activate backup to new location

2023-06-18 18:53:36 +02:00 · 2023-06-18 18:53:36 +02:00 · f40634e545
commit f40634e545
parent 57d04d981f
2 changed files with 39 additions and 0 deletions
--- a/nixos/modules/backup.nix
+++ b/nixos/modules/backup.nix
@ -56,6 +56,23 @@ in
          default = "/var/lib/borgbackup/bs/id_ed25519";
        };
      };
+      backup1 = {
+        enable = mkEnableOption "Enable backup to new BS location";
+        passphrasePath = mkOption {
+          type = types.str;
+          description = ''
+            The path to the passphrase file.
+          '';
+          default = "/var/lib/borgbackup/backup1/passphrase";
+        };
+        sshIdentityFile = mkOption {
+          type = types.str;
+          description = ''
+            Path to the SSH key that is used to transmit the backup.
+          '';
+          default = "/var/lib/borgbackup/backup1/id_ed25519";
+        };
+      };
      backup2 = {
        enable = mkEnableOption "Enable backup to Hetzner storage box";
        passphrasePath = mkOption {
@ -138,6 +155,22 @@ in
      };
    };

+    services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
+      paths = "/";
+      exclude = backupExcludes;
+      repo = "borg@backup1.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
+      doInit = false;
+      environment = {
+        BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
+      };
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat ${cfg.backup1.passphrasePath}";
+      };
+      compression = "auto,lz4";
+      startAt = "daily";
+    };
+
    services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable {
      paths = "/";
      exclude = backupExcludes;
--- a/nixos/modules/profiles/backup.nix
+++ b/nixos/modules/profiles/backup.nix
@ -9,6 +9,12 @@ in
    sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
  };

+  dadada.backupClient.backup1 = {
+    enable = lib.mkDefault true;
+    passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
+    sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
+  };
+
  age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
  age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
 }