aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nixos')
-rw-r--r--nixos/configurations/errol.nix6
-rw-r--r--nixos/configurations/lipwig.nix26
-rw-r--r--nixos/configurations/ridcully.nix6
-rw-r--r--nixos/modules/backup.nix63
-rw-r--r--nixos/modules/desktop.nix2
5 files changed, 101 insertions, 2 deletions
diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index fd348e8..407cf82 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -26,6 +26,7 @@ in {
"encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6";
"enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe";
"enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed";
+ #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf";
};
fileSystems = {
"/" = {
@@ -53,6 +54,11 @@ in {
fsType = "btrfs";
options = ["compress=lzo" "subvol=@home"];
};
+ #"/back" = {
+ # device = "/dev/mapper/encback";
+ # fsType = "btrfs";
+ # options = ["compress=lzo"];
+ #};
};
services.btrfs.autoScrub = {
enable = true;
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 7d00a37..167f1a3 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -25,6 +25,31 @@
};
wireguard = true;
openvpn.oldpersonal = true;
+ borgjobs = {
+ postgresql = {
+ preHook = ''
+ /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on
+ '';
+ dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" ''
+ /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall
+ '';
+ postHook = ''
+ /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off
+ '';
+ };
+ nextcloud_data = {
+ preHook = ''
+ /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on
+ '';
+ paths = "/nas/nextcloud/data";
+ postHook = ''
+ /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off
+ '';
+ };
+ sync_data = {
+ paths = "/nas/sync";
+ };
+ };
};
boot.loader.systemd-boot.enable = false;
@@ -200,7 +225,6 @@
adminpassFile = "/run/secrets/nextcloud.admin.pass";
dbtype = "pgsql";
dbhost = "/run/postgresql";
- dbtableprefix = "oc_";
};
settings = {
#log_type = "systemd";
diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix
index 2be1a7a..ff3b5a0 100644
--- a/nixos/configurations/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -26,6 +26,7 @@ in {
cynerd.autounlock = {
"encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
"enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+ "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e";
};
fileSystems = {
"/" = {
@@ -48,6 +49,11 @@ in {
fsType = "btrfs";
options = ["compress=lzo" "subvol=@home"];
};
+ "/back" = {
+ device = "/dev/mapper/encback";
+ fsType = "btrfs";
+ options = ["compress=lzo"];
+ };
};
services.btrfs.autoScrub = {
enable = true;
diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
new file mode 100644
index 0000000..3f5042b
--- /dev/null
+++ b/nixos/modules/backup.nix
@@ -0,0 +1,63 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (builtins) elem readFile readDir;
+ inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate;
+
+ servers = ["ridcully"]; # TODO "errol"
+ clients =
+ mapAttrs' (fname: _:
+ nameValuePair (removeSuffix ".pub" fname)
+ (readFile (config.personal-secrets + "/unencrypted/backup/${fname}")))
+ (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n)
+ (readDir (config.personal-secrets + "/unencrypted/backup")));
+ edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub");
+in {
+ options.cynerd = {
+ borgjobs = mkOption {
+ type = with types; attrsOf anything;
+ description = "Job to be backed up for this ";
+ };
+ };
+
+ config = {
+ services.borgbackup = {
+ repos = mkIf (elem config.networking.hostName servers) (
+ mapAttrs (name: key: {
+ path = "/back/${name}";
+ authorizedKeys = [key edpersonal];
+ allowSubRepos = true;
+ })
+ clients
+ );
+
+ jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList
+ (map (server: (mapAttrs' (n: v:
+ nameValuePair "${server}-${n}"
+ (recursiveUpdate
+ (recursiveUpdate {
+ encryption.mode = "none";
+ prune = {
+ keep = {
+ daily = 7;
+ weekly = 4;
+ monthly = -1;
+ };
+ prefix = n;
+ };
+ }
+ v)
+ {
+ repo = "borg@${server}:./${n}";
+ environment = {
+ BORG_RSH = "ssh -i /run/secrets/borgbackup.key";
+ };
+ archiveBaseName = null;
+ }))
+ config.cynerd.borgjobs))
+ servers));
+ };
+ };
+}
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index b3746d0..3c9215a 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -70,7 +70,7 @@ in {
msmtp
notmuch
astroid
- dodo
+ #dodo
taskwarrior3
vdirsyncer
khal