1 files changed, 29 insertions, 14 deletions

diff --git a/modules/backup-server.nix b/modules/backup-server.nix
index a98d877..85ea82b 100644
--- a/modules/backup-server.nix
+++ b/modules/backup-server.nix
@@ -11,31 +11,44 @@ let
       mode = "repokey-blake2";
       passCommand = "cat ${config.age.secrets.pincer-borg-repo-key.path}";
     };
-    environment = { BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}"; };
+    environment = {
+      BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}";
+    };
     compression = "auto,lzma";
     startAt = "daily";
   };
 
-  backups.dragon = {
+  dragon-tmpl = repo: {
+    inherit repo;
     paths = [ "/home" "/opt" "/var" "/storage" ];
     exclude = [ "/var/lib/lxd" "/var/lib/borg" ];
     doInit = true;
-    repo = "borg@www.breakds.org:.";
     encryption = {
       mode = "repokey-blake2";
       passCommand = "cat ${config.age.secrets.dragon-borg-repo-key.path}";
     };
-    environment = { BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; };
+    environment = {
+      BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}";
+    };
     compression = "auto,lzma";
     startAt = "daily";
     extraCreateArgs = "--stats";
   };
+  backups.dragon-break = dragon-tmpl "borg@www.breakds.org:.";
+  backups.dragon-trygve = dragon-tmpl "orbekk@backup.osl.trygveandre.net:/home/orbekk/repository";
 
-  backupJob = {
+  clientJobs = {
     ${config.networking.hostName} = backups.${config.networking.hostName};
   };
-in
-{
+
+  serverJobs = {
+    dragon-break = backups.dragon-break;
+    dragon-trygve = backups.dragon-trygve;
+  };
+
+  backupJobs =
+    if config.networking.hostName == "dragon" then serverJobs else clientJobs;
+in {
   options = {
     orbekk.backups = {
       enableServer = lib.mkEnableOption "Enable backup server";
@@ -49,15 +62,16 @@ in
 
   config = {
     age.secrets = lib.mkIf cfg.enableClient {
-      "${config.networking.hostName}-borg-repo-key".file =
-        ../secrets/${config.networking.hostName}-borg-repo-key.age;
-      "${config.networking.hostName}-borg-ssh-key".file =
-        ../secrets/${config.networking.hostName}-borg-ssh-key.age;
+      "${config.networking.hostName}-borg-repo-key".file = ./.
+        + "../secrets/${config.networking.hostName}-borg-repo-key.age";
+      "${config.networking.hostName}-borg-ssh-key".file = ./.
+        + "../secrets/${config.networking.hostName}-borg-ssh-key.age";
     };
 
     services.borgbackup.repos = lib.mkIf cfg.enableServer {
       dragon = {
-        authorizedKeys = [ (builtins.readFile ../secrets/dragon-borg-ssh-key.pub) ];
+        authorizedKeys =
+          [ (builtins.readFile ../secrets/dragon-borg-ssh-key.pub) ];
         path = [ "/var/lib/dragon" ];
       };
       breakds = {
@@ -65,11 +79,12 @@ in
         path = [ "/var/lib/borg/breakds" ];
       };
       pincer = {
-        authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ];
+        authorizedKeys =
+          [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ];
         path = [ "/var/lib/borg-pincer" ];
       };
     };
 
-    services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJob;
+    services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJobs;
   };
 }