sets up restic on dnsc-server

hosts/dnsc-server/default.nix

@@ -1,4 +1,5 @@
 {
+  config,
   inputs,
   outputs,
   pkgs,
@@ -27,6 +28,12 @@
   boot.zfs.forceImportRoot = false;
   boot.zfs.extraPools = [ "main" ];
 
+  # Secrets
+  age = {
+    identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ];
+    secrets."restic/password".file = ../../secrets/restic/password.age;
+  };
+
   # Nix Settings
   # Perform garbage collection weekly to maintain low disk usage
   nix.gc = {
@@ -167,6 +174,22 @@
   # Tailscale
   services.tailscale.enable = true;
 
+  # Backups
+  services.restic.backups = {
+    initialize = true;
+    passwordFile = config.age.secrets."restic/password".path;
+    repository = "sftp:dnsc-storage:restic";
+    paths = [
+      "/home/dennis/notes"
+      "/main/share"
+    ];
+    timerConfig = {
+      onCalendar = "daily";
+      Persistent = true;
+      RandomizedDelaySec = "5h";
+    };
+  };
+
   # Environment variables
   environment.variables.EDITOR = "nvim";
 

modules/restic/default.nix

@@ -1,3 +0,0 @@
-{
-
-}

secrets/secrets.nix

@@ -2,11 +2,16 @@ let
   dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac";
   dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHS4Cq3G0yjoXB9qargJc/zbZdlClnJOcLxSC5ROo7h dennis@dnsc-vps-sm";
   dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server";
-  systems = [ dnsc-air dnsc-vps-sm dnsc-server ];
+  systems = [
+    dnsc-air
+    dnsc-vps-sm
+    dnsc-server
+  ];
 in
 {
   # Add like this: "secret1.age".publicKeys = systems;
   "vaultwarden/env.age".publicKeys = systems;
+  "restic/password.age".publicKeys = systems;
 }
 
 # 1. Create a file with secret
@@ -19,4 +24,3 @@ in
 #
 # 3. And use it like this:
 # passwordFile = config.age.secrets.secret1.path;
-