diff options
| -rw-r--r-- | makefu/2configs/backup/server.nix | 11 | ||||
| -rw-r--r-- | makefu/2configs/backup/ssh/gum.pub | 1 | ||||
| -rw-r--r-- | makefu/2configs/backup/ssh/nextgum.pub | 1 | ||||
| -rw-r--r-- | makefu/2configs/backup/ssh/omo.pub | 1 | ||||
| -rw-r--r-- | makefu/2configs/backup/ssh/x.pub | 1 | ||||
| -rw-r--r-- | makefu/2configs/backup/state.nix | 25 | 
6 files changed, 40 insertions, 0 deletions
| diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix new file mode 100644 index 000000000..f157e715f --- /dev/null +++ b/makefu/2configs/backup/server.nix @@ -0,0 +1,11 @@ +{lib, ... }: +let +  hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh ); +in { +  # TODO: for all enabled machines +  services.borgbackup.repos = lib.genAttrs hosts (host: { +    authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ]; +    path = "/var/lib/borgbackup/${host}"; +    user = "borg-${host}"; +  }) ; +} diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub new file mode 100644 index 000000000..ed203d544 --- /dev/null +++ b/makefu/2configs/backup/ssh/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/nextgum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub new file mode 100644 index 000000000..053b4da87 --- /dev/null +++ b/makefu/2configs/backup/ssh/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub new file mode 100644 index 000000000..fe894df33 --- /dev/null +++ b/makefu/2configs/backup/ssh/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix new file mode 100644 index 000000000..1143708bf --- /dev/null +++ b/makefu/2configs/backup/state.nix @@ -0,0 +1,25 @@ +{ config, ... }: +# back up all state +let +  sec = toString <secrets>; +  sshkey = sec + "/borg.priv"; +  phrase = sec + "/borg.pw"; +in +{ +  services.borgbackup.jobs.state = { +    repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; +    paths = config.state; +    encryption = { +      mode = "repokey"; +      passCommand = "cat ${phrase}"; +    }; +    environment.BORG_RSH = "ssh -i ${sshkey}"; +    prune.keep = +    { daily = 7; +      weekly = 4; +      monthly = -1; # Keep at least one archive for each month +    }; +    compression = "auto,lzma"; +    startAt = "daily"; +  }; +} | 
