challenger: more minor migrations

README.md

@@ -26,13 +26,13 @@ Other installed packages and tools are described in the config files (like ./hos
 ## Public / important services
 
 - Matrix ([source](./hosts/defiant/services/matrix/default.nix)) - Decentralized, encrypted chat - Contact me at @felixalb:feal.no
-- [Nextcloud](https://cloud.feal.no) ([source](./hosts/voyager/services/nextcloud.nix)) - Personal cloud services and "google replacements", including file hosting, notes, calendar and webmail
+- [Nextcloud](https://cloud.feal.no) ([source](./hosts/challenger/services/nextcloud.nix)) - Personal cloud services and "google replacements", including file hosting, notes, calendar and webmail
 - [Gitea](https://git.feal.no) ([source](./hosts/defiant/services/gitea.nix)) - Software forge / git server
 - [Hedgedoc](https://md.feal.no) ([source](./hosts/defiant/services/hedgedoc.nix)) - Collaborative markdown notes editor
 - HomeAssistant ([source](./hosts/defiant/services/home-assistant.nix))- Home automation / IOT controller
 - [VaultWarden](https://pw.feal.no) ([source](./hosts/defiant/services/vaultwarden.nix)) - BitWarden Password Manager backend
 - [KeyCloak](https://iam.feal.no) ([source](./hosts/defiant/services/nextcloud.nix)) - Authentication provider, giving SSO with OIDC or SAML
-- [Jellyfin](https://jf.feal.no) ([source](./hosts/voyager/services/jellyfin.nix)) - Local media streaming
+- [Jellyfin](https://jf.feal.no) ([source](./hosts/challenger/services/jellyfin.nix)) - Local media streaming
 
 ## Networking
 

hosts/challenger/backup.nix

@@ -0,0 +1,38 @@
+{ config, pkgs, lib, ... }:
+{
+  services.borgbackup.jobs =
+    let
+      borgJob = name: {
+        environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
+        environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
+        repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/voyager/${name}";
+        compression = "auto,zstd";
+      };
+    in {
+      postgresDaily = borgJob "postgres::daily" // {
+        paths = "/var/backup/postgres";
+        startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
+        extraInitArgs = "--storage-quota 10G";
+        encryption = {
+          mode = "repokey-blake2";
+          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
+        };
+      };
+
+      postgresWeekly = borgJob "postgres::weekly" // {
+        paths = "/var/backup/postgres";
+        startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
+        extraInitArgs = "--storage-quota 10G";
+        encryption = {
+          mode = "repokey-blake2";
+          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
+        };
+      };
+
+      # TODO: timemachine, nextcloud, komga, calibre
+
+    };
+
+  sops.secrets."borg/postgres" = { };
+  sops.secrets."borg/transmission" = { };
+}

hosts/challenger/configuration.nix

@@ -3,9 +3,11 @@
 {
   imports =
     [
+      ./hardware-configuration.nix
+
       ../../base.nix
       ../../common/metrics-exporters.nix
-      ./hardware-configuration.nix
+      ./backup.nix
       ./exports.nix
       ./filesystems.nix
 

hosts/defiant/services/monitoring/prometheus.nix

@@ -17,13 +17,13 @@ in {
         static_configs = [
           {
             targets = [
-              "voyager.home.feal.no:9100"
+              "challenger.home.feal.no:9100"
-              "sulu.home.feal.no:9100"
+              "defiant.home.feal.no:9100"
-              "mccoy.home.feal.no:9100"
               "dlink-feal.home.feal.no:9100"
               "edison.home.feal.no:9100"
-              "defiant.home.feal.no:9100"
+              "mccoy.home.feal.no:9100"
               "scotty.home.feal.no:9100"
+              "sulu.home.feal.no:9100"
             ];
           }
         ];