mirror of
https://git.feal.no/felixalb/nixos-config.git
synced 2024-12-22 12:07:29 +01:00
Compare commits
2 Commits
579bf5d00f
...
be395bdbe2
Author | SHA1 | Date | |
---|---|---|---|
be395bdbe2 | |||
1bde04a4be |
62
hosts/defiant/backup.nix
Normal file
62
hosts/defiant/backup.nix
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
services.borgbackup.jobs =
|
||||||
|
let
|
||||||
|
borgJob = name: {
|
||||||
|
environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
|
||||||
|
environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
|
||||||
|
repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
|
||||||
|
compression = "auto,zstd";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
postgresDaily = borgJob "postgres::daily" // {
|
||||||
|
paths = "/data/backup/postgresql";
|
||||||
|
startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
|
||||||
|
extraInitArgs = "--storage-quota 10G";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
postgresWeekly = borgJob "postgres::weekly" // {
|
||||||
|
paths = "/data/backup/postgresql";
|
||||||
|
startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
|
||||||
|
extraInitArgs = "--storage-quota 10G";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
gitea = borgJob "gitea::weekly" // {
|
||||||
|
paths = "/tank/services/gitea";
|
||||||
|
startAt = "Mon *-*-* 05:15:00";
|
||||||
|
extraInitArgs = "--storage-quota 20G";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
minecraft = borgJob "minecraft::weekly" // {
|
||||||
|
paths = "/var/lib/minecraft-wack";
|
||||||
|
startAt = "weekly";
|
||||||
|
extraInitArgs = "--storage-quota 20G";
|
||||||
|
encryption.mode = "none";
|
||||||
|
|
||||||
|
preHook = ''
|
||||||
|
${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
|
||||||
|
'';
|
||||||
|
|
||||||
|
postHook = ''
|
||||||
|
${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
|
||||||
|
sops.secrets."borg/postgres" = { };
|
||||||
|
sops.secrets."borg/gitea" = { };
|
||||||
|
}
|
@ -8,6 +8,7 @@
|
|||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
# Infrastructure
|
# Infrastructure
|
||||||
|
./backup.nix
|
||||||
./libvirt.nix
|
./libvirt.nix
|
||||||
./services/nginx.nix
|
./services/nginx.nix
|
||||||
./services/pihole.nix
|
./services/pihole.nix
|
||||||
|
@ -61,8 +61,6 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Automated backup job (https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/57d1dfd121fdb23fcef54e0632f6f6278c6bb753/hosts/greddost/services/minecraft/default.nix#L144)
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||||
"minecraft-server"
|
"minecraft-server"
|
||||||
];
|
];
|
||||||
|
@ -14,11 +14,12 @@
|
|||||||
# alacritty
|
# alacritty
|
||||||
emacs
|
emacs
|
||||||
iterm2
|
iterm2
|
||||||
spotify
|
|
||||||
ripes
|
|
||||||
prismlauncher
|
prismlauncher
|
||||||
|
ripes
|
||||||
|
spotify
|
||||||
|
|
||||||
bat
|
bat
|
||||||
|
borgbackup
|
||||||
bottom
|
bottom
|
||||||
cocoapods
|
cocoapods
|
||||||
gnutar
|
gnutar
|
||||||
@ -26,6 +27,8 @@
|
|||||||
neofetch
|
neofetch
|
||||||
nix-index
|
nix-index
|
||||||
nodejs
|
nodejs
|
||||||
|
pinentry
|
||||||
|
rbw
|
||||||
tldr
|
tldr
|
||||||
eza
|
eza
|
||||||
zellij
|
zellij
|
||||||
|
@ -7,6 +7,9 @@ vaultwarden:
|
|||||||
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
|
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
|
||||||
microbin:
|
microbin:
|
||||||
secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
|
secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
|
||||||
|
borg:
|
||||||
|
postgres: ENC[AES256_GCM,data:vwfLF2qkUMl9b/4oYVm+pzfbbw==,iv:+QlTXjowne2d+ufw9YbhgaAIVvYg78LkMS0BqfPwoRI=,tag:JAbR3/DbYp+vRApJteg4zA==,type:str]
|
||||||
|
gitea: ENC[AES256_GCM,data:GIZ/wkzEkm6DUZETv8GpXd8k5w==,iv:MLnVtrev+poT+3D5+o5UV8FBQWpvqlYAkcXMF53bKJw=,tag:89zkLJNZw04ZPyqvpspgsw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -31,8 +34,8 @@ sops:
|
|||||||
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||||
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-28T16:10:53Z"
|
lastmodified: "2024-03-08T00:37:40Z"
|
||||||
mac: ENC[AES256_GCM,data:Yid2Q5JTjWTLeh3qR2K0cX/Fk2p78Asj3x+kCDLtwJoULiZ+7xJKi/h2X4sRYw+vUou7HO3u+b8/MPvEapNjvqLyf4gseuvqdr2m/vR8DqxOdtl0xvrMoE8bTTR6tuCCIGIKEcEA7VviU+aCIm68CLkgq03DkF3g3hyC/VSKo9Y=,iv:66FpFV7mdTv1r+o3p4cK7CigDxGJOW70JZaEJE+fSLA=,tag:gNyPFbRc8VP9vOYdTt2YZg==,type:str]
|
mac: ENC[AES256_GCM,data:2S6Z4ZqffGA5Clz+h4J44s7yhb6lMFdUq9KpE4IJUu2cgJyD1Zsh0i1Z1ZwTiD7MH+F1UUMyVhBYk6Fkm1UY07wmDLodNkKfpKRnU2EGa4+yQudin2QHsId+k3C2iAI1UtGlL5Vi00p5VZfihuntcAbwn63RZriCrKn0ayzTQKw=,iv:bwQECQCQghG0DTeWrg73IlFwmz8Fob2ftLKM3kaKOE4=,tag:8HXjvNnzqmIprsXd5d/SmA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
Loading…
Reference in New Issue
Block a user