add proper borg setup for cream

add jobrad
2023-03-07 16:21:46 +01:00 · 2023-03-07 16:21:46 +01:00 · 02c51206fe
parent 3a7dcaea0f
commit 02c51206fe
12 changed files with 131 additions and 73 deletions
--- a/flake.lock
+++ b/flake.lock
@ -826,13 +826,12 @@
      }
    },
    "private_assets": {
-      "flake": false,
      "locked": {
-        "lastModified": 1673774076,
-        "narHash": "sha256-lKzJ0lpLPR/zm7JvnMeISAGk3Au1RKxKXO6t6cn5gW8=",
+        "lastModified": 1678382806,
+        "narHash": "sha256-E0PsUulg0FMF1IbXKRxzZ4ynpLHS1criJGabSuUb6ao=",
        "ref": "main",
-        "rev": "f51b139fd76988e9c31792e39bfd88085477654a",
-        "revCount": 4,
+        "rev": "5d995fa3c7a3018f16373523b61c61e8cd179c8e",
+        "revCount": 6,
        "type": "git",
        "url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git"
      },
--- a/flake.nix
+++ b/flake.nix
@ -57,7 +57,7 @@
    };
    private_assets = {
      url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
-      flake = false;
+      flake = true;
    };
    retiolum = {
      url = "github:Mic92/retiolum";
@ -192,6 +192,7 @@
              nixos-hardware.nixosModules.framework-12th-gen-intel
              #retiolum.nixosModules.retiolum
              #kmonad.nixosModules.default
+              private_assets.nixosModules.jobrad
            ];
            # todo : check out => https://github.com/terlar/nix-config/blob/ad35fbfc20e58626eb9fbd5f67716bc07bb98fc9/home-manager/modules/profiles/user/terje/keyboards.nix
            #services.kmonad = {
--- a/nixos/components/gui/browser.nix
+++ b/nixos/components/gui/browser.nix
@ -33,7 +33,12 @@ in
          homeBackup = "${backupFolder}/shopping-browser";
          gpu = false;
        };
-
+        jobrad = {
+          browserType = "firefox";
+          home = "${homeFolder}/jobrad";
+          homeBackup = "${backupFolder}/jobrad-browser";
+          gpu = false;
+        };
        firefox-tmp = {
          browserType = "firefox";
          home = "${homeFolder}/firefox-tmp";
--- a/nixos/components/gui/home-manager/ssh.nix
+++ b/nixos/components/gui/home-manager/ssh.nix
@ -9,6 +9,10 @@
          identityFile = "~/.ssh/palo_rsa.pub";
          identitiesOnly = true;
        };
+        "*.jobrad.org" = {
+          user = "iwagner";
+          identityFile = "~/.ssh/jobrad_ed25519";
+        };
        "lassul.us" = {
          user = "download";
          port = 45621;
--- a/nixos/components/gui/xorg/default.nix
+++ b/nixos/components/gui/xorg/default.nix
@ -39,6 +39,7 @@ with lib;
          scrollMethod = "twofinger";
          accelSpeed = "1.3";
          naturalScrolling = true;
+          horizontalScrolling = true;
        };
      };

--- a/nixos/machines/cream/borg.nix
+++ b/nixos/machines/cream/borg.nix
@ -0,0 +1,44 @@
+{ lib, config, pkgs, ... }: {
+
+  # backup repository
+  services.borgbackup.repos = {
+    default = {
+      quota = "100G";
+      allowSubRepos = true;
+      authorizedKeys = [
+        # todo rename
+        (lib.fileContents ../../assets/ssh/borg_access.pub)
+        (lib.fileContents ../../assets/ssh/palo_rsa.pub)
+      ];
+    };
+    removable = {
+      quota = "250G";
+      allowSubRepos = true;
+      user = "removable";
+      path = "/removable/borg";
+      authorizedKeys = [
+        # todo rename
+        (lib.fileContents ../../assets/ssh/borg_access.pub)
+        (lib.fileContents ../../assets/ssh/palo_rsa.pub)
+      ];
+    };
+  };
+
+  backup.enable = true;
+  backup.dirs = [
+    "/home/palo/jobrad"
+    "/home/palo/.timewarrior"
+    "/home/palo/.ssh"
+  ];
+
+  backup.servers = {
+    robi.host = "144.76.13.147";
+    pepe.host = "pepe.private";
+    cream.host = "cream.private";
+    cream-removable = {
+      user = "removable";
+      host = "cream.private";
+    };
+  };
+
+}
--- a/nixos/machines/cream/configuration.nix
+++ b/nixos/machines/cream/configuration.nix
@ -18,6 +18,9 @@
    ./qemu.nix
    ./wireguard.nix

+    ./borg.nix
+
+
  ];


--- a/nixos/machines/cream/packages.nix
+++ b/nixos/machines/cream/packages.nix
@ -103,6 +103,8 @@ in

    bitwarden

+    sensu-go-cli
+
  ];

  home-manager.users.mainUser = {
--- a/nixos/machines/pepe/borg.nix
+++ b/nixos/machines/pepe/borg.nix
@ -1,6 +1,8 @@
 { lib, config, pkgs, ... }: {

-  # provide borg backup repository
+  backup.enable = true;
+
+  # provide repository
  services.borgbackup.repos = {
    default = {
      quota = "100G";
--- a/nixos/machines/robi/borg.nix
+++ b/nixos/machines/robi/borg.nix
@ -1,5 +1,8 @@
 { lib, config, pkgs, ... }: {

