diff options
author | Kjetil Orbekk <kj@orbekk.com> | 2022-01-25 08:38:38 -0500 |
---|---|---|
committer | Kjetil Orbekk <kj@orbekk.com> | 2022-01-25 08:40:05 -0500 |
commit | ad6090aaa358c2d2ce99c50bdfd09ae6ae96a6cd (patch) | |
tree | 6339cdb3c0063759a9ac96afd4f1bc604c7d0fc9 /modules/backup-server.nix | |
parent | a850dad99672223cb453d4185921ced36235771f (diff) |
Add dragon borg repo
Diffstat (limited to 'modules/backup-server.nix')
-rw-r--r-- | modules/backup-server.nix | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/modules/backup-server.nix b/modules/backup-server.nix index 774d71e..fbe9c25 100644 --- a/modules/backup-server.nix +++ b/modules/backup-server.nix @@ -16,6 +16,19 @@ let startAt = "daily"; }; + backups.dragon = { + paths = [ "/etc/nixos" ]; + doInit = true; + repo = cfg.serverLocation; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.age.secrets.dragon-borg-repo-key.path}"; + }; + environment = { BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; }; + compression = "auto,lzma"; + startAt = "daily"; + }; + backupJob = { ${config.networking.hostName} = backups.${config.networking.hostName}; }; @@ -33,10 +46,18 @@ in }; config = { - age.secrets.pincer-borg-repo-key.file = ../secrets/pincer-borg-repo-key.age; - age.secrets.pincer-borg-ssh-key.file = ../secrets/pincer-borg-ssh-key.age; + age.secrets = lib.mkIf cfg.enableClient { + "${config.networking.hostName}-borg-repo-key".file = + ../secrets/${config.networking.hostName}-borg-repo-key.age; + "${config.networking.hostName}-borg-ssh-key".file = + ../secrets/${config.networking.hostName}-borg-ssh-key.age; + }; services.borgbackup.repos = lib.mkIf cfg.enableServer { + dragon = { + authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; + path = [ "/var/lib/dragon" ]; + }; pincer = { authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; path = [ "/var/lib/borg-pincer" ]; |