From 4c89574d36cd492fb7147c0613aab43aa318575b Mon Sep 17 00:00:00 2001
From: Malte Tammena <malte.tammena@pm.me>
Date: Sat, 3 Feb 2024 20:54:14 +0100
Subject: [PATCH] feat(user/deck): backups to faunus-ater using restic

---
 .sops.yaml                      |  7 ++++-
 modules/deck.nix                | 16 ++++++----
 secrets/users/deck/secrets.yaml | 52 +++++++++++++++++++++++++++++++++
 users/deck/home.nix             | 11 ++++---
 4 files changed, 75 insertions(+), 11 deletions(-)
 create mode 100644 secrets/users/deck/secrets.yaml

diff --git a/.sops.yaml b/.sops.yaml
index 6e6d448..dd23804 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -79,7 +79,6 @@ creation_rules:
       age:
       - *helix-texta
       - *murex-pecten
-      - *polymita-picta
   - path_regex: secrets/users/marie/[^/]+\.yaml$
     key_groups:
     - pgp:
@@ -87,4 +86,10 @@ creation_rules:
       age:
       - *trochulus-hispidus
       - *murex-pecten
+  - path_regex: secrets/users/deck/[^/]+\.yaml$
+    key_groups:
+    - pgp:
+      - *malte
+      age:
+      - *polymita-picta
 
diff --git a/modules/deck.nix b/modules/deck.nix
index b50c81d..66f1615 100644
--- a/modules/deck.nix
+++ b/modules/deck.nix
@@ -58,11 +58,15 @@ in {
       nintendo.enable = true;
     };
 
