dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

activate backup to new location

Browse source
This commit is contained in:
Tim Schubert 2023-06-18 18:53:36 +02:00
parent 57d04d981f
commit f40634e545
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
2 changed files with 39 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

33
nixos/modules/backup.nix
View file

@ -56,6 +56,23 @@ in
default = "/var/lib/borgbackup/bs/id_ed25519"; default = "/var/lib/borgbackup/bs/id_ed25519";
}; };
}; };
backup1 = {
enable = mkEnableOption "Enable backup to new BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/backup1/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/backup1/id_ed25519";
};
};
backup2 = { backup2 = {
enable = mkEnableOption "Enable backup to Hetzner storage box"; enable = mkEnableOption "Enable backup to Hetzner storage box";
passphrasePath = mkOption { passphrasePath = mkOption {
@ -138,6 +155,22 @@ in
}; };
}; };
services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup1.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = false;
environment = {
BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.backup1.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
};
services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable {
paths = "/"; paths = "/";
exclude = backupExcludes; exclude = backupExcludes;

6
nixos/modules/profiles/backup.nix
View file

@ -9,6 +9,12 @@ in
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
}; };
dadada.backupClient.backup1 = {
enable = lib.mkDefault true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
} }