5 files changed, 101 insertions, 2 deletions

diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index fd348e8..407cf82 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -26,6 +26,7 @@ in {
     "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6";
     "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe";
     "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed";
+    #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf";
   };
   fileSystems = {
     "/" = {
@@ -53,6 +54,11 @@ in {
       fsType = "btrfs";
       options = ["compress=lzo" "subvol=@home"];
     };
+    #"/back" = {
+    #  device = "/dev/mapper/encback";
+    #  fsType = "btrfs";
+    #  options = ["compress=lzo"];
+    #};
   };
   services.btrfs.autoScrub = {
     enable = true;
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 7d00a37..167f1a3 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -25,6 +25,31 @@
       };
       wireguard = true;
       openvpn.oldpersonal = true;
+      borgjobs = {
+        postgresql = {
+          preHook = ''
+            /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on
+          '';
+          dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" ''
+            /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall
+          '';
+          postHook = ''
+            /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off
+          '';
+        };
+        nextcloud_data = {
+          preHook = ''
+            /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on
+          '';
+          paths = "/nas/nextcloud/data";
+          postHook = ''
+            /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off
+          '';
+        };
+        sync_data = {
+          paths = "/nas/sync";
+        };
+      };
     };
 
     boot.loader.systemd-boot.enable = false;
@@ -200,7 +225,6 @@
         adminpassFile = "/run/secrets/nextcloud.admin.pass";
         dbtype = "pgsql";
         dbhost = "/run/postgresql";
-        dbtableprefix = "oc_";
       };
       settings = {
         #log_type = "systemd";
diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix
index 2be1a7a..ff3b5a0 100644
--- a/nixos/configurations/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -26,6 +26,7 @@ in {
   cynerd.autounlock = {
     "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
     "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+    "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e";
   };
   fileSystems = {
     "/" = {
@@ -48,6 +49,11 @@ in {
       fsType = "btrfs";
       options = ["compress=lzo" "subvol=@home"];
     };
+    "/back" = {
+      device = "/dev/mapper/encback";
+      fsType = "btrfs";
+      options = ["compress=lzo"];
+    };
   };
   services.btrfs.autoScrub = {
     enable = true;
diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
new file mode 100644
index 0000000..3f5042b
--- /dev/null
+++ b/nixos/modules/backup.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (builtins) elem readFile readDir;
+  inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate;
+
+  servers = ["ridcully"]; # TODO "errol"
+  clients =
+    mapAttrs' (fname: _:
+      nameValuePair (removeSuffix ".pub" fname)
+      (readFile (config.personal-secrets + "/unencrypted/backup/${fname}")))
+    (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n)
+      (readDir (config.personal-secrets + "/unencrypted/backup")));
+  edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub");
+in {
+  options.cynerd = {
+    borgjobs = mkOption {
+      type = with types; attrsOf anything;
+      description = "Job to be backed up for this ";
+    };
+  };
+
+  config = {
+    services.borgbackup = {
+      repos = mkIf (elem config.networking.hostName servers) (
+        mapAttrs (name: key: {
+          path = "/back/${name}";
+          authorizedKeys = [key edpersonal];
+          allowSubRepos = true;
+        })
+        clients
+      );
+
+      jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList
+        (map (server: (mapAttrs' (n: v:
+            nameValuePair "${server}-${n}"
+            (recursiveUpdate
+              (recursiveUpdate {
+                  encryption.mode = "none";
+                  prune = {
+                    keep = {
+                      daily = 7;
+                      weekly = 4;
+                      monthly = -1;
+                    };
+                    prefix = n;
+                  };
+                }
+                v)
+              {
+                repo = "borg@${server}:./${n}";
+                environment = {
+                  BORG_RSH = "ssh -i /run/secrets/borgbackup.key";
+                };
+                archiveBaseName = null;
+              }))
+          config.cynerd.borgjobs))
+          servers));
+    };
+  };
+}
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix
index b3746d0..3c9215a 100644
--- a/nixos/modules/desktop.nix
+++ b/nixos/modules/desktop.nix
@@ -70,7 +70,7 @@ in {
             msmtp
             notmuch
             astroid
-            dodo
+            #dodo
             taskwarrior3
             vdirsyncer
             khal