challenger: Fix nfs-client, replace borg with restic
This commit is contained in:
parent
12e4d22136
commit
6de16fb116
|
@ -1,38 +1,32 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
{
|
{
|
||||||
services.borgbackup.jobs =
|
services.restic.backups = let
|
||||||
let
|
localJob = name: paths: {
|
||||||
borgJob = name: {
|
inherit paths;
|
||||||
environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
|
repository = "/mnt/feal-syn1/backup/challenger/${name}";
|
||||||
environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
|
passwordFile = config.sops.secrets."restic/${name}".path;
|
||||||
repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/voyager/${name}";
|
initialize = true;
|
||||||
compression = "auto,zstd";
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 4"
|
||||||
|
"--keep-monthly 3"
|
||||||
|
"--keep-yearly 10"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
postgresDaily = borgJob "postgres::daily" // {
|
postgres = (localJob "postgres" [ "/var/backup/postgres" ]) // {
|
||||||
paths = "/var/backup/postgres";
|
timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
|
||||||
startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
|
|
||||||
extraInitArgs = "--storage-quota 10G";
|
|
||||||
encryption = {
|
|
||||||
mode = "repokey-blake2";
|
|
||||||
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
postgresWeekly = borgJob "postgres::weekly" // {
|
transmission = localJob "transmission" [ "/var/lib/transmission" ];
|
||||||
paths = "/var/backup/postgres";
|
|
||||||
startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
|
|
||||||
extraInitArgs = "--storage-quota 10G";
|
|
||||||
encryption = {
|
|
||||||
mode = "repokey-blake2";
|
|
||||||
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO: timemachine, nextcloud, komga, calibre
|
# TODO: timemachine, nextcloud, komga, calibre
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."borg/postgres" = { };
|
sops.secrets."restic/postgres" = { };
|
||||||
sops.secrets."borg/transmission" = { };
|
sops.secrets."restic/transmission" = { };
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
restic
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,12 @@
|
||||||
"/mnt/feal-syn1/backup" = {
|
"/mnt/feal-syn1/backup" = {
|
||||||
device = "feal-syn1.home.feal.no:/volume2/backup";
|
device = "feal-syn1.home.feal.no:/volume2/backup";
|
||||||
fsType = "nfs";
|
fsType = "nfs";
|
||||||
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"noatime"
|
||||||
|
"rw"
|
||||||
|
"nfsvers=3"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,9 +3,9 @@ transmission:
|
||||||
nextcloud:
|
nextcloud:
|
||||||
adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
|
adminpass: ENC[AES256_GCM,data:DL5SnyPPUxiVjfIHZ/ZYJi2pNu6x,iv:/bThFVYgHsN3Yr2EJf0+YWhAVIei9ENaHfAH1ADC5Ws=,tag:bNp+2trtwFNYOqruvqPRGw==,type:str]
|
||||||
secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
|
secretsjson: ENC[AES256_GCM,data:xmdwWBe8LWsSEI64KhSeXbA1B0ahfoGwNmgl33JWteF4AakdI73zfbdIhUBqqlqfbL0uCGlqCiOyRA02h8197mk=,iv:ncKz9ObwoFoVjT0qMzBJ0BqVBNx0ScdMRl82ZNQp4FI=,tag:6S8fqHhvE/gaknxsb+q3Jg==,type:str]
|
||||||
borg:
|
restic:
|
||||||
transmission: ENC[AES256_GCM,data:umr0UEKMT/n0ZRTyfq/qWX4A,iv:R92qRZqQ8onLYDlkYMtHiumFqjVuxOIZAp+k2qTcDps=,tag:WhCP5YmIutR3ckgNIw/Hww==,type:str]
|
transmission: ENC[AES256_GCM,data:RrnlOXT6sNoUh8MF8JXFTygN+cBV+CS0xdvE9SMTAVV0,iv:0Irhejn2TQSI7h9e4G8a65EpIKmwco9ue93lgo4jC6I=,tag:RAd2pvtL++C8rdlqch4g6Q==,type:str]
|
||||||
postgres: ENC[AES256_GCM,data:KHL02u+X2fGlZSUrujvkkGI=,iv:gjdPbmRHmO0APXvMJzqN+Swuh2l9mdsUJQRKsSYkEyM=,tag:0Rf9MeW7xTpj2uvnAOhuBA==,type:str]
|
postgres: ENC[AES256_GCM,data:MaKQs6f2sp1e42u4DRx/PUsSFnJN0Ks+BtUrMJkUwD28,iv:Wz/MtaC/hg5zVxcdZWKEHeQb5KGio653mgHf4IrE7mk=,tag:7kaYJ1DnxNGbcr31bHb0zA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -30,8 +30,8 @@ sops:
|
||||||
bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
|
bVhLUVBWL3QyMmVjVEswZmtDRXRRUGMKizaESv67KWTOnUkZg1R0c3BkpJrDUxJR
|
||||||
heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
|
heau8QcBXtNS6Ct1RsJQD3oTmBPAP1NHJ2BD11kEEtpo8FhCOjcqVQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-03T20:11:44Z"
|
lastmodified: "2024-10-04T19:11:52Z"
|
||||||
mac: ENC[AES256_GCM,data:feOeO7XrNEtbxp2c2a0EbwVAWUJ+PCZavmRT/4DMFfsJWwjogCqAia2KfC249RufAL2WFVZAw8UfymjtHHKp2v7alN3kqcIZ2rjwtkkzi8JqRQvbbCJwTXLkl8wr21lZD7UdNuAfZHxbwJRchRR/6bsLnxipW8AH8YCv1/Knsg0=,iv:fO4dUfRgJOaDuvJNgl6CVZFovVphQB4rlLIKGgzy7S4=,tag:8Ts1XozKYoSghho4ORDW0Q==,type:str]
|
mac: ENC[AES256_GCM,data:sTsTQOCO6ggoz6hXKU/Nnfuvs2UjYwuYLhMZ/P+jHLV2Jn3gBnUUTsn3lEtG7fi9MOfILuTA93wdRciahAElY9me86j+TVa/9PdbW9Earh5rH7M91LyRRS74C99LedXco05gjxqc2s27ea0n25A8UF7eCgvAlD+4DP0WNUiDUcE=,iv:wn9ahsWE2RYy9pSi30Uy2/vStQCHNiwk6ZJU/OdNDuk=,tag:SZe/b9+2PuoBNZcwuS8Ong==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in New Issue