add proper borg setup for cream

add jobrad
This commit is contained in:
Ingolf Wagner 2023-03-07 16:21:46 +01:00
parent 3a7dcaea0f
commit 02c51206fe
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
12 changed files with 131 additions and 73 deletions

View file

@ -826,13 +826,12 @@
} }
}, },
"private_assets": { "private_assets": {
"flake": false,
"locked": { "locked": {
"lastModified": 1673774076, "lastModified": 1678382806,
"narHash": "sha256-lKzJ0lpLPR/zm7JvnMeISAGk3Au1RKxKXO6t6cn5gW8=", "narHash": "sha256-E0PsUulg0FMF1IbXKRxzZ4ynpLHS1criJGabSuUb6ao=",
"ref": "main", "ref": "main",
"rev": "f51b139fd76988e9c31792e39bfd88085477654a", "rev": "5d995fa3c7a3018f16373523b61c61e8cd179c8e",
"revCount": 4, "revCount": 6,
"type": "git", "type": "git",
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git" "url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git"
}, },

View file

@ -57,7 +57,7 @@
}; };
private_assets = { private_assets = {
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = false; flake = true;
}; };
retiolum = { retiolum = {
url = "github:Mic92/retiolum"; url = "github:Mic92/retiolum";
@ -192,6 +192,7 @@
nixos-hardware.nixosModules.framework-12th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
#retiolum.nixosModules.retiolum #retiolum.nixosModules.retiolum
#kmonad.nixosModules.default #kmonad.nixosModules.default
private_assets.nixosModules.jobrad
]; ];
# todo : check out => https://github.com/terlar/nix-config/blob/ad35fbfc20e58626eb9fbd5f67716bc07bb98fc9/home-manager/modules/profiles/user/terje/keyboards.nix # todo : check out => https://github.com/terlar/nix-config/blob/ad35fbfc20e58626eb9fbd5f67716bc07bb98fc9/home-manager/modules/profiles/user/terje/keyboards.nix
#services.kmonad = { #services.kmonad = {

View file

@ -33,7 +33,12 @@ in
homeBackup = "${backupFolder}/shopping-browser"; homeBackup = "${backupFolder}/shopping-browser";
gpu = false; gpu = false;
}; };
jobrad = {
browserType = "firefox";
home = "${homeFolder}/jobrad";
homeBackup = "${backupFolder}/jobrad-browser";
gpu = false;
};
firefox-tmp = { firefox-tmp = {
browserType = "firefox"; browserType = "firefox";
home = "${homeFolder}/firefox-tmp"; home = "${homeFolder}/firefox-tmp";

View file

@ -9,6 +9,10 @@
identityFile = "~/.ssh/palo_rsa.pub"; identityFile = "~/.ssh/palo_rsa.pub";
identitiesOnly = true; identitiesOnly = true;
}; };
"*.jobrad.org" = {
user = "iwagner";
identityFile = "~/.ssh/jobrad_ed25519";
};
"lassul.us" = { "lassul.us" = {
user = "download"; user = "download";
port = 45621; port = 45621;

View file

@ -39,6 +39,7 @@ with lib;
scrollMethod = "twofinger"; scrollMethod = "twofinger";
accelSpeed = "1.3"; accelSpeed = "1.3";
naturalScrolling = true; naturalScrolling = true;
horizontalScrolling = true;
}; };
}; };

View file

@ -0,0 +1,44 @@
{ lib, config, pkgs, ... }: {
# backup repository
services.borgbackup.repos = {
default = {
quota = "100G";
allowSubRepos = true;
authorizedKeys = [
# todo rename
(lib.fileContents ../../assets/ssh/borg_access.pub)
(lib.fileContents ../../assets/ssh/palo_rsa.pub)
];
};
removable = {
quota = "250G";
allowSubRepos = true;
user = "removable";
path = "/removable/borg";
authorizedKeys = [
# todo rename
(lib.fileContents ../../assets/ssh/borg_access.pub)
(lib.fileContents ../../assets/ssh/palo_rsa.pub)
];
};
};
backup.enable = true;
backup.dirs = [
"/home/palo/jobrad"
"/home/palo/.timewarrior"
"/home/palo/.ssh"
];
backup.servers = {
robi.host = "144.76.13.147";
pepe.host = "pepe.private";
cream.host = "cream.private";
cream-removable = {
user = "removable";
host = "cream.private";
};
};
}

View file

@ -18,6 +18,9 @@
./qemu.nix ./qemu.nix
./wireguard.nix ./wireguard.nix
./borg.nix
]; ];

View file

@ -103,6 +103,8 @@ in
bitwarden bitwarden
sensu-go-cli
]; ];
home-manager.users.mainUser = { home-manager.users.mainUser = {

View file

@ -1,6 +1,8 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
# provide borg backup repository backup.enable = true;
# provide repository
services.borgbackup.repos = { services.borgbackup.repos = {
default = { default = {
quota = "100G"; quota = "100G";

