diff --git a/README.md b/README.md index 4e726d5..84f8f56 100644 --- a/README.md +++ b/README.md @@ -26,13 +26,13 @@ Other installed packages and tools are described in the config files (like ./hos ## Public / important services - Matrix ([source](./hosts/defiant/services/matrix/default.nix)) - Decentralized, encrypted chat - Contact me at @felixalb:feal.no -- [Nextcloud](https://cloud.feal.no) ([source](./hosts/voyager/services/nextcloud.nix)) - Personal cloud services and "google replacements", including file hosting, notes, calendar and webmail +- [Nextcloud](https://cloud.feal.no) ([source](./hosts/challenger/services/nextcloud.nix)) - Personal cloud services and "google replacements", including file hosting, notes, calendar and webmail - [Gitea](https://git.feal.no) ([source](./hosts/defiant/services/gitea.nix)) - Software forge / git server - [Hedgedoc](https://md.feal.no) ([source](./hosts/defiant/services/hedgedoc.nix)) - Collaborative markdown notes editor - HomeAssistant ([source](./hosts/defiant/services/home-assistant.nix))- Home automation / IOT controller - [VaultWarden](https://pw.feal.no) ([source](./hosts/defiant/services/vaultwarden.nix)) - BitWarden Password Manager backend - [KeyCloak](https://iam.feal.no) ([source](./hosts/defiant/services/nextcloud.nix)) - Authentication provider, giving SSO with OIDC or SAML -- [Jellyfin](https://jf.feal.no) ([source](./hosts/voyager/services/jellyfin.nix)) - Local media streaming +- [Jellyfin](https://jf.feal.no) ([source](./hosts/challenger/services/jellyfin.nix)) - Local media streaming ## Networking diff --git a/hosts/challenger/backup.nix b/hosts/challenger/backup.nix new file mode 100644 index 0000000..34c7dc7 --- /dev/null +++ b/hosts/challenger/backup.nix @@ -0,0 +1,38 @@ +{ config, pkgs, lib, ... }: +{ + services.borgbackup.jobs = + let + borgJob = name: { + environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1"; + environment.BORG_REMOTE_PATH = "/usr/local/bin/borg"; + repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/voyager/${name}"; + compression = "auto,zstd"; + }; + in { + postgresDaily = borgJob "postgres::daily" // { + paths = "/var/backup/postgres"; + startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup + extraInitArgs = "--storage-quota 10G"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.sops.secrets."borg/postgres".path}"; + }; + }; + + postgresWeekly = borgJob "postgres::weekly" // { + paths = "/var/backup/postgres"; + startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup + extraInitArgs = "--storage-quota 10G"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.sops.secrets."borg/postgres".path}"; + }; + }; + + # TODO: timemachine, nextcloud, komga, calibre + + }; + + sops.secrets."borg/postgres" = { }; + sops.secrets."borg/transmission" = { }; +} diff --git a/hosts/challenger/configuration.nix b/hosts/challenger/configuration.nix index bcc5b4b..b2c2373 100644 --- a/hosts/challenger/configuration.nix +++ b/hosts/challenger/configuration.nix @@ -3,9 +3,11 @@ { imports = [ + ./hardware-configuration.nix + ../../base.nix ../../common/metrics-exporters.nix - ./hardware-configuration.nix + ./backup.nix ./exports.nix ./filesystems.nix diff --git a/hosts/defiant/services/monitoring/prometheus.nix b/hosts/defiant/services/monitoring/prometheus.nix index 606bb3c..e174905 100644 --- a/hosts/defiant/services/monitoring/prometheus.nix +++ b/hosts/defiant/services/monitoring/prometheus.nix @@ -17,13 +17,13 @@ in { static_configs = [ { targets = [ - "voyager.home.feal.no:9100" - "sulu.home.feal.no:9100" - "mccoy.home.feal.no:9100" + "challenger.home.feal.no:9100" + "defiant.home.feal.no:9100" "dlink-feal.home.feal.no:9100" "edison.home.feal.no:9100" - "defiant.home.feal.no:9100" + "mccoy.home.feal.no:9100" "scotty.home.feal.no:9100" + "sulu.home.feal.no:9100" ]; } ];