From 846e847fee79cc54b0ad5284020f46ecd79ded21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Thu, 17 Oct 2024 15:37:56 +0200 Subject: nixos/backup: add backup configuration --- nixos/configurations/errol.nix | 6 ++++ nixos/configurations/lipwig.nix | 26 +++++++++++++++- nixos/configurations/ridcully.nix | 6 ++++ nixos/modules/backup.nix | 63 +++++++++++++++++++++++++++++++++++++++ nixos/modules/desktop.nix | 2 +- 5 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 nixos/modules/backup.nix (limited to 'nixos') diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix index fd348e8..407cf82 100644 --- a/nixos/configurations/errol.nix +++ b/nixos/configurations/errol.nix @@ -26,6 +26,7 @@ in { "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; + #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf"; }; fileSystems = { "/" = { @@ -53,6 +54,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + #"/back" = { + # device = "/dev/mapper/encback"; + # fsType = "btrfs"; + # options = ["compress=lzo"]; + #}; }; services.btrfs.autoScrub = { enable = true; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 7d00a37..167f1a3 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -25,6 +25,31 @@ }; wireguard = true; openvpn.oldpersonal = true; + borgjobs = { + postgresql = { + preHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on + ''; + dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' + /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall + ''; + postHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off + ''; + }; + nextcloud_data = { + preHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --on + ''; + paths = "/nas/nextcloud/data"; + postHook = '' + /run/current-system/sw/bin/nextcloud-occ maintenance:mode --off + ''; + }; + sync_data = { + paths = "/nas/sync"; + }; + }; }; boot.loader.systemd-boot.enable = false; @@ -200,7 +225,6 @@ adminpassFile = "/run/secrets/nextcloud.admin.pass"; dbtype = "pgsql"; dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; }; settings = { #log_type = "systemd"; diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 2be1a7a..ff3b5a0 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -26,6 +26,7 @@ in { cynerd.autounlock = { "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; + "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e"; }; fileSystems = { "/" = { @@ -48,6 +49,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + "/back" = { + device = "/dev/mapper/encback"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; }; services.btrfs.autoScrub = { enable = true; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix new file mode 100644 index 0000000..3f5042b --- /dev/null +++ b/nixos/modules/backup.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + ... +}: let + inherit (builtins) elem readFile readDir; + inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate; + + servers = ["ridcully"]; # TODO "errol" + clients = + mapAttrs' (fname: _: + nameValuePair (removeSuffix ".pub" fname) + (readFile (config.personal-secrets + "/unencrypted/backup/${fname}"))) + (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n) + (readDir (config.personal-secrets + "/unencrypted/backup"))); + edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub"); +in { + options.cynerd = { + borgjobs = mkOption { + type = with types; attrsOf anything; + description = "Job to be backed up for this "; + }; + }; + + config = { + services.borgbackup = { + repos = mkIf (elem config.networking.hostName servers) ( + mapAttrs (name: key: { + path = "/back/${name}"; + authorizedKeys = [key edpersonal]; + allowSubRepos = true; + }) + clients + ); + + jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList + (map (server: (mapAttrs' (n: v: + nameValuePair "${server}-${n}" + (recursiveUpdate + (recursiveUpdate { + encryption.mode = "none"; + prune = { + keep = { + daily = 7; + weekly = 4; + monthly = -1; + }; + prefix = n; + }; + } + v) + { + repo = "borg@${server}:./${n}"; + environment = { + BORG_RSH = "ssh -i /run/secrets/borgbackup.key"; + }; + archiveBaseName = null; + })) + config.cynerd.borgjobs)) + servers)); + }; + }; +} diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index b3746d0..3c9215a 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -70,7 +70,7 @@ in { msmtp notmuch astroid - dodo + #dodo taskwarrior3 vdirsyncer khal -- cgit v1.2.3