From 997d1b2f9e5ab07c9b2109c1907d3d3925f066a2 Mon Sep 17 00:00:00 2001
From: alejandro-angulo <iam@alejandr0angul0.dev>
Date: Sun, 1 Dec 2024 17:02:55 -0800
Subject: [PATCH 1/2] Updated teslamate grafana dashboards

---
 packages/teslamate-grafana-dashboards/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/teslamate-grafana-dashboards/default.nix b/packages/teslamate-grafana-dashboards/default.nix
index 8645d5e..c0b1c87 100644
--- a/packages/teslamate-grafana-dashboards/default.nix
+++ b/packages/teslamate-grafana-dashboards/default.nix
@@ -5,13 +5,13 @@
 }:
 stdenv.mkDerivation rec {
   pname = "teslamate-grafana-dashboards";
-  version = "1.31.0";
+  version = "1.32.0";
 
   src = fetchFromGitHub {
     owner = "teslamate-org";
     repo = "teslamate";
     rev = "v${version}";
-    hash = "sha256-aX6FjOKyjsA/0IgLw/AnB01ddNk0yS6vd01BH/reBP4=";
+    hash = "sha256-diQRtJYfzGIVLxrdBad3XKWCtR97rj9Q1ZJ9MmvJGRk=";
   };
 
   dontBuild = true;

From 6c08146fd27396b726ac793a9082c865d091a6e1 Mon Sep 17 00:00:00 2001
From: alejandro-angulo <iam@alejandr0angul0.dev>
Date: Sun, 1 Dec 2024 17:03:26 -0800
Subject: [PATCH 2/2] Configure restic repo for nextcloud data

---
 modules/nixos/services/nextcloud/default.nix |  52 ++++++++++++++++---
 secrets/nextcloud_restic_env.age             | Bin 0 -> 418 bytes
 secrets/nextcloud_restic_password.age        |   7 +++
 secrets/nextcloud_restic_repo.age            |   8 +++
 secrets/secrets.nix                          |   3 ++
 5 files changed, 64 insertions(+), 6 deletions(-)
 create mode 100644 secrets/nextcloud_restic_env.age
 create mode 100644 secrets/nextcloud_restic_password.age
 create mode 100644 secrets/nextcloud_restic_repo.age

diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index 07850f7..dd23c61 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -5,6 +5,16 @@
   ...
 }: let
   cfg = config.aa.services.nextcloud;
+  secrets = config.age.secrets;
+
+  mkNextcloudSecret = attrs: {
+    name = attrs.name;
+    value = {
+      file = attrs.path;
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+  };
 in {
   options.aa.services.nextcloud = with lib; {
     enable = mkEnableOption "nextcloud";
@@ -19,11 +29,24 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    age.secrets.nextcloud_admin = {
-      file = ../../../../secrets/nextcloud_admin.age;
-      owner = "nextcloud";
-      group = "nextcloud";
-    };
+    age.secrets = builtins.listToAttrs (builtins.map (attrs: mkNextcloudSecret attrs) [
+      {
+        name = "restic/password";
+        path = ../../../../secrets/nextcloud_restic_password.age;
+      }
+      {
+        name = "restic/env";
+        path = ../../../../secrets/nextcloud_restic_env.age;
+      }
+      {
+        name = "restic/repo";
+        path = ../../../../secrets/nextcloud_restic_repo.age;
+      }
+      {
+        name = "nextcloud_admin";
+        path = ../../../../secrets/nextcloud_admin.age;
+      }
+    ]);
 
     services.nextcloud = {
       enable = true;
@@ -47,7 +70,7 @@ in {
       config = {
         dbtype = "pgsql";
         adminuser = "alejandro";
-        adminpassFile = config.age.secrets.nextcloud_admin.path;
+        adminpassFile = secrets.nextcloud_admin.path;
       };
     };
 
@@ -57,6 +80,23 @@ in {
       useACMEHost = cfg.acmeCertName;
     };
 
