defiant: initialize borg backup

This commit is contained in:
Felix Albrigtsen 2024-03-08 01:48:06 +01:00
parent f37c981182
commit 1bde04a4be
4 changed files with 68 additions and 4 deletions

62
hosts/defiant/backup.nix Normal file
View File

@ -0,0 +1,62 @@
{ config, pkgs, lib, ... }:
{
services.borgbackup.jobs =
let
borgJob = name: {
environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
compression = "auto,zstd";
};
in {
postgresDaily = borgJob "postgres::daily" // {
paths = "/data/backup/postgresql";
startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
extraInitArgs = "--storage-quota 10G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
};
};
postgresWeekly = borgJob "postgres::weekly" // {
paths = "/data/backup/postgresql";
startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
extraInitArgs = "--storage-quota 10G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
};
};
gitea = borgJob "gitea::weekly" // {
paths = "/tank/services/gitea";
startAt = "Mon *-*-* 05:15:00";
extraInitArgs = "--storage-quota 20G";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
};
};
minecraft = borgJob "minecraft::weekly" // {
paths = "/var/lib/minecraft-wack";
startAt = "weekly";
extraInitArgs = "--storage-quota 20G";
encryption.mode = "none";
preHook = ''
${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
'';
postHook = ''
${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
'';
};
};
# TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
sops.secrets."borg/postgres" = { };
sops.secrets."borg/gitea" = { };
}

View File

@ -8,6 +8,7 @@
./hardware-configuration.nix
# Infrastructure
./backup.nix
./libvirt.nix
./services/nginx.nix
./services/pihole.nix

View File

@ -61,8 +61,6 @@
};
};
# TODO: Automated backup job (https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/57d1dfd121fdb23fcef54e0632f6f6278c6bb753/hosts/greddost/services/minecraft/default.nix#L144)
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"minecraft-server"
];

View File

@ -7,6 +7,9 @@ vaultwarden:
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
microbin:
secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
borg:
postgres: ENC[AES256_GCM,data:vwfLF2qkUMl9b/4oYVm+pzfbbw==,iv:+QlTXjowne2d+ufw9YbhgaAIVvYg78LkMS0BqfPwoRI=,tag:JAbR3/DbYp+vRApJteg4zA==,type:str]
gitea: ENC[AES256_GCM,data:GIZ/wkzEkm6DUZETv8GpXd8k5w==,iv:MLnVtrev+poT+3D5+o5UV8FBQWpvqlYAkcXMF53bKJw=,tag:89zkLJNZw04ZPyqvpspgsw==,type:str]
sops:
kms: []
gcp_kms: []
@ -31,8 +34,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-28T16:10:53Z"
mac: ENC[AES256_GCM,data:Yid2Q5JTjWTLeh3qR2K0cX/Fk2p78Asj3x+kCDLtwJoULiZ+7xJKi/h2X4sRYw+vUou7HO3u+b8/MPvEapNjvqLyf4gseuvqdr2m/vR8DqxOdtl0xvrMoE8bTTR6tuCCIGIKEcEA7VviU+aCIm68CLkgq03DkF3g3hyC/VSKo9Y=,iv:66FpFV7mdTv1r+o3p4cK7CigDxGJOW70JZaEJE+fSLA=,tag:gNyPFbRc8VP9vOYdTt2YZg==,type:str]
lastmodified: "2024-03-08T00:37:40Z"
mac: ENC[AES256_GCM,data:2S6Z4ZqffGA5Clz+h4J44s7yhb6lMFdUq9KpE4IJUu2cgJyD1Zsh0i1Z1ZwTiD7MH+F1UUMyVhBYk6Fkm1UY07wmDLodNkKfpKRnU2EGa4+yQudin2QHsId+k3C2iAI1UtGlL5Vi00p5VZfihuntcAbwn63RZriCrKn0ayzTQKw=,iv:bwQECQCQghG0DTeWrg73IlFwmz8Fob2ftLKM3kaKOE4=,tag:8HXjvNnzqmIprsXd5d/SmA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1