View file

@ -1,5 +1,8 @@
{ lib, config, pkgs, ... }: { { lib, config, pkgs, ... }: {
backup.enable = true;
# provide repository
services.borgbackup.repos = { services.borgbackup.repos = {
default = { default = {
quota = "300G"; quota = "300G";
@ -11,20 +14,5 @@
}; };
}; };
# mirror backup folder to /media
#systemd.services.borg-mirror-to-media = {
# enable = true;
# script = ''
# ${pkgs.rsync}/bin/rsync -a \
# /var/lib/borgbackup/ \
# /media/borg-backup-mirror \
# --delete-after
# '';
#};
#systemd.timers.borg-mirror-to-media = {
# enable = true;
# timerConfig.OnCalendar = "daily";
# wantedBy = [ "multi-user.target" ];
#};
} }

View file

@ -6,14 +6,16 @@
{ {
options = { options = {
backup.dirs = lib.mkOption { backup = {
enable = lib.mkEnableOption "enable borg backup";
dirs = lib.mkOption {
default = [ ]; default = [ ];
type = with lib.types; listOf str; type = with lib.types; listOf str;
description = '' description = ''
folders to backup folders to backup
''; '';
}; };
backup.exclude = lib.mkOption { exclude = lib.mkOption {
default = [ ]; default = [ ];
type = with lib.types; listOf str; type = with lib.types; listOf str;
description = '' description = ''
@ -23,31 +25,37 @@
''; '';
example = [ ".git" "/home/*/.cache" ".stfolder" ]; example = [ ".git" "/home/*/.cache" ".stfolder" ];
}; };
servers = lib.mkOption {
default = {
robi.host = "144.76.13.147";
pepe.host = "pepe.private";
};
type = with lib.types; attrsOf (submodule {
options = {
host = lib.mkOption {
type = with lib.types; str;
};
user = lib.mkOption {
default = "borg";
type = with lib.types; str;
};
};
});
description = ''
servers to backup to
'';
};
};
}; };
config = config =
let let
servers = [
{
name = "robi";
host = "144.76.13.147";
}
{
name = "pepe";
host = "pepe.private";
}
];
dirs = config.backup.dirs;
myHostname = config.networking.hostName; myHostname = config.networking.hostName;
setup = { user, host }: {
setup = server: {
paths = config.backup.dirs; paths = config.backup.dirs;
exclude = config.backup.exclude; exclude = config.backup.exclude;
doInit = true; doInit = true;
repo = "borg@${server}:./${myHostname}"; repo = "${user}@${host}:./${myHostname}";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}"; passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
@ -63,25 +71,26 @@
weekly = 8; # Keep 8 additional end of week archives. weekly = 8; # Keep 8 additional end of week archives.
monthly = -1; # Keep end of month archive for every month monthly = -1; # Keep end of month archive for every month
}; };
}; };
in in
{
lib.mkIf config.backup.enable {
sops.secrets.backup_repository_passphrase = { }; sops.secrets.backup_repository_passphrase = { };
sops.secrets.backup_ssh_rsa_private = { }; sops.secrets.backup_ssh_rsa_private = { };
services.borgbackup.jobs = services.borgbackup.jobs =
let lib.mapAttrs (_: target: setup target) config.backup.servers;
setups = map ({ name, host }: { "${name}" = setup host; }) servers;
setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups; #systemd.services = lib.mapAttrs'
nonEmptySetups = # (name: _: {
lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0) # name = "borgbackup-job-${name}";
setupAttrs; # value = { enable = config.backup.dirs != [ ]; };
in # })
nonEmptySetups; # config.backup.servers;
}; };
} }

View file

@ -2,23 +2,23 @@
environment.systemPackages = environment.systemPackages =
let let
createScript = command: host: repository: createScript = command: target: repository:
pkgs.writers.writeBashBin pkgs.writers.writeBashBin
"borg-${command}-on-${host}-for-${repository}" '' "borg-${command}-on-${target}-for-${repository}" ''
${pkgs.borgbackup}/bin/borg \ ${pkgs.borgbackup}/bin/borg \
${command} \ ${command} \
--rsh='ssh -i ~/.ssh/palo_rsa.pub' borg@${host}.private:${repository}/. \ --rsh='ssh -i ~/.ssh/palo_rsa.pub' ${target}.private:${repository}/. \
"$@" "$@"
''; '';
hosts = [ "pepe" "robi" ]; targets = [ "borg@pepe" "borg@robi" "borg@cream" "removable@cream" ];
repositories = [ "pepe" "sterni" "robi" ]; repositories = [ "pepe" "sterni" "robi" "cream" ];
commands = [ "list" "mount" ]; commands = [ "list" "mount" ];
in in
lib.flatten (map lib.flatten (map
(command: (command:
map map
(host: map (repository: createScript command host repository) repositories) (target: map (repository: createScript command target repository) repositories)
hosts) targets)
commands); commands);
} }