+  backup.enable = true;
+
+  # provide repository
  services.borgbackup.repos = {
    default = {
      quota = "300G";
@ -11,20 +14,5 @@
    };
  };

-  # mirror backup folder to /media
-  #systemd.services.borg-mirror-to-media = {
-  #  enable = true;
-  #  script = ''
-  #    ${pkgs.rsync}/bin/rsync -a \
-  #      /var/lib/borgbackup/ \
-  #      /media/borg-backup-mirror \
-  #      --delete-after
-  #  '';
-  #};
-  #systemd.timers.borg-mirror-to-media = {
-  #  enable = true;
-  #  timerConfig.OnCalendar = "daily";
-  #  wantedBy = [ "multi-user.target" ];
-  #};

 }
--- a/nixos/system/all/borg-jobs.nix
+++ b/nixos/system/all/borg-jobs.nix
@ -6,48 +6,56 @@
 {

  options = {
-    backup.dirs = lib.mkOption {
-      default = [ ];
-      type = with lib.types; listOf str;
-      description = ''
-        folders to backup
-      '';
-    };
-    backup.exclude = lib.mkOption {
-      default = [ ];
-      type = with lib.types; listOf str;
-      description = ''
-        exclude files and folders matching a pattern.
-        Theses patterns effect all folders in `backup.dirs`.
-        see man borg pattern for more information
-      '';
-      example = [ ".git" "/home/*/.cache" ".stfolder" ];
+    backup = {
+      enable = lib.mkEnableOption "enable borg backup";
+      dirs = lib.mkOption {
+        default = [ ];
+        type = with lib.types; listOf str;
+        description = ''
+          folders to backup
+        '';
+      };
+      exclude = lib.mkOption {
+        default = [ ];
+        type = with lib.types; listOf str;
+        description = ''
+          exclude files and folders matching a pattern.
+          Theses patterns effect all folders in `backup.dirs`.
+          see man borg pattern for more information
+        '';
+        example = [ ".git" "/home/*/.cache" ".stfolder" ];
+      };
+      servers = lib.mkOption {
+        default = {
+          robi.host = "144.76.13.147";
+          pepe.host = "pepe.private";
+        };
+        type = with lib.types; attrsOf (submodule {
+          options = {
+            host = lib.mkOption {
+              type = with lib.types; str;
+            };
+            user = lib.mkOption {
+              default = "borg";
+              type = with lib.types; str;
+            };
+          };
+        });
+        description = ''
+          servers to backup to
+        '';
+      };
    };
  };

  config =
    let
-
-      servers = [
-        {
-          name = "robi";
-          host = "144.76.13.147";
-        }
-        {
-          name = "pepe";
-          host = "pepe.private";
-        }
-      ];
-
-      dirs = config.backup.dirs;
-
      myHostname = config.networking.hostName;
-
-      setup = server: {
+      setup = { user, host }: {
        paths = config.backup.dirs;
        exclude = config.backup.exclude;
        doInit = true;
-        repo = "borg@${server}:./${myHostname}";
+        repo = "${user}@${host}:./${myHostname}";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
@ -63,25 +71,26 @@
          weekly = 8; # Keep 8 additional end of week archives.
          monthly = -1; # Keep end of month archive for every month
        };
-
      };

    in
-    {
+
+    lib.mkIf config.backup.enable {

      sops.secrets.backup_repository_passphrase = { };
      sops.secrets.backup_ssh_rsa_private = { };

      services.borgbackup.jobs =
-        let
-          setups = map ({ name, host }: { "${name}" = setup host; }) servers;
-          setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups;
-          nonEmptySetups =
-            lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0)
-              setupAttrs;
-        in
-        nonEmptySetups;
+        lib.mapAttrs (_: target: setup target) config.backup.servers;
+
+      #systemd.services = lib.mapAttrs'
+      #  (name: _: {
+      #    name = "borgbackup-job-${name}";
+      #    value = { enable = config.backup.dirs != [ ]; };
+      #  })
+      #  config.backup.servers;

    };

+
 }
--- a/nixos/system/all/borg-scripts.nix
+++ b/nixos/system/all/borg-scripts.nix
@ -2,23 +2,23 @@

  environment.systemPackages =
    let
-      createScript = command: host: repository:
+      createScript = command: target: repository:
        pkgs.writers.writeBashBin
-          "borg-${command}-on-${host}-for-${repository}" ''
+          "borg-${command}-on-${target}-for-${repository}" ''
          ${pkgs.borgbackup}/bin/borg \
            ${command} \
-            --rsh='ssh -i ~/.ssh/palo_rsa.pub' borg@${host}.private:${repository}/. \
+            --rsh='ssh -i ~/.ssh/palo_rsa.pub' ${target}.private:${repository}/. \
            "$@"
        '';
-      hosts = [ "pepe" "robi" ];
-      repositories = [ "pepe" "sterni" "robi" ];
+      targets = [ "borg@pepe" "borg@robi" "borg@cream" "removable@cream" ];
+      repositories = [ "pepe" "sterni" "robi" "cream" ];
      commands = [ "list" "mount" ];
    in
    lib.flatten (map
      (command:
        map
-          (host: map (repository: createScript command host repository) repositories)
-          hosts)
+          (target: map (repository: createScript command target repository) repositories)
+          targets)
      commands);

 }