2
2
mirror of https://git.feal.no/felixalb/nixos-config.git synced 2024-12-21 19:57:30 +01:00

challenger: Fix nfs-client, replace borg with restic

This commit is contained in:
Felix Albrigtsen 2024-10-04 21:37:14 +02:00
parent 12e4d22136
commit 6de16fb116
3 changed files with 38 additions and 38 deletions

View File

@ -1,38 +1,32 @@
{ config, pkgs, lib, ... }:
{
services.borgbackup.jobs =
let
borgJob = name: {
environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/voyager/${name}";
compression = "auto,zstd";
};
in {
postgresDaily = borgJob "postgres::daily" // {
paths = "/var/backup/postgres";
startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
extraInitArgs = "--storage-quota 10G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
};
};
postgresWeekly = borgJob "postgres::weekly" // {
paths = "/var/backup/postgres";
startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
extraInitArgs = "--storage-quota 10G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
};
};
# TODO: timemachine, nextcloud, komga, calibre
services.restic.backups = let
localJob = name: paths: {
inherit paths;
repository = "/mnt/feal-syn1/backup/challenger/${name}";
passwordFile = config.sops.secrets."restic/${name}".path;
initialize = true;
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
"--keep-yearly 10"
];
};
in {
postgres = (localJob "postgres" [ "/var/backup/postgres" ]) // {
timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
};
sops.secrets."borg/postgres" = { };
sops.secrets."borg/transmission" = { };
transmission = localJob "transmission" [ "/var/lib/transmission" ];
# TODO: timemachine, nextcloud, komga, calibre
};
sops.secrets."restic/postgres" = { };
sops.secrets."restic/transmission" = { };
environment.systemPackages = with pkgs; [
restic
];
}

View File

@ -22,6 +22,12 @@
"/mnt/feal-syn1/backup" = {
device = "feal-syn1.home.feal.no:/volume2/backup";
fsType = "nfs";
options = [
"defaults"
"noatime"
"rw"
"nfsvers=3"
];
};
};
}

View File

@ -3,9 +3,9 @@ transmission:
nextcloud:
adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
borg:
transmission: ENC[AES256_GCM,data:umr0UEKMT/n0ZRTyfq/qWX4A,iv:R92qRZqQ8onLYDlkYMtHiumFqjVuxOIZAp+k2qTcDps=,tag:WhCP5YmIutR3ckgNIw/Hww==,type:str]
postgres: ENC[AES256_GCM,data:KHL02u+X2fGlZSUrujvkkGI=,iv:gjdPbmRHmO0APXvMJzqN+Swuh2l9mdsUJQRKsSYkEyM=,tag:0Rf9MeW7xTpj2uvnAOhuBA==,type:str]
restic:
transmission: ENC[AES256_GCM,data:RrnlOXT6sNoUh8MF8JXFTygN+cBV+CS0xdvE9SMTAVV0,iv:0Irhejn2TQSI7h9e4G8a65EpIKmwco9ue93lgo4jC6I=,tag:RAd2pvtL++C8rdlqch4g6Q==,type:str]
postgres: ENC[AES256_GCM,data:MaKQs6f2sp1e42u4DRx/PUsSFnJN0Ks+BtUrMJkUwD28,iv:Wz/MtaC/hg5zVxcdZWKEHeQb5KGio653mgHf4IrE7mk=,tag:7kaYJ1DnxNGbcr31bHb0zA==,type:str]
sops:
kms: []
gcp_kms: []
@ -30,8 +30,8 @@ sops:
bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-03T20:11:44Z"
mac: ENC[AES256_GCM,data:feOeO7XrNEtbxp2c2a0EbwVAWUJ+PCZavmRT/4DMFfsJWwjogCqAia2KfC249RufAL2WFVZAw8UfymjtHHKp2v7alN3kqcIZ2rjwtkkzi8JqRQvbbCJwTXLkl8wr21lZD7UdNuAfZHxbwJRchRR/6bsLnxipW8AH8YCv1/Knsg0=,iv:fO4dUfRgJOaDuvJNgl6CVZFovVphQB4rlLIKGgzy7S4=,tag:8Ts1XozKYoSghho4ORDW0Q==,type:str]
lastmodified: "2024-10-04T19:11:52Z"
mac: ENC[AES256_GCM,data:sTsTQOCO6ggoz6hXKU/Nnfuvs2UjYwuYLhMZ/P+jHLV2Jn3gBnUUTsn3lEtG7fi9MOfILuTA93wdRciahAElY9me86j+TVa/9PdbW9Earh5rH7M91LyRRS74C99LedXco05gjxqc2s27ea0n25A8UF7eCgvAlD+4DP0WNUiDUcE=,iv:wn9ahsWE2RYy9pSi30Uy2/vStQCHNiwk6ZJU/OdNDuk=,tag:SZe/b9+2PuoBNZcwuS8Ong==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1