From e88570b7e06655973d15f36b54614114e30707e6 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Fri, 20 May 2022 07:12:29 -0400 Subject: Borg backup to trygve --- machines/dragon.nix | 2 +- modules/backup-server.nix | 43 +++++++++++++++++++++++++++++-------------- 2 files changed, 30 insertions(+), 15 deletions(-) diff --git a/machines/dragon.nix b/machines/dragon.nix index f689154..529c82e 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -3,7 +3,7 @@ let duid = "00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec"; in { imports = [ ../config/router.nix - ../config/borg-backup.nix + # ../config/borg-backup.nix ../config/dns.nix ../config/web-server.nix ../config/cgit.nix diff --git a/modules/backup-server.nix b/modules/backup-server.nix index a98d877..85ea82b 100644 --- a/modules/backup-server.nix +++ b/modules/backup-server.nix @@ -11,31 +11,44 @@ let mode = "repokey-blake2"; passCommand = "cat ${config.age.secrets.pincer-borg-repo-key.path}"; }; - environment = { BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}"; }; + environment = { + BORG_RSH = "ssh -i ${config.age.secrets.pincer-borg-ssh-key.path}"; + }; compression = "auto,lzma"; startAt = "daily"; }; - backups.dragon = { + dragon-tmpl = repo: { + inherit repo; paths = [ "/home" "/opt" "/var" "/storage" ]; exclude = [ "/var/lib/lxd" "/var/lib/borg" ]; doInit = true; - repo = "borg@www.breakds.org:."; encryption = { mode = "repokey-blake2"; passCommand = "cat ${config.age.secrets.dragon-borg-repo-key.path}"; }; - environment = { BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; }; + environment = { + BORG_RSH = "ssh -i ${config.age.secrets.dragon-borg-ssh-key.path}"; + }; compression = "auto,lzma"; startAt = "daily"; extraCreateArgs = "--stats"; }; + backups.dragon-break = dragon-tmpl "borg@www.breakds.org:."; + backups.dragon-trygve = dragon-tmpl "orbekk@backup.osl.trygveandre.net:/home/orbekk/repository"; - backupJob = { + clientJobs = { ${config.networking.hostName} = backups.${config.networking.hostName}; }; -in -{ + + serverJobs = { + dragon-break = backups.dragon-break; + dragon-trygve = backups.dragon-trygve; + }; + + backupJobs = + if config.networking.hostName == "dragon" then serverJobs else clientJobs; +in { options = { orbekk.backups = { enableServer = lib.mkEnableOption "Enable backup server"; @@ -49,15 +62,16 @@ in config = { age.secrets = lib.mkIf cfg.enableClient { - "${config.networking.hostName}-borg-repo-key".file = - ../secrets/${config.networking.hostName}-borg-repo-key.age; - "${config.networking.hostName}-borg-ssh-key".file = - ../secrets/${config.networking.hostName}-borg-ssh-key.age; + "${config.networking.hostName}-borg-repo-key".file = ./. + + "../secrets/${config.networking.hostName}-borg-repo-key.age"; + "${config.networking.hostName}-borg-ssh-key".file = ./. + + "../secrets/${config.networking.hostName}-borg-ssh-key.age"; }; services.borgbackup.repos = lib.mkIf cfg.enableServer { dragon = { - authorizedKeys = [ (builtins.readFile ../secrets/dragon-borg-ssh-key.pub) ]; + authorizedKeys = + [ (builtins.readFile ../secrets/dragon-borg-ssh-key.pub) ]; path = [ "/var/lib/dragon" ]; }; breakds = { @@ -65,11 +79,12 @@ in path = [ "/var/lib/borg/breakds" ]; }; pincer = { - authorizedKeys = [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; + authorizedKeys = + [ (builtins.readFile ../secrets/pincer-borg-ssh-key.pub) ]; path = [ "/var/lib/borg-pincer" ]; }; }; - services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJob; + services.borgbackup.jobs = lib.mkIf cfg.enableClient backupJobs; }; } -- cgit v1.2.3