diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-05-20 07:12:29 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-05-20 07:12:29 -0400 |
| commit | e88570b7e06655973d15f36b54614114e30707e6 (patch) | |
| tree | d4078f256d89621aed6044ca0cfa104a42ef4497 /modules/backup-server.nix | |
| parent | e797db65f08a97dba900f7157825acbd19ef4d2c (diff) | |
Borg backup to trygve
Diffstat (limited to 'modules/backup-server.nix')
| -rw-r--r-- | modules/backup-server.nix | 43 |
1 files changed, 29 insertions, 14 deletions
diff --git a/modules/backup-server.nix b/modules/backup-server.nix index a98d877..85ea82b 100644 --- a/modules/backup-server.nix +++ b/modules/backup-server.nix @@ -11,31 +11,44 @@ let mode = "repokey-blake2"; passCommand = "cat ${config.age.secrets.pincer-borg-repo-key.path}"; }; - environment = { BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}"; }; + environment = { + BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}"; + }; compression = "auto,lzma"; startAt = "daily"; }; - backups.dragon = { + dragon-tmpl = repo: { + inherit repo; paths = [ "/home" "/opt" "/var" "/storage" ]; exclude = [ "/var/lib/lxd" "/var/lib/borg" ]; doInit = true; - repo = "borg@www.breakds.org:."; encryption = { mode = "repokey-blake2"; passCommand = "cat ${config.age.secrets.dragon-borg-repo-key.path}"; }; - environment = { BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; }; + environment = { + BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; + }; compression = "auto,lzma"; startAt = "daily"; extraCreateArgs = "--stats"; }; + backups.dragon-break = dragon-tmpl "borg@www.breakds.org:."; + backups.dragon-trygve = dragon-tmpl "orbekk@backup.osl.trygveandre.net:/home/orbekk/repository"; - backupJob = { + clientJobs = { ${config.networking.hostName} = backups.${config.networking.hostName}; }; -in -{ + + serverJobs = { + dragon-break = backups.dragon-break; + dragon-trygve = backups.dragon-trygve; + }; + + backupJobs = + if config.networking.hostName == "dragon" then serverJobs else clientJobs; +in { options = { orbekk.backups = { enableServer = lib.mkEnableOption "Enable backup server"; @@ -49,15 +62,16 @@ in config = { age.secrets = lib.mkIf cfg.enableClient { - "${config.networking.hostName}-borg-repo-key".file = - ../secrets/${config.networking.hostName}-borg-repo-key.age; - "${config.networking.hostName}-borg-ssh-key".file = - ../secrets/${config.networking.hostName}-borg-ssh-key.age; + "${config.networking.hostName}-borg-repo-key".file = ./. + + "../secrets/${config.networking.hostName}-borg-repo-key.age"; + "${config.networking.hostName}-borg-ssh-key".file = ./. + + "../secrets/${config.networking.hostName}-borg-ssh-key.age"; }; services.borgbackup.repos = lib.mkIf cfg.enableServer { dragon = { - authorizedKeys = [ (builtins.readFile ../secrets/dragon-borg-ssh-key.pub) ]; + authorizedKeys = + [ (builtins.readFile ../secrets/dragon-borg-ssh-key.pub) ]; path = [ "/var/lib/dragon" ]; }; breakds = { @@ -65,11 +79,12 @@ in path = [ "/var/lib/borg/breakds" ]; }; pincer = { - authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; + authorizedKeys = + [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; path = [ "/var/lib/borg-pincer" ]; }; }; - services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJob; + services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJobs; }; } |