From 846e847fee79cc54b0ad5284020f46ecd79ded21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Thu, 17 Oct 2024 15:37:56 +0200 Subject: nixos/backup: add backup configuration --- devShells/c.nix | 2 +- flake.lock | 52 ++++++++++++++++---------------- nixos/configurations/errol.nix | 6 ++++ nixos/configurations/lipwig.nix | 26 +++++++++++++++- nixos/configurations/ridcully.nix | 6 ++++ nixos/modules/backup.nix | 63 +++++++++++++++++++++++++++++++++++++++ nixos/modules/desktop.nix | 2 +- 7 files changed, 128 insertions(+), 29 deletions(-) create mode 100644 nixos/modules/backup.nix diff --git a/devShells/c.nix b/devShells/c.nix index 5798129..c84b456 100644 --- a/devShells/c.nix +++ b/devShells/c.nix @@ -12,7 +12,7 @@ pkgs.mkShell { libtool gnumake - bear + #bear meson ninja cmake diff --git a/flake.lock b/flake.lock index 54a1d10..2aa9c8d 100644 --- a/flake.lock +++ b/flake.lock @@ -201,11 +201,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1727665282, - "narHash": "sha256-oKtfbQB1MBypqIyzkC8QCQcVGOa1soaXaGgcBIoh14o=", + "lastModified": 1728729581, + "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11c43c830e533dad1be527ecce379fcf994fbbb5", + "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1727836449, - "narHash": "sha256-+t0jCdN1AFWLpi+XwHK4r/Jp+pJfo9ePHIy+4/BUCI4=", + "lastModified": 1729027663, + "narHash": "sha256-SqU7/N7FjbtZN6MITkVslOoLTtwsyWllPNnUJuvR8ow=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "35d02934a17a4fdc53a8857826ed35f3694e5f1c", + "rev": "0ed4d765b4452a9beee4c20c64385d7b1a090652", "type": "github" }, "original": { @@ -288,11 +288,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1726583932, - "narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=", + "lastModified": 1728409405, + "narHash": "sha256-kk530XBUGDpt0DQbyUb3yDpSddPqF9PA5KTo/nsmmg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "658e7223191d2598641d50ee4e898126768fe847", + "rev": "1366d1af8f58325602280e43ed6233849fb92216", "type": "github" }, "original": { @@ -349,11 +349,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1727854012, - "narHash": "sha256-12HU12uX1UOrJPflagk1aM5r6w2Nh6fCKJugnSqpRkY=", + "lastModified": 1727966952, + "narHash": "sha256-G/ofZSjuUtuTl9TYtcZHl6OyFQ6GOTx1RfiHHM5t4VY=", "ref": "refs/heads/master", - "rev": "2215dc87e4d5d7562fbb7953d041c5e7d046a811", - "revCount": 117, + "rev": "23f6ddcf4248390fc7af9424efcef9fc6dc4257d", + "revCount": 118, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, @@ -368,11 +368,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1726844448, - "narHash": "sha256-t7gRe6u+Ax3BYNVSUjRpY3klRRWyq+6SoC3hxehnGe0=", + "lastModified": 1728486645, + "narHash": "sha256-UFyySzQKbFsACIcub8FWMb+U8ltAJEVz0O5E4VSOUSI=", "owner": "silicon-heaven", "repo": "pyshv", - "rev": "f593327ec9aa8f03443392962fba9d825c72a659", + "rev": "984480c1bc5fba64bfc9bbf96f924f5433524030", "type": "gitlab" }, "original": { @@ -402,11 +402,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1721899791, - "narHash": "sha256-dT+kwR2nuymeq3qqzc5//g4nQJRG1pVWUeZztCXgYCM=", + "lastModified": 1727859737, + "narHash": "sha256-iLg/qr52z34fsQGzlCBHv3HpNkSWVOxl3/r2mIDS/wQ=", "ref": "refs/heads/master", - "rev": "0adc7c32594913d0f4ec774a85cb03554cd719d4", - "revCount": 112, + "rev": "699d10813cd26bec34a7e128c18d9198150f38e8", + "revCount": 113, "type": "git", "url": "https://git.cynerd.cz/shellrc" }, @@ -422,11 +422,11 @@ "pyshv": "pyshv" }, "locked": { - "lastModified": 1727108673, - "narHash": "sha256-a+4TBiW/r0/Ts7Yd/gBsCQiU15F104bUHIHNecXmGQE=", + "lastModified": 1728913217, + "narHash": "sha256-3eFLDG8UsCm/RUry8vlr8TEA80SOCZIrVptEGSjqTzE=", "owner": "silicon-heaven", "repo": "shvcli", - "rev": "9021aa09b94b0b83e5baf8ad409ca861b5b4edfe", + "rev": "b94932dda9b2911d85500366075357c6f22cef51", "type": "github" }, "original": { @@ -561,11 +561,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1727785026, - "narHash": "sha256-pEslwS/jAkI+XeUrdMQHfeXG/mou7srqvlLsSajbKGg=", + "lastModified": 