From 02c51206fed36f1122bedf427e6cd6496d507a52 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Tue, 7 Mar 2023 16:21:46 +0100 Subject: [PATCH] add proper borg setup for cream add jobrad --- flake.lock | 9 +-- flake.nix | 3 +- nixos/components/gui/browser.nix | 7 +- nixos/components/gui/home-manager/ssh.nix | 4 + nixos/components/gui/xorg/default.nix | 1 + nixos/machines/cream/borg.nix | 44 +++++++++++ nixos/machines/cream/configuration.nix | 3 + nixos/machines/cream/packages.nix | 2 + nixos/machines/pepe/borg.nix | 4 +- nixos/machines/robi/borg.nix | 18 +---- nixos/system/all/borg-jobs.nix | 95 +++++++++++++---------- nixos/system/all/borg-scripts.nix | 14 ++-- 12 files changed, 131 insertions(+), 73 deletions(-) create mode 100644 nixos/machines/cream/borg.nix diff --git a/flake.lock b/flake.lock index 8d31836..08e7ea7 100644 --- a/flake.lock +++ b/flake.lock @@ -826,13 +826,12 @@ } }, "private_assets": { - "flake": false, "locked": { - "lastModified": 1673774076, - "narHash": "sha256-lKzJ0lpLPR/zm7JvnMeISAGk3Au1RKxKXO6t6cn5gW8=", + "lastModified": 1678382806, + "narHash": "sha256-E0PsUulg0FMF1IbXKRxzZ4ynpLHS1criJGabSuUb6ao=", "ref": "main", - "rev": "f51b139fd76988e9c31792e39bfd88085477654a", - "revCount": 4, + "rev": "5d995fa3c7a3018f16373523b61c61e8cd179c8e", + "revCount": 6, "type": "git", "url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git" }, diff --git a/flake.nix b/flake.nix index 77e5cfb..70be4f4 100644 --- a/flake.nix +++ b/flake.nix @@ -57,7 +57,7 @@ }; private_assets = { url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; - flake = false; + flake = true; }; retiolum = { url = "github:Mic92/retiolum"; @@ -192,6 +192,7 @@ nixos-hardware.nixosModules.framework-12th-gen-intel #retiolum.nixosModules.retiolum #kmonad.nixosModules.default + private_assets.nixosModules.jobrad ]; # todo : check out => https://github.com/terlar/nix-config/blob/ad35fbfc20e58626eb9fbd5f67716bc07bb98fc9/home-manager/modules/profiles/user/terje/keyboards.nix #services.kmonad = { diff --git a/nixos/components/gui/browser.nix b/nixos/components/gui/browser.nix index 23fd339..b1aff5e 100644 --- a/nixos/components/gui/browser.nix +++ b/nixos/components/gui/browser.nix @@ -33,7 +33,12 @@ in homeBackup = "${backupFolder}/shopping-browser"; gpu = false; }; - + jobrad = { + browserType = "firefox"; + home = "${homeFolder}/jobrad"; + homeBackup = "${backupFolder}/jobrad-browser"; + gpu = false; + }; firefox-tmp = { browserType = "firefox"; home = "${homeFolder}/firefox-tmp"; diff --git a/nixos/components/gui/home-manager/ssh.nix b/nixos/components/gui/home-manager/ssh.nix index 987fc33..1c33aa7 100644 --- a/nixos/components/gui/home-manager/ssh.nix +++ b/nixos/components/gui/home-manager/ssh.nix @@ -9,6 +9,10 @@ identityFile = "~/.ssh/palo_rsa.pub"; identitiesOnly = true; }; + "*.jobrad.org" = { + user = "iwagner"; + identityFile = "~/.ssh/jobrad_ed25519"; + }; "lassul.us" = { user = "download"; port = 45621; diff --git a/nixos/components/gui/xorg/default.nix b/nixos/components/gui/xorg/default.nix index 44a55d4..c441521 100644 --- a/nixos/components/gui/xorg/default.nix +++ b/nixos/components/gui/xorg/default.nix @@ -39,6 +39,7 @@ with lib; scrollMethod = "twofinger"; accelSpeed = "1.3"; naturalScrolling = true; + horizontalScrolling = true; }; }; diff --git a/nixos/machines/cream/borg.nix