+    services.restic.backups = {
+      nextcloud = {
+        user = "nextcloud";
+        initialize = true;
+        paths = [config.services.nextcloud.datadir];
+        environmentFile = secrets."restic/env".path;
+        repositoryFile = secrets."restic/repo".path;
+        passwordFile = secrets."restic/password".path;
+        timerConfig = {
+          OnCalendar = "00:05";
+          Persistent = true;
+          RandomizedDelaySec = "5h";
+        };
+        pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 9001"];
+      };
+    };
+
     networking.firewall.allowedTCPPorts = [80 443];
   };
 }
diff --git a/secrets/nextcloud_restic_env.age b/secrets/nextcloud_restic_env.age
new file mode 100644
index 0000000000000000000000000000000000000000..e19d4e9d29f033467a3f719d496f27d5fc782cce
GIT binary patch
literal 418
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$2=#PzuS!>NEH}uptV;H9
zGtCK4^Y9LL_wvq2i3-l}GzbgNDDihq&aLn_sB|$;amqC1N=k7u@+n9!O(`kP)_2P<
zC<t=*H8L#o3C*d9%+Im(4$4f;@C-2U@OO>`*;QPep_`gwWNK<?sSufMo|=)aU~Xb;
zY3g2KXi*XDrEg&5oobj<nCn?t9B5`(>S%0a80ci-6&_@6>Ez+cl~q+_9ujHlomLuF
zky}<Ak?mFKoLN+9Ug?}-5oVT@>se^*pPC$1VQS{frK_u}U{M*GpPA?CQBq=@Q|Vpm
zX<-uPVGtT(rf-&MoL>=M=$52kR_LEm5$0{dmDz54EX`P@D%DkAI>xh1`_z=xXUerA
z)R?cPmVYbU#6R!wZm&Myr6;E@wl+zSy}kO`Ji{|LG#`AC5UiClSjqIWmgmWuE5Uq$
zfi-_V2)k4r-V$2Rz4ShV0B30ZdV|lbxeggmCKz75|8Mf{--lc{cWE5iI>R9Fe|G!l
O&mS)FWldPQy$t|VNt?|8

literal 0
HcmV?d00001

diff --git a/secrets/nextcloud_restic_password.age b/secrets/nextcloud_restic_password.age
new file mode 100644
index 0000000..8c46824
--- /dev/null
+++ b/secrets/nextcloud_restic_password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> piv-p256 UIEGzg AtUSDrnOeV44xXzVmduHJgpJEzozc+LqdLKlkiiDdJXA
+cJWbnIZGvISxhNXa6Jpiw8NrEfCncMAQHfW8v5uzzvE
+-> ssh-ed25519 Yk7ehg OwDJrMxpMvaxDnGBaSr8+WjGy44DAYwcPo7qujD8zCQ
+7LjtdWBG9+n89+NWvWLX/E63se9okelHkEb2HxFAkU8
+--- 7f/WYFPS9vxFsRa6MNX6EAbGya42EsVxrZbCTEhuIOc
+PÂˆO˜<c‘ë[&ô!W*oñ›gJo©,à¿ P±ä@ÎØ”«Óö7ô®	´Ø%„Ò"rÊ½Ì=Öc½kå«c#°PÌ@ù¡ñlÆ—Š½Xi"êï¸cåº€GÔí¬m‰N»¢/ØjÜWâj‚ku:ˆx¦(à.°>%×ß‘#~Ížæv¹¢ò/kbÒÃFÚg3®ŠçQêÝÀ
\ No newline at end of file
diff --git a/secrets/nextcloud_restic_repo.age b/secrets/nextcloud_restic_repo.age
new file mode 100644
index 0000000..875f289
--- /dev/null
+++ b/secrets/nextcloud_restic_repo.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> piv-p256 UIEGzg AowX1qo/8GwbPcZGt2yW77S7rA8/xtDGUocmR3hmQpTO
+vNy0dR5fwAk+2fV7xhEQq9Ja4VRW5RaDHo9a3L1FZhk
+-> ssh-ed25519 Yk7ehg IUjXb3+yVVIY3aa5wTagrRdm3bL9fGfCCfc20roqh1g
+D+aX+TYMg21CCfpVj6DQVcaRbU4sN5tB0aC0R6TfBFw
+--- u2cH5LG8E5DBRkL8FGq3s1I2Ht5Lhlk9hKrSaOjtISQ
+=q(ï=vßc×~iß(Pa¸GÑùGŸãx!	‹Iãþ<&õüN•Á7åJA.½'e
+DHŽLt¿t	1JÞFéL‡(9éEk[¢šQ·­×é³;Å‚?ì/Ê¤nPŒ´
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4d53ec0..e63a709 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,6 +15,9 @@ in {
   "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node machines.gospel];
   "hydra-aws-creds.age".publicKeys = [users.me machines.gospel];
   "nextcloud_admin.age".publicKeys = [users.me machines.node machines.gospel];
+  "nextcloud_restic_env.age".publicKeys = [users.me machines.node];
+  "nextcloud_restic_password.age".publicKeys = [users.me machines.node];
+  "nextcloud_restic_repo.age".publicKeys = [users.me machines.node];
   "tailscale_git_server.age".publicKeys = [users.me machines.git]; # This key expires, might have to update
   "teslamate_db.age".publicKeys = [users.me machines.node machines.gospel];
   "teslamate_encryption.age".publicKeys = [users.me machines.node machines.gospel];