYMbQ1OHk4M4ua6iJhQ8sUxeccQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-23T00:32:17Z" - mac: ENC[AES256_GCM,data:BHvFXq2qqOwivXCSfLLo/B9mWMXheh2jO2lJFN5b3CFxKkrDHPeeXr8tHXLBKlNC+CX+0DUobr/u/w/PoDx4wYhRDaRDUlH+/wqGzsjkzKPNj1vXSSNXrXeFPCyKODCHepkF7RmS1t59KLyzQBIksHUDKBNtoqSPjZh33wvE05U=,iv:hQTa3LRMrOVKLcXiPrRchYNRR7ZOyeVv8f3TCHf5spo=,tag:1PYAfdyrV4CSNDk2Y+wb2A==,type:str] + lastmodified: "2023-05-16T21:51:47Z" + mac: ENC[AES256_GCM,data:jIp61lpScD+a6w4DXuKru5KLNdZDj5kcX9Z1jbwvHCGqmRvxTeaIGh9Ca1j6MkSqWmUouQ0ZzM+NTVILwnRzB4l4/9X9BAD1mDmStxVmba1rGtr9mV9eqxM9kT92+mjmHY7N5fogGJjY3IenMelMciUcXRv9m/IdZ4UiDYZP0pU=,iv:oNhlL9ey7hT3gewSjnN86iGgXeDGSjkzCToEQHvy+W4=,tag:Sr0kDWC/F63esk47NvVFqQ==,type:str] pgp: - created_at: "2023-03-17T00:18:41Z" enc: | diff --git a/hosts/server8/default.nix b/hosts/server8/default.nix index c7580e11..e3c25da6 100644 --- a/hosts/server8/default.nix +++ b/hosts/server8/default.nix @@ -41,7 +41,7 @@ locations."/restic/" = { proxyPass = "http://${config.services.restic.server.listenAddress}/"; extraConfig = '' - client_max_body_size 20M; + client_max_body_size 40M; proxy_buffering off; ''; }; diff --git a/hosts/server8/secrets.yaml b/hosts/server8/secrets.yaml index 9d829ea3..51f371c7 100644 --- a/hosts/server8/secrets.yaml +++ b/hosts/server8/secrets.yaml @@ -5,9 +5,9 @@ ceph: osd.2: keyfile: ENC[AES256_GCM,data:PwOm1GNXLUYVhjoTQB1Ne/X0J1OUeUBk3ucGJv2qgbgpJUH6sXR/Ng==,iv:q7JUhvn2jeyT55/DTepQTa4ocXl1zN9SdzKz1CO/XEE=,tag:lPsfERwCcfyjvaCWEd4e7w==,type:str] restic: - password: ENC[AES256_GCM,data:49HqLytXPFVxCipfcbdNTiryCojL3b8zOjtlTsAXvOFPNFphRicP/YbeqFH9zmw9rV65txEtkAbGZRZQhWpPu0HKRztXDYJjur49K78iivc5+IcFjkZLPliEp7ae8E+W8ymmV2vYmvXzlJiOrOAruDD1AMKkrRyzgNupc4ufm9jOO/xiyto13e6s/uDy0LjgUfpycd7JhTzQk1IDDHut0gJNUcrs,iv:ZWzRkXRR9n47+gVBeTg3tsdezil8pHZ6rYMrSDXEmLw=,tag:wT+ImhmB1rMKh7KmGyrn0w==,type:str] + password: