From f40634e545d9dde7484b50bc44894b3d09858615 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Sun, 18 Jun 2023 18:53:36 +0200
Subject: [PATCH] activate backup to new location

---
 nixos/modules/backup.nix          | 33 +++++++++++++++++++++++++++++++
 nixos/modules/profiles/backup.nix |  6 ++++++
 2 files changed, 39 insertions(+)

diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
index 7ed5510..4c956ea 100644
--- a/nixos/modules/backup.nix
+++ b/nixos/modules/backup.nix
@@ -56,6 +56,23 @@ in
           default = "/var/lib/borgbackup/bs/id_ed25519";
         };
       };
+      backup1 = {
+        enable = mkEnableOption "Enable backup to new BS location";
+        passphrasePath = mkOption {
+          type = types.str;
+          description = ''
+            The path to the passphrase file.
+          '';
+          default = "/var/lib/borgbackup/backup1/passphrase";
+        };
+        sshIdentityFile = mkOption {
+          type = types.str;
+          description = ''
+            Path to the SSH key that is used to transmit the backup.
+          '';
+          default = "/var/lib/borgbackup/backup1/id_ed25519";
+        };
+      };
       backup2 = {
         enable = mkEnableOption "Enable backup to Hetzner storage box";
         passphrasePath = mkOption {
@@ -138,6 +155,22 @@ in
       };
     };
 
+    services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
+      paths = "/";
+      exclude = backupExcludes;
+      repo = "borg@backup1.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
+      doInit = false;
+      environment = {
+        BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
+      };
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat ${cfg.backup1.passphrasePath}";
+      };
+      compression = "auto,lz4";
+      startAt = "daily";
+    };
+
     services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable {
       paths = "/";
       exclude = backupExcludes;
diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix
index 3fe4fc3..e6df660 100644
--- a/nixos/modules/profiles/backup.nix
+++ b/nixos/modules/profiles/backup.nix
@@ -9,6 +9,12 @@ in
     sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
   };
 
+  dadada.backupClient.backup1 = {
+    enable = lib.mkDefault true;
+    passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
+    sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
+  };
+
   age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
   age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
 }