dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

gorgon: set up offsite backup

Browse source
This commit is contained in:
Tim Schubert 2023-06-18 14:34:42 +02:00
parent 8dcc5a1f2f
commit 57d04d981f
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
3 changed files with 45 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/configurations.nix
View file

@ -47,7 +47,6 @@ in
]; ];
home-manager.users.dadada = import ../home/home; home-manager.users.dadada = import ../home/home;
}) })
./modules/profiles/laptop.nix
./gorgon/configuration.nix ./gorgon/configuration.nix
]; ];
}; };

8
nixos/gorgon/configuration.nix
View file

@ -42,9 +42,17 @@ let
in in
{ {
imports = [ imports = [
../modules/profiles/laptop.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
nix.extraOptions = '' nix.extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv # Prevent garbage collection for nix shell and direnv

37
nixos/modules/backup.nix
View file

@ -56,6 +56,24 @@ in
default = "/var/lib/borgbackup/bs/id_ed25519"; default = "/var/lib/borgbackup/bs/id_ed25519";
}; };
}; };
backup2 = {
enable = mkEnableOption "Enable backup to Hetzner storage box";
passphrasePath = mkOption {
type = types.str;
description = "The path to the passphrase file.";
default = "/var/lib/borgbackup/backup2/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = "Path to the SSH key that is used to transmit the backup.";
default = "/var/lib/borgbackup/backup2/id_ed25519";
};
repo = mkOption {
type = types.str;
description = "URL to the repo inside the sub-account.";
example = "u355513-sub1@u355513-sub1.your-storagebox.de:borg";
};
};
}; };
}; };
@ -119,5 +137,24 @@ in
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
}; };
}; };
services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable {
paths = "/";
exclude = backupExcludes;
repo = cfg.backup2.repo;
doInit = true;
environment = {
BORG_RSH = "ssh -6 -p23 -i ${cfg.backup2.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.backup2.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "no";
};
};
}; };
} }