1728335559, + "narHash": "sha256-95/KJBA449oAjf6bLwaCvDgys7yE8vKXY3wHe/uUkiw=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "2a52f384d4c16a6e2badd80c7f5c826b609ee416", + "rev": "c928bdec26484e99621cc76cb165abb73aa7d029", "type": "github" }, "original": { diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix index fd348e8..407cf82 100644 --- a/nixos/configurations/errol.nix +++ b/nixos/configurations/errol.nix @@ -26,6 +26,7 @@ in { "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; + #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf"; }; fileSystems = { "/" = { @@ -53,6 +54,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + #"/back" = { + # device = "/dev/mapper/encback"; + # fsType = "btrfs"; + # options = ["compress=lzo"]; + #}; }; services.btrfs.autoScrub = { enable = true; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 7d00a37..167f1a3 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -25,6 +25,31 @@ }; wireguard = true; openvpn.oldpersonal = true; + borgjobs = { + postgresql = { + preHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on + ''; + dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' + /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall + ''; + postHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off + ''; + }; + nextcloud_data = { + preHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on + ''; + paths = "/nas/nextcloud/data"; + postHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off + ''; + }; + sync_data = { + paths = "/nas/sync"; + }; + }; }; boot.loader.systemd-boot.enable = false; @@ -200,7 +225,6 @@ adminpassFile = "/run/secrets/nextcloud.admin.pass"; dbtype = "pgsql"; dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; }; settings = { #log_type = "systemd"; diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 2be1a7a..ff3b5a0 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -26,6 +26,7 @@ in { cynerd.autounlock = { "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; + "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e"; }; fileSystems = { "/" = { @@ -48,6 +49,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + "/back" = { + device = "/dev/mapper/encback"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; }; services.btrfs.autoScrub = { enable = true; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix new file mode 100644 index 0000000..3f5042b --- /dev/null +++ b/nixos/modules/backup.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + ... +}: let + inherit (builtins) elem readFile readDir; + inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate; + + servers = ["ridcully"]; # TODO "errol" + clients = + mapAttrs' (fname: _: + nameValuePair (removeSuffix ".pub" fname) + (readFile (config.personal-secrets + "/unencrypted/backup/${fname}"))) + (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n) + (readDir (config.personal-secrets + "/unencrypted/backup"))); + edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub"); +in { + options.cynerd = { + borgjobs = mkOption { + type = with types; attrsOf anything; + description = "Job to be backed up for this "; + }; + }; + + config = { + services.borgbackup = { + repos = mkIf (elem config.networking.hostName servers) ( + mapAttrs (name: key: { + path = "/back/${name}"; + authorizedKeys = [key edpersonal]; + allowSubRepos = true; + }) + clients + ); + + jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList + (map (server: (mapAttrs' (n: v: + nameValuePair "${server}-${n}" + (recursiveUpdate + (recursiveUpdate { + encryption.mode = "none"; + prune = { + keep = { + daily = 7; + weekly = 4; + monthly = -1; + }; + prefix = n; + }; + } + v) + { + repo = "borg@${server}:./${n}"; + environment = { + BORG_RSH = "ssh -i /run/secrets/borgbackup.key"; + }; + archiveBaseName = null; + })) + config.cynerd.borgjobs)) + servers)); + }; + }; +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index b3746d0..3c9215a 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -70,7 +70,7 @@ in { msmtp notmuch astroid - dodo + #dodo taskwarrior3 vdirsyncer khal -- cgit v1.2.3