ENC[AES256_GCM,data:JENFBPlYa9NqMUryH+CBpBZL376EO4YYwPPhiOGScO3diPE0SCRvtrbpCyyI41Quhu2WIktRJu/lgpdCgWMEUsTpvf/U84roSXqBLcnOpWhYIBqzVguakyRmD/99BRl1K/hOUXa6rSeSm+dt9lQmk7EcWccEBkxgimJsCWYyE9bf5YM4Gli+po4/JDaxNhotUcReg+QSVdSXPXrThFVJqA+bPpfAi4cirmbfrYu2ByLnA8iJsni9eAuvtwjikUC+rEW4j14cpgXA+5z4,iv:QF5LYgjpl1ESco5V9g3vTl9Df46EGY1pgzBShC56prI=,tag:eOFLna4uWm2Q9b7bKwU0Fg==,type:str] #ENC[AES256_GCM,data:wKIykk+mVh3I2Hyo2TZVftZxuPZzlAmPEIX41WO7eLka/03P01cTZQl6bmElMRprwWFY,iv:B1ujyiHpdDeNLFjntmRKaAEFknLVNzsxv52kTMx9hVw=,tag:hzyRxamPe7nSUoKFaUKJKw==,type:comment] - htpasswd: ENC[AES256_GCM,data:Wp0ggn3TbUANlazoeuCRo8/cgyFRZVtCC01vh+XBJ5Xhz5F+BoHnalqm8NwkVC513FBvfTjFCQe5xPBL6yLlvSXA5UpidyIfn06DFXZZZJL8PW95s+pSxUdGgE/6IYE2UYEn8hUP47yYpq38/eKQWH/7PYmtEBasj22qKKCXysXcc5KoE/XcY4x75Whv8TzPz7auaG5gVCQM0Z+pYLSNb4mJ/lwUY+G8bSECKMZdakTMmbm6BQMvlFi4xdIfd9WJhy4WFAVeUv4bxqbA1zFYL5EYMbkxlbtqEwkVD5untjx/ma0irWJx1CIVEkqOKZzKqa4O/7icStxa3lZyy2aXs5QLgYGNHNs8FEX3GN/jWwb1KMoprw==,iv:3TpwbnLtzvURBsGyfRDnAo6EBea9rYM5t2HSbhfA0m8=,tag:/DYJZSBFZUxFMG6cBCnmfA==,type:str] + htpasswd: ENC[AES256_GCM,data:PkX8rndSPWD4HjkbkOUUeehrI0zjXfCjlaMa/r0KbdfhFYD8pM0hv6i6hH18amqEzXWKLY1cc4SlID+prXm0oTzC7fRDgJMMnp8ImvoWSW6TdD+2Zax+yIIkldBnvn+2KVAjG9tLPN8Riz7GPicxC/QvrCZ/gfP+B8xxxbpX2NjCm+Rjjakd2zyqbMvJ+M1F/CmJuFAz28gxDAYB4jGRxH6faobZomiI5m9c2Vv+JUJAcZOcn0TcL6Rhc4TZh1lmj1JI2GiN0/IdjroO1LSmdc4hm7xoE3o3cBpPz7iXCM8NvPWsg3l+rBzbmdtNUC3jE+kMR+wq2b9CGcnJm8yG8yPcQLOflgGtTC0fE9ODNrjYu2lVaocTPAwgToKpwHFtbr790Q1/VSUKkc7TQx0E7RyCcoARm9bmmJMvuxb284epCi9GRPmsn8tNRI+VuymK6vy/7t6M+6k=,iv:SZkT764rVpp2A6YXcFRda5AnwDnTJoxOumf2aoimOCo=,tag:tsnFDp/ORW62g0srFoH5nQ==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +32,8 @@ sops: bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-16T21:27:12Z" - mac: ENC[AES256_GCM,data:sZNCVw+jKJfGOrSJI64ePmm4HRLzBqtt11EcIoNGlAs/oxCZSYrHzgqW9+p1mpzilL0EnuZqVoKtXnXeKq3WqyyFFkwZH4ej7tbsmp4Y7iDoY0PPyWw5zNKc4Rl6bnkVSLjpZxo+Xv2/6WJRnYF0Khg2bmv879apVKp1XHrG+Tw=,iv:jGtyuB4Ofrrs8q/k+ZazU/SEZGetl0XvwjOTA6YKpfo=,tag:4MJ8OTFq2JWcuciXA5uuJw==,type:str] + lastmodified: "2023-05-16T21:50:47Z" + mac: ENC[AES256_GCM,data:n2+OnCncIS6QW9zmIwAgb6N75ZDk4EjoXzWzdfX0Q1EXoFy4k0C6s8jWFriIauUmUdRWMJguIz5jR5jLjdIA/Mfv2ZCFWW6Jmx5D525Kcf6K6SP/IrOhtB7iUrlr4YQPsM4HqiOO5xOf77Ud9RAH2vccLC6Q6Da6tOGl8VcKq8U=,iv:PJbC2+ezrUR2u2eLerY4zemNR+VlQMTeNi9jjm8Ft6M=,tag:+0z3SmF+jx09Qt0+IV5/IA==,type:str] pgp: - created_at: "2022-12-27T23:54:07Z" enc: |