defiant: initialize borg backup

2024-03-08 01:48:06 +01:00
parent f37c981182
commit 1bde04a4be
4 changed files with 68 additions and 4 deletions
--- a/hosts/defiant/backup.nix
+++ b/hosts/defiant/backup.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, lib, ... }:
+{
+  services.borgbackup.jobs =
+    let
+      borgJob = name: {
+        environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
+        environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
+        repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
+        compression = "auto,zstd";
+      };
+    in {
+      postgresDaily = borgJob "postgres::daily" // {
+        paths = "/data/backup/postgresql";
+        startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
+        extraInitArgs = "--storage-quota 10G";
+        encryption = {
+          mode = "repokey-blake2";
+          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
+        };
+      };
+
+      postgresWeekly = borgJob "postgres::weekly" // {
+        paths = "/data/backup/postgresql";
+        startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
+        extraInitArgs = "--storage-quota 10G";
+        encryption = {
+          mode = "repokey-blake2";
+          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
+        };
+      };
+
+      gitea = borgJob "gitea::weekly" // {
+        paths = "/tank/services/gitea";
+        startAt = "Mon *-*-* 05:15:00";
+        extraInitArgs = "--storage-quota 20G";
+        encryption = {
+          mode = "repokey-blake2";
+          passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
+        };
+      };
+
+      minecraft = borgJob "minecraft::weekly" // {
+        paths = "/var/lib/minecraft-wack";
+        startAt = "weekly";
+        extraInitArgs = "--storage-quota 20G";
+        encryption.mode = "none";
+
+        preHook = ''
+          ${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
+        '';
+
+        postHook = ''
+          ${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
+        '';
+      };
+
+    };
+
+  # TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
+  sops.secrets."borg/postgres" = { };
+  sops.secrets."borg/gitea" = { };
+}
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -8,6 +8,7 @@
      ./hardware-configuration.nix

      # Infrastructure
+      ./backup.nix
      ./libvirt.nix
      ./services/nginx.nix
      ./services/pihole.nix
--- a/hosts/defiant/services/minecraft.nix
+++ b/hosts/defiant/services/minecraft.nix
@@ -61,8 +61,6 @@
    };
  };

-  # TODO: Automated backup job (https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/57d1dfd121fdb23fcef54e0632f6f6278c6bb753/hosts/greddost/services/minecraft/default.nix#L144)
-
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "minecraft-server"
  ];