b/nixos/machines/cream/borg.nix new file mode 100644 index 0000000..1327bd8 --- /dev/null +++ b/nixos/machines/cream/borg.nix @@ -0,0 +1,44 @@ +{ lib, config, pkgs, ... }: { + + # backup repository + services.borgbackup.repos = { + default = { + quota = "100G"; + allowSubRepos = true; + authorizedKeys = [ + # todo rename + (lib.fileContents ../../assets/ssh/borg_access.pub) + (lib.fileContents ../../assets/ssh/palo_rsa.pub) + ]; + }; + removable = { + quota = "250G"; + allowSubRepos = true; + user = "removable"; + path = "/removable/borg"; + authorizedKeys = [ + # todo rename + (lib.fileContents ../../assets/ssh/borg_access.pub) + (lib.fileContents ../../assets/ssh/palo_rsa.pub) + ]; + }; + }; + + backup.enable = true; + backup.dirs = [ + "/home/palo/jobrad" + "/home/palo/.timewarrior" + "/home/palo/.ssh" + ]; + + backup.servers = { + robi.host = "144.76.13.147"; + pepe.host = "pepe.private"; + cream.host = "cream.private"; + cream-removable = { + user = "removable"; + host = "cream.private"; + }; + }; + +} diff --git a/nixos/machines/cream/configuration.nix b/nixos/machines/cream/configuration.nix index 85efc4d..6ee9ce2 100644 --- a/nixos/machines/cream/configuration.nix +++ b/nixos/machines/cream/configuration.nix @@ -18,6 +18,9 @@ ./qemu.nix ./wireguard.nix + ./borg.nix + + ]; diff --git a/nixos/machines/cream/packages.nix b/nixos/machines/cream/packages.nix index 5c0c0d6..8b7c18d 100644 --- a/nixos/machines/cream/packages.nix +++ b/nixos/machines/cream/packages.nix @@ -103,6 +103,8 @@ in bitwarden + sensu-go-cli + ]; home-manager.users.mainUser = { diff --git a/nixos/machines/pepe/borg.nix b/nixos/machines/pepe/borg.nix index f30de89..9c6d38e 100644 --- a/nixos/machines/pepe/borg.nix +++ b/nixos/machines/pepe/borg.nix @@ -1,6 +1,8 @@ { lib, config, pkgs, ... }: { - # provide borg backup repository + backup.enable = true; + + # provide repository services.borgbackup.repos = { default = { quota = "100G"; diff --git a/nixos/machines/robi/borg.nix b/nixos/machines/robi/borg.nix index d43d403..324f6ca 100644 --- a/nixos/machines/robi/borg.nix +++ b/nixos/machines/robi/borg.nix @@ -1,5 +1,8 @@ { lib, config, pkgs, ... }: { + backup.enable = true; + + # provide repository services.borgbackup.repos = { default = { quota = "300G"; @@ -11,20 +14,5 @@ }; }; - # mirror backup folder to /media - #systemd.services.borg-mirror-to-media = { - # enable = true; - # script = '' - # ${pkgs.rsync}/bin/rsync -a \ - # /var/lib/borgbackup/ \ - # /media/borg-backup-mirror \ - # --delete-after - # ''; - #}; - #systemd.timers.borg-mirror-to-media = { - # enable = true; - # timerConfig.OnCalendar = "daily"; - # wantedBy = [ "multi-user.target" ]; - #}; } diff --git a/nixos/system/all/borg-jobs.nix b/nixos/system/all/borg-jobs.nix index bca7315..1004814 100644 --- a/nixos/system/all/borg-jobs.nix +++ b/nixos/system/all/borg-jobs.nix @@ -6,48 +6,56 @@ { options = { - backup.dirs = lib.mkOption { - default = [ ]; - type = with lib.types; listOf str; - description = '' - folders to backup - ''; - }; - backup.exclude = lib.mkOption { - default = [ ]; - type = with lib.types; listOf str; - description = '' - exclude files and folders matching a pattern. - Theses patterns effect all folders in `backup.dirs`. - see man borg pattern for more information - ''; - example = [ ".git" "/home/*/.cache" ".stfolder" ]; + backup = { + enable = lib.mkEnableOption "enable borg backup"; + dirs = lib.mkOption { + default = [ ]; + type = with lib.types; listOf str; + description = '' + folders to backup + ''; + }; + exclude = lib.mkOption { + default = [ ]; + type = with lib.types; listOf str; + description = '' + exclude files and folders matching a pattern. + Theses patterns effect all folders in `backup.dirs`. + see man borg pattern for more information + ''; + example = [ ".git" "/home/*/.cache" ".stfolder" ]; + }; + servers = lib.mkOption { + default = { + robi.host = "144.76.13.147"; + pepe.host = "pepe.private"; + }; + type = with lib.types; attrsOf (submodule { + options = { + host = lib.mkOption { + type = with lib.types; str; + }; + user = lib.mkOption { + default = "borg"; + type = with lib.types; str; + }; + }; + }); + description = '' + servers to backup to + ''; + }; }; }; config = let - - servers = [ - { - name = "robi"; - host = "144.76.13.147"; - } - { - name = "pepe"; - host = "pepe.private"; - } - ]; - - dirs = config.backup.dirs; - myHostname = config.networking.hostName; - - setup = server: { + setup = { user, host }: { paths = config.backup.dirs; exclude = config.backup.exclude; doInit = true; - repo = "borg@${server}:./${myHostname}"; + repo = "${user}@${host}:./${myHostname}"; encryption = { mode = "repokey-blake2"; passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}"; @@ -63,25 +71,26 @@ weekly = 8; # Keep 8 additional end of week archives. monthly = -1; # Keep end of month archive for every month }; - }; in - { + + lib.mkIf config.backup.enable { sops.secrets.backup_repository_passphrase = { }; sops.secrets.backup_ssh_rsa_private = { }; services.borgbackup.jobs = - let - setups = map ({ name, host }: { "${name}" = setup host; }) servers; - setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups; - nonEmptySetups = - lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0) - setupAttrs; - in - nonEmptySetups; + lib.mapAttrs (_: target: setup target) config.backup.servers; + + #systemd.services = lib.mapAttrs' + # (name: _: { + # name = "borgbackup-job-${name}"; + # value = { enable = config.backup.dirs != [ ]; }; + # }) + # config.backup.servers; }; + } diff --git a/nixos/system/all/borg-scripts.nix b/nixos/system/all/borg-scripts.nix index 3bf884a..ed0b6e8 100644 --- a/nixos/system/all/borg-scripts.nix +++ b/nixos/system/all/borg-scripts.nix @@ -2,23 +2,23 @@ environment.systemPackages = let - createScript = command: host: repository: + createScript = command: target: repository: pkgs.writers.writeBashBin - "borg-${command}-on-${host}-for-${repository}" '' + "borg-${command}-on-${target}-for-${repository}" '' ${pkgs.borgbackup}/bin/borg \ ${command} \ - --rsh='ssh -i ~/.ssh/palo_rsa.pub' borg@${host}.private:${repository}/. \ + --rsh='ssh -i ~/.ssh/palo_rsa.pub' ${target}.private:${repository}/. \ "$@" ''; - hosts = [ "pepe" "robi" ]; - repositories = [ "pepe" "sterni" "robi" ]; + targets = [ "borg@pepe" "borg@robi" "borg@cream" "removable@cream" ]; + repositories = [ "pepe" "sterni" "robi" "cream" ]; commands = [ "list" "mount" ]; in lib.flatten (map (command: map - (host: map (repository: createScript command host repository) repositories) - hosts) + (target: map (repository: createScript command target repository) repositories) + targets) commands); }