diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-01-25 08:01:38 -0500 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-01-25 08:40:05 -0500 |
| commit | a850dad99672223cb453d4185921ced36235771f (patch) | |
| tree | a1209220c2c82c6df2f98a0b954aedc379f9fe4e /modules/backup-server.nix | |
| parent | 3d6a49a5d90a0909fc04e5b70286b4de83aea6f4 (diff) | |
Add agenix dependency and start working on borg backups
Diffstat (limited to 'modules/backup-server.nix')
| -rw-r--r-- | modules/backup-server.nix | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/modules/backup-server.nix b/modules/backup-server.nix new file mode 100644 index 0000000..774d71e --- /dev/null +++ b/modules/backup-server.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.orbekk.backups; + + backups.pincer = { + paths = [ "/etc/nixos" ]; + doInit = true; + repo = cfg.serverLocation; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.age.secrets.pincer-borg-repo-key.path}"; + }; + environment = { BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}"; }; + compression = "auto,lzma"; + startAt = "daily"; + }; + + backupJob = { + ${config.networking.hostName} = backups.${config.networking.hostName}; + }; +in +{ + options = { + orbekk.backups = { + enableServer = lib.mkEnableOption "Enable backup server"; + enableClient = lib.mkEnableOption "Enable backup client"; + serverLocation = lib.mkOption { + type = lib.types.str; + default = "borg@localhost:."; + }; + }; + }; + + config = { + age.secrets.pincer-borg-repo-key.file = ../secrets/pincer-borg-repo-key.age; + age.secrets.pincer-borg-ssh-key.file = ../secrets/pincer-borg-ssh-key.age; + + services.borgbackup.repos = lib.mkIf cfg.enableServer { + pincer = { + authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; + path = [ "/var/lib/borg-pincer" ]; + }; + }; + + services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJob; + }; +} |