Colin
1064867194
this requires a patch to uboot: - uboot thinks the drive has a capacity of 0 (i.e. 'unknown'). unclear precisely why. could be noncompliant drive firmware, or a timeout somewhere. and a patch to the rpi bootloader: - in order to trampoline into the rpi-4 uboot. and custom kernel modules in the initrd: - in order to detect the USB hub (rpi fw). additionally, i'm MANUALLY placing `bcm2711-rpi-400.dtb` into `/boot/nixos/..-linux-5.10.111-dtbs/broadcom`. i'll want to do this automatically over time. i hope to simplify much of this over time: this is just the first thing which works after a couple days of hacking at it.
35 lines
1.4 KiB
Nix
35 lines
1.4 KiB
Nix
# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
services.duplicity.enable = true;
|
|
# format: b2://$key_id:$app_key@$bucket
|
|
# create key with: b2 create-key --bucket uninsane-host-duplicity uninsane-host-duplicity-safe listBuckets,listFiles,readBuckets,readFiles,writeFiles
|
|
# ^ run this until you get a key with no forward slashes :upside_down:
|
|
# web-created keys are allowed to delete files, which you probably don't want for an incremental backup program
|
|
services.duplicity.targetUrl = builtins.replaceStrings ["\n"] [""] (builtins.readFile /etc/nixos/secrets/duplicity_url);
|
|
# format: PASSPHRASE=<cleartext>
|
|
# two sisters
|
|
services.duplicity.secretFile = /etc/nixos/secrets/duplicity_env;
|
|
# NB: manually trigger with `systemctl start duplicity`
|
|
services.duplicity.frequency = "daily";
|
|
services.duplicity.exclude = [
|
|
# impermanent/inconsequential data:
|
|
"/dev"
|
|
"/proc"
|
|
"/run"
|
|
"/sys"
|
|
"/tmp"
|
|
# bind mounted (dupes):
|
|
"/var/lib/pleroma"
|
|
"/var/lib/transmission/Downloads"
|
|
"/var/lib/transmission/.incomplete"
|
|
# data that's not worth the cost to backup:
|
|
"/opt/uninsane/media"
|
|
];
|
|
|
|
# set this for the FIRST backup, then remove it to enable incremental backups
|
|
# (that the first backup *isn't* full i think is a defect)
|
|
# services.duplicity.fullIfOlderThan = "always";
|
|
}
|