diff --git a/hosts/stratus/containers/docker/actualbudget/backup.nix b/hosts/stratus/containers/docker/actualbudget/backup.nix new file mode 100644 index 0000000..84ffd37 --- /dev/null +++ b/hosts/stratus/containers/docker/actualbudget/backup.nix @@ -0,0 +1,28 @@ +{ pkgs, lib, ... }: +let + serviceName = lib.last (lib.splitString "/" (builtins.toString ./.)); # Parent directory name +in +{ + myConfig.resticBackup.${serviceName} = { + enable = true; + healthchecks.enable = true; + + extraConfig = { + backupPrepareCommand = "${lib.getExe' pkgs.systemd "systemctl"} stop docker-actualbudget.service"; + backupCleanupCommand = "${lib.getExe' pkgs.systemd "systemctl"} start docker-actualbudget.service docker-tailscale-actualbudget.service"; + paths = [ "/data/${serviceName}" ]; + }; + }; + + environment.systemPackages = [ + (pkgs.writeShellApplication { + name = "${serviceName}-restore"; + text = '' + systemctl stop docker-actualbudget.service + rm -rf /data/${serviceName} + restic-${serviceName} restore --target / latest + systemctl start docker-actualbudget.service docker-tailscale-actualbudget.service + ''; + }) + ]; +} diff --git a/hosts/stratus/containers/docker/actualbudget/default.nix b/hosts/stratus/containers/docker/actualbudget/default.nix index 4b700a0..9aad54a 100644 --- a/hosts/stratus/containers/docker/actualbudget/default.nix +++ b/hosts/stratus/containers/docker/actualbudget/default.nix @@ -15,6 +15,8 @@ let configPath = pkgs.writeTextDir "tailscale-serve.json" serveConfig; in { + imports = [ ./backup.nix ]; + virtualisation.oci-containers.containers = { ${serviceName} = { image = "ghcr.io/actualbudget/actual-server:latest"; diff --git a/hosts/stratus/secrets.yaml b/hosts/stratus/secrets.yaml index ba0a001..6a8018e 100644 --- a/hosts/stratus/secrets.yaml +++ b/hosts/stratus/secrets.yaml @@ -1,5 +1,9 @@ seb-password: ENC[AES256_GCM,data:N3w7niUZsyFmF2gF+gMhlDb6XfoYZ8yNrZvv2J0Cb3zDhstW7LsgYZVcM3+MXPbTDE9xJ00VGBayOT7fW+5IYYWdGgbRWvOH0w==,iv:rLCKJ9wUL+3sjIaqwV89pYJtt/ERuoR4AAgbt9H4oHg=,tag:nuh9rT0W500w8+y76MqC1Q==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:vwFTBVQr7T8/Wrc3jOCF3TeQhuEpFyJ0M9yES2g+hSmoc4kraq+QfXmpbz9ciw5dk3mZoZycZFPKU2HJig==,iv:1Ca6tOhQNRw3jxnl3+IoKSJpRuy4jHy9HC/Dj2xOsmQ=,tag:ZqZPqBOF5GZoRLLO1Iq2Iw==,type:str] +restic: + environment: ENC[AES256_GCM,data:f6on7t1no/jPtnxQ6b7CYd1YyrdRyhuPa2H0z8ytGeCb4aIIrPDvKBjEUx8fvUKNk00Nf8Z2Vi+ZmuSz0gMHA7nQTvPhejU0VZvNT0X1AmUhahehDz4m0cylM8ZmtXklWl4=,iv:+ohpmCKu/KIEn4gcBn3hNDTF7qybQAe3uDWiQ8GAIVw=,tag:5FSZXr7t1VEC8xnlQrVyyQ==,type:str] + password: ENC[AES256_GCM,data:ERm1OwndSGhT7aTUyBW5E0z2l9gQhGy6LQbi+rDv,iv:XPPs61l6KWGA06uhRZid6rAgNfbHtcJWYjrD5QJrnlI=,tag:AmAdsNRqtjvGmQ0G44s9Fw==,type:str] +healthchecks-ping-key: ENC[AES256_GCM,data:F7XBp/zPuIxnIEmQX3+BHDPO0VBwJQ==,iv:c+/jK+4SiCby3yKdjXq69PEyfCOhua9quGCj7OK0Nhc=,tag:sjIAAuk8DY9VFHy0/p60WQ==,type:str] container: actualbudget: tailscale-auth-key: ENC[AES256_GCM,data:n6sxwHbhKyvk1gubSIg6qXyDONob2LJOWOUCvLwmZDe3tCVxkq62vwfgiqAA5is2HEaLi72JdgdYMFQNoggwEnZ5X1YcS8WC,iv:0rJJiL+T9y45nZqRqpMobP1XmVYHeLfZei7jQoofMLE=,tag:RKPj2JwBlhNMvYH27lGsaQ==,type:str] @@ -36,8 +40,8 @@ sops: aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-17T19:31:27Z" - mac: ENC[AES256_GCM,data:dHNRqEXwYMK02HY4suuLQb1nkPQrq4s1jzgG6thpfOMYhVZ4ARe9xAx1aUjZM+eeqqvL7Jn9kyGoJ4aItADUguce3mTbdMR5gy3E7B0mm/jBO3op1Ec0hgivf+Cf2D8Ex53seqJTxFbH3/wqtHwvl9c1WTI5j81jn4u13wFnARg=,iv:BX/7+AhdJKl9y583vBrszmQDYocOuXNCbBEB1E2mxXM=,tag:DgErmskmRdRv+iMAOTo2OA==,type:str] + lastmodified: "2024-09-18T19:37:12Z" + mac: ENC[AES256_GCM,data:zECcfjmDOUvCPlBzoBfxbTKuV93mDJLOw9uiRtAmwsbqRBhl1bF9Qv1DImSE4t8PzsYEYLydWcx0iYFiS65QVz6NtstC06G2QRMZvhTAku3dry2AazBTLv4ZbTXlK9PfrkjM0OU2WwpK5xDgWbuyuOTgDKY6yMcf3o3qy+4cSTo=,iv:mY1lsMWUoJrAKpZ3ly4IItlq0YGaUotmAlh0ldl9ICg=,tag:CWu35GdlmfiEIQg7h8qz+w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0