defiant: Fix nfs-client, replace borg with restic
This commit is contained in:
parent
6de16fb116
commit
b17ff565c3
|
@ -1,62 +1,30 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
{
|
{
|
||||||
services.borgbackup.jobs =
|
services.restic.backups = let
|
||||||
let
|
localJob = name: paths: {
|
||||||
borgJob = name: {
|
inherit paths;
|
||||||
environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
|
repository = "/mnt/feal-syn1/backup/defiant/${name}";
|
||||||
environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
|
passwordFile = config.sops.secrets."restic/${name}".path;
|
||||||
repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
|
initialize = true;
|
||||||
compression = "auto,zstd";
|
pruneOpts = [
|
||||||
};
|
"--keep-daily 3"
|
||||||
in {
|
"--keep-weekly 4"
|
||||||
postgresDaily = borgJob "postgres::daily" // {
|
"--keep-monthly 3"
|
||||||
paths = "/data/backup/postgresql";
|
];
|
||||||
startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
|
};
|
||||||
extraInitArgs = "--storage-quota 10G";
|
in {
|
||||||
encryption = {
|
postgres = (localJob "postgres" [ "/tank/backup/postgresql" ]) // {
|
||||||
mode = "repokey-blake2";
|
timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
|
||||||
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
postgresWeekly = borgJob "postgres::weekly" // {
|
|
||||||
paths = "/data/backup/postgresql";
|
|
||||||
startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
|
|
||||||
extraInitArgs = "--storage-quota 10G";
|
|
||||||
encryption = {
|
|
||||||
mode = "repokey-blake2";
|
|
||||||
passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
gitea = borgJob "gitea::weekly" // {
|
|
||||||
paths = "/tank/services/gitea";
|
|
||||||
startAt = "Mon *-*-* 05:15:00";
|
|
||||||
extraInitArgs = "--storage-quota 20G";
|
|
||||||
encryption = {
|
|
||||||
mode = "repokey-blake2";
|
|
||||||
passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
minecraft = borgJob "minecraft::weekly" // {
|
|
||||||
paths = "/var/lib/minecraft-wack";
|
|
||||||
startAt = "weekly";
|
|
||||||
extraInitArgs = "--storage-quota 20G";
|
|
||||||
encryption.mode = "none";
|
|
||||||
|
|
||||||
preHook = ''
|
|
||||||
${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
|
|
||||||
'';
|
|
||||||
|
|
||||||
postHook = ''
|
|
||||||
${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
|
gitea = (localJob "gitea" [ "/tank/services/gitea" ]);
|
||||||
sops.secrets."borg/postgres" = { };
|
matrix-synapse = (localJob "matrix-synapse" [ "/var/lib/matrix-synapse" ]);
|
||||||
sops.secrets."borg/gitea" = { };
|
vaultwarden = (localJob "vaultwarden" [ "/var/lib/bitwarden_rs" ]);
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: home-assistant, pihole
|
||||||
|
sops.secrets."restic/postgres" = { };
|
||||||
|
sops.secrets."restic/gitea" = { };
|
||||||
|
sops.secrets."restic/matrix-synapse" = { };
|
||||||
|
sops.secrets."restic/vaultwarden" = { };
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
[
|
[
|
||||||
../../base.nix
|
../../base.nix
|
||||||
../../common/metrics-exporters.nix
|
../../common/metrics-exporters.nix
|
||||||
|
./filesystems.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
# Infrastructure
|
# Infrastructure
|
||||||
|
@ -44,16 +45,6 @@
|
||||||
sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
|
sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
|
||||||
|
|
||||||
environment.variables = { EDITOR = "vim"; };
|
environment.variables = { EDITOR = "vim"; };
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
zfs
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
zfs.extraPools = [ "tank" ];
|
|
||||||
supportedFilesystems = [ "zfs" ];
|
|
||||||
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
||||||