-    # programs.hyprland = {
-    #   enable = true;
-    #   xwayland = {
-    #     enable = true;
-    #   };
-    # };
+    sops.secrets = let
+      sopsFile = ../secrets/users/deck/secrets.yaml;
+      owner = "deck";
+      mode = "0400";
+    in {
+      restic-backup-deck = {
+        inherit sopsFile owner mode;
+        key = "restic-backup";
+      };
+    };
   };
 }
diff --git a/secrets/users/deck/secrets.yaml b/secrets/users/deck/secrets.yaml
new file mode 100644
index 0000000..5befb18
--- /dev/null
+++ b/secrets/users/deck/secrets.yaml
@@ -0,0 +1,52 @@
+restic-backup: ENC[AES256_GCM,data:ZZcPiA0fbXjyC0I226X9SSN1J/k+/8/NTswylKxXPQg=,iv:nUNYIv/xSJEUrTJNvuvWF08AbZqHOorzbikM1XGe4pM=,tag:3GefusGY3IuxC2D9PWLR9g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1c9pnv970vt2c88u3ra4zxnhz6j76la4nm3ddcuws9a6mfpnw43lspaud83
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SWtGNEp5ckRYSVhLTER3
+            Q0V4d1ZCcWpDdUxud1ExR05EUHFsR25QZkZRCjJaUEZvWC8yeWF1bEZWKzkwMEkw
+            VUJJbVFNbDBMVGEvUCtCU3pPa3Z6NlUKLS0tIC9KcU5NSlJhOGNDRDIvVHNHMHdG
+            dS96cHRsbjFvSCtLTlErbndLVG9SYlUKgCEX/VFmoQN1a6wn0s5uGdRR7PKmDl9n
+            mqRDHgUWgo+AQ7enJ7qJ+zdOnLqrogCraLX6nRDJv5CPMHWOSMFYHA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-01T10:56:41Z"
+    mac: ENC[AES256_GCM,data:CfNsydv+yS6IzJZRGmEvRuwZ0yGotf1pVGozDuKiiAdEH/94ht7zlh92XcKAFQMCLYfH3f03JEU0uYiJLThE7ryjVBQJRr8IZSKWlQ8Ryr/4T7gyWFd45ZQ2EporVqKptNQO0RjywKeeamDvYnSrFD5pXRV+d4MNCtyMrqrFvso=,iv:wu5QOEX7PAdLxdnHwtmOndPQFlmZs5zoN32mzdzFaqs=,tag:VMRjnEOd9/XxoOLMruOKKw==,type:str]
+    pgp:
+        - created_at: "2024-02-01T10:56:01Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA1TPiPeBUmHHARAAzGuyamR7D/JWCTnZdqUtGoQqIFva15JjBGpdeY0RmSE3
+            5Mv+SQXUgPwiOF80vXTkpGcSIoBu5IeRYMaIsqMyqxrg1fgkcEzcfYzVQXaHXzzl
+            4e5k0vkLw7sUWQD3Aea03MbYBvEFWODOq/m6rKHeEuFjpabU4ffI5VsjdJF+6tCt
+            v/NcJiuV8HQLxShgV7QXkQHaRH9JUIHDFp/dPyhyK9Yt25YGZeezwJPdLGDcyFu0
+            W0PkPDXX637VxQy3XDZizulEgLTL+fMVX14acEKOK5UgG5gX5ZeDS+e4E5O242FD
+            yuim+f2DpG93Uws7OBsDNcZ4O1f4joWq63ErhO32FOgL4V8dc7BA1ct78AJwVOeS
+            nqKaAKTv69zGzy7+sFL3IEkCvmhAbRmrKAdooLOa84Cmdmb7HMrObCfYoiD/yHai
+            G+TaptLTfW7UC6ZY5oz1wr3y3IkHN3K4J2UAIuvpZd5RusbgOLl3+2BwWhTmyVoq
+            N0Kr9Z4TsdYokLgzVGv56jqe1i/DzczB3YOHwW5rHxDnHmih91mHPGfsojCApQZn
+            ENdGPlwX0O+SYRl0EiakgbxYNcNyy5VNCBURIbYUNnZI0TZAfklVrD2mKtZTDzLv
+            5F6LwWnVzaabqcW9qfUjbGWS/uLjjdySkHeoq2+jH4TiLqD+ejoDneF6v0poDGqF
+            AgwD0cvHqpYuZE0BEACkn6+D95Ueokw+UM7z/OvxVaQtmPsExOSGRL5sJx1tXfKf
+            o42ExAWx0K9tMMPQQxRzqYKLcGk9oO/QOoTf1/29usFK72IX9z7O8ddHPILTRlty
+            rBrCSExhMaA81oiRi4+81U077G1C4yQh4Pg76wQBJG4EIV3cc38OYb0WHJd5i6gT
+            VbucdT1OYyVaLkNlW421jWYOTpKtrrzKKX39EwugIvQ+1g3HeMJfd4LqFm2TjnaD
+            stZMJZNhJhLGC8TEDkV27wLLvAi5YrqqSC9fmdq+lKp3bocAkz2x3k4cyXk/sLaP
+            r/rqwJ3Rao5aE+MMlzBSATfozO7IkA7+k8dBiy37H8ANIJvQ/H5YhhGE5r8CLp6L
+            OlcFwfj+jrZJvaTWrG7HmyOnnZIg+C7iWnvsSfSzGO5x1vppvq704UX+REHyC/W/
+            d0mpEcFsOhSVSOV4FE5qWUKo884d19WG6aDZLl0UGhksiQXWtO24mdIphbeBxgv5
+            k9hlxXmj1S9AbH0aUFshJf6wZKHrr/a6Xog3Hg8MMzJiId1jl5u9v4YOHwW7UC04
+            4mT/67+TPjulJVnWhaQHof68dL+7sZO86pXJGvJC3LP5vdJH6QTtJY+DKS9zL2IE
+            33rTHu8MG3MNgaRxpvrRN/BkSYhcpLME8rb8FRAyP9Q02HE/bwrTCvvqHYwjtdJe
+            Aefyxl3hfMIhYQ50gXRgDhrfJX47SmyH2cCu7Um2/KL36uQ3zZEggvJonmRuj2qO
+            dJPVy8iYORl5IHAbjT6x4nwltR8Gm3wCCUogwK9OR+2G7okfXtNe56xTmXoa3Q==
+            =NqOk
+            -----END PGP MESSAGE-----
+          fp: D5FEA546C06B3AEC97EB7F5A437B3369EAE401C4
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/users/deck/home.nix b/users/deck/home.nix
index 0309db5..ac0fc34 100644
--- a/users/deck/home.nix
+++ b/users/deck/home.nix
@@ -28,6 +28,7 @@
 in {
   imports = [
     ../modules/boilr.nix
+    ../modules/restic-backup.nix
   ];
 
   config = {
@@ -60,10 +61,12 @@ in {
     ];
 
     # Configure restic backups
-    # services.restic = {
-    #   enable = true;
-    #   paths = [];
-    # };
+    services.restic = {
+      enable = true;
+      paths = [
+        "/home/deck/sdcard/Emulation/saves"
+      ];
+    };
 
     fonts.fontconfig.enable = true;