summaryrefslogtreecommitdiff
path: root/modules/backup-server.nix
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2022-01-25 08:38:38 -0500
committerKjetil Orbekk <kj@orbekk.com>2022-01-25 08:40:05 -0500
commitad6090aaa358c2d2ce99c50bdfd09ae6ae96a6cd (patch)
tree6339cdb3c0063759a9ac96afd4f1bc604c7d0fc9 /modules/backup-server.nix
parenta850dad99672223cb453d4185921ced36235771f (diff)
Add dragon borg repo
Diffstat (limited to 'modules/backup-server.nix')
-rw-r--r--modules/backup-server.nix25
1 files changed, 23 insertions, 2 deletions
diff --git a/modules/backup-server.nix b/modules/backup-server.nix
index 774d71e..fbe9c25 100644
--- a/modules/backup-server.nix
+++ b/modules/backup-server.nix
@@ -16,6 +16,19 @@ let
startAt = "daily";
};
+ backups.dragon = {
+ paths = [ "/etc/nixos" ];
+ doInit = true;
+ repo = cfg.serverLocation;
+ encryption = {
+ mode = "repokey-blake2";
+ passCommand = "cat ${config.age.secrets.dragon-borg-repo-key.path}";
+ };
+ environment = { BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; };
+ compression = "auto,lzma";
+ startAt = "daily";
+ };
+
backupJob = {
${config.networking.hostName} = backups.${config.networking.hostName};
};
@@ -33,10 +46,18 @@ in
};
config = {
- age.secrets.pincer-borg-repo-key.file = ../secrets/pincer-borg-repo-key.age;
- age.secrets.pincer-borg-ssh-key.file = ../secrets/pincer-borg-ssh-key.age;
+ age.secrets = lib.mkIf cfg.enableClient {
+ "${config.networking.hostName}-borg-repo-key".file =
+ ../secrets/${config.networking.hostName}-borg-repo-key.age;
+ "${config.networking.hostName}-borg-ssh-key".file =
+ ../secrets/${config.networking.hostName}-borg-ssh-key.age;
+ };
services.borgbackup.repos = lib.mkIf cfg.enableServer {
+ dragon = {
+ authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ];
+ path = [ "/var/lib/dragon" ];
+ };
pincer = {
authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ];
path = [ "/var/lib/borg-pincer" ];