};
|
|
||||||
services.prometheus.exporters.zfs.enable = true;
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
virtualisation.oci-containers.backend = "docker";
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
# Boot drives are defined in ./hardware-configuration.nix
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
zfs.extraPools = [ "tank" ];
|
||||||
|
supportedFilesystems = [ "zfs" ];
|
||||||
|
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
|
};
|
||||||
|
services.prometheus.exporters.zfs.enable = true;
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
cifs-utils
|
||||||
|
zfs
|
||||||
|
];
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/mnt/feal-syn1/backup" = {
|
||||||
|
device = "feal-syn1.home.feal.no:/volume2/backup";
|
||||||
|
fsType = "nfs";
|
||||||
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"noatime"
|
||||||
|
"rw"
|
||||||
|
"nfsvers=3"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
enable = true;
|
enable = true;
|
||||||
location = "/data/backup/postgresql/";
|
location = "/tank/backup/postgresql";
|
||||||
startAt = "*-*-* 03:15:00";
|
startAt = "*-*-* 03:15:00";
|
||||||
|
|
||||||
# Each service is registered in its own configuration file
|
# Each service is registered in its own configuration file
|
||||||
|
|
|
@ -11,9 +11,11 @@ vaultwarden:
|
||||||
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
|
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
|
||||||
microbin:
|
microbin:
|
||||||
secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
|
secrets: ENC[AES256_GCM,data:B2yOSEXFyge7fgphtKcy8CjaeEiwmHAxgGoiqa4lmQtRtnxy5UuH3dFuCXHvbd3n6YA24zX3ANIQpj6ilT4I96+P+L9TjA==,iv:3mryQf3GdKCqBkLsfyqJk5ZN+/gOEbL/LmEzreINGME=,tag:YD8uvkS23c5B7J9srRrU9w==,type:str]
|
||||||
borg:
|
restic:
|
||||||
postgres: ENC[AES256_GCM,data:vwfLF2qkUMl9b/4oYVm+pzfbbw==,iv:+QlTXjowne2d+ufw9YbhgaAIVvYg78LkMS0BqfPwoRI=,tag:JAbR3/DbYp+vRApJteg4zA==,type:str]
|
gitea: ENC[AES256_GCM,data:3RqbDR8h+htdKoThpp2mptB3QuMmNSaFIw6ORGMxpcs=,iv:ZqG4zlsMPh9PmsCZ/deEON6weY+p5rAUN2dEJGzEfOY=,tag:4jN00VnwOpId+Zp8qF5tmQ==,type:str]
|
||||||
gitea: ENC[AES256_GCM,data:GIZ/wkzEkm6DUZETv8GpXd8k5w==,iv:MLnVtrev+poT+3D5+o5UV8FBQWpvqlYAkcXMF53bKJw=,tag:89zkLJNZw04ZPyqvpspgsw==,type:str]
|
matrix-synapse: ENC[AES256_GCM,data:wJMtOS8IH6lY8ni2h5hO0zJN6JbJUpfeSp44iTpEcZM=,iv:45BBv5kPCmbW68k59FuuVf22JTrWtDWNEiovPuCOn/M=,tag:sslqD1foO8FeD7Oll8sGFg==,type:str]
|
||||||
|
postgres: ENC[AES256_GCM,data:FsXVw4nd+7bwaX4UL0/ShuQRDbLJEPlAasMaV4LNP88=,iv:/0GLzTyrJB5+DQcsxFJxuDVQpsj87levnKUd+/T6rAw=,tag:ndE3UJpMW/mLot4Ar8xY1A==,type:str]
|
||||||
|
vaultwarden: ENC[AES256_GCM,data:tZKf1jeQPBASruDP67NrVfwFoAZ20whQIHf1SWIQz0s=,iv:kyfqvEf/DiAGHAU99HVGri15kluewijkSPOCGKjxIaQ=,tag:tmDQPH2IjjUV5wLegXXybg==,type:str]
|
||||||
keycloak:
|
keycloak:
|
||||||
postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str]
|
postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
|
@ -40,8 +42,8 @@ sops:
|
||||||
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||||
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-25T17:49:30Z"
|
lastmodified: "2024-10-05T08:43:32Z"
|
||||||
mac: ENC[AES256_GCM,data:17W0WL9NkwEi/zofBffNtns4kxykfpOV05ukHDpkNjmlrRKxTJtlpRLdSb0JGaAxPm15f2fdjDmKl7gkDm09SRXMRwxyntix2ZjvMPx9pXgoMfiZfc6Cn3GwGco3Eajvpm8tS7DKaWfToC+XYvxjeHhyFhDbI7xMf7LcB2s+OOI=,iv:v5rAcMz5142AKKx7CQLTRBR3tGMWe1LSM0VHaDI5Nbk=,tag:GxoQjPE8ox45Udx/id+Y/g==,type:str]
|
mac: ENC[AES256_GCM,data:UMaxVqcS9SK/OclUe5k547zScx5BhAJt4f87Sfw2Ctdx6ZJRbju4310TeZUygzge4/OrCywD+9R09FzR65OBvIDxvUIqOblqzrYiHK6xRUSkUtLJEb8gzD7ycsccHaHpLYom0zbSixmMUDSthn2rexQixin9gUGVq+x9I3Z/sPk=,iv:oZAcTHjeFQjxZrNmQmJS3kJiXs1IcDbYJOo44kI3f5Y=,tag:7GINKR+6WMhlDAzeDOyrog==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in New Issue