2
2
mirror of https://git.feal.no/felixalb/nixos-config.git synced 2024-12-22 12:07:29 +01:00

Compare commits

...

2 Commits

Author SHA1 Message Date
be395bdbe2 worf: add rbw+borg 2024-03-08 02:42:52 +01:00
1bde04a4be defiant: initialize borg backup 2024-03-08 02:19:21 +01:00
5 changed files with 73 additions and 6 deletions

62
hosts/defiant/backup.nix Normal file
View File

@ -0,0 +1,62 @@
{ config, pkgs, lib, ... }:
{
services.borgbackup.jobs =
let
borgJob = name: {
environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
compression = "auto,zstd";
};
in {
postgresDaily = borgJob "postgres::daily" // {
paths = "/data/backup/postgresql";
startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
extraInitArgs = "--storage-quota 10G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
};
};
postgresWeekly = borgJob "postgres::weekly" // {
paths = "/data/backup/postgresql";
startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
extraInitArgs = "--storage-quota 10G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
};
};
gitea = borgJob "gitea::weekly" // {
paths = "/tank/services/gitea";
startAt = "Mon *-*-* 05:15:00";
extraInitArgs = "--storage-quota 20G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
};
};
minecraft = borgJob "minecraft::weekly" // {
paths = "/var/lib/minecraft-wack";
startAt = "weekly";
extraInitArgs = "--storage-quota 20G";
encryption.mode = "none";
preHook = ''
${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
'';
postHook = ''
${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
'';
};
};
# TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
sops.secrets."borg/postgres" = { };
sops.secrets."borg/gitea" = { };
}

View File

@ -8,6 +8,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
# Infrastructure # Infrastructure
./backup.nix
./libvirt.nix ./libvirt.nix
./services/nginx.nix ./services/nginx.nix
./services/pihole.nix ./services/pihole.nix

View File

@ -61,8 +61,6 @@
}; };
}; };
# TODO: Automated backup job (https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/57d1dfd121fdb23fcef54e0632f6f6278c6bb753/hosts/greddost/services/minecraft/default.nix#L144)
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"minecraft-server" "minecraft-server"
]; ];

View File

@ -14,11 +14,12 @@
# alacritty # alacritty
emacs emacs
iterm2 iterm2
spotify
ripes
prismlauncher prismlauncher
ripes
spotify
bat bat
borgbackup
bottom bottom
cocoapods cocoapods
gnutar gnutar
@ -26,6 +27,8 @@
neofetch neofetch
nix-index nix-index
nodejs nodejs
pinentry
rbw
tldr tldr
eza eza
zellij zellij

View File

@ -7,6 +7,9 @@ vaultwarden:
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str] admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
microbin: microbin:
secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str] secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
borg:
postgres: ENC[AES256_GCM,data:vwfLF2qkUMl9b/4oYVm+pzfbbw==,iv:+QlTXjowne2d+ufw9YbhgaAIVvYg78LkMS0BqfPwoRI=,tag:JAbR3/DbYp+vRApJteg4zA==,type:str]
gitea: ENC[AES256_GCM,data:GIZ/wkzEkm6DUZETv8GpXd8k5w==,iv:MLnVtrev+poT+3D5+o5UV8FBQWpvqlYAkcXMF53bKJw=,tag:89zkLJNZw04ZPyqvpspgsw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -31,8 +34,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-28T16:10:53Z" lastmodified: "2024-03-08T00:37:40Z"
mac: ENC[AES256_GCM,data:Yid2Q5JTjWTLeh3qR2K0cX/Fk2p78Asj3x+kCDLtwJoULiZ+7xJKi/h2X4sRYw+vUou7HO3u+b8/MPvEapNjvqLyf4gseuvqdr2m/vR8DqxOdtl0xvrMoE8bTTR6tuCCIGIKEcEA7VviU+aCIm68CLkgq03DkF3g3hyC/VSKo9Y=,iv:66FpFV7mdTv1r+o3p4cK7CigDxGJOW70JZaEJE+fSLA=,tag:gNyPFbRc8VP9vOYdTt2YZg==,type:str] mac: ENC[AES256_GCM,data:2S6Z4ZqffGA5Clz+h4J44s7yhb6lMFdUq9KpE4IJUu2cgJyD1Zsh0i1Z1ZwTiD7MH+F1UUMyVhBYk6Fkm1UY07wmDLodNkKfpKRnU2EGa4+yQudin2QHsId+k3C2iAI1UtGlL5Vi00p5VZfihuntcAbwn63RZriCrKn0ayzTQKw=,iv:bwQECQCQghG0DTeWrg73IlFwmz8Fob2ftLKM3kaKOE4=,tag:8HXjvNnzqmIprsXd5d/SmA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1