From 07a2b5f2d1d55854561f4f55f9c62bc820619c97 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sun, 6 Oct 2024 09:40:42 +0900 Subject: [PATCH] :construction: borgbackup for paperless --- flake.nix | 1 + machines/chungus/service-paperless.nix | 32 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/flake.nix b/flake.nix index 66dfb59..c5365fb 100644 --- a/flake.nix +++ b/flake.nix @@ -236,6 +236,7 @@ # backup key "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub" + "${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub" ]; } ) diff --git a/machines/chungus/service-paperless.nix b/machines/chungus/service-paperless.nix index 96adbfe..491cb6c 100644 --- a/machines/chungus/service-paperless.nix +++ b/machines/chungus/service-paperless.nix @@ -3,6 +3,7 @@ pkgs, lib, nixos-artwork, + factsGenerator, ... }: { @@ -50,4 +51,35 @@ proxyWebsockets = true; }; }; + + clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; }; + clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; }; + + # backup + services.borgbackup.jobs."paperless-ngx" = { + paths = [ config.services.paperless.dataDir ]; + repo = "root@orbi.bear:${config.networking.hostName}/paperless-borg-backup"; + compression = "auto,lzma"; + startAt = "daily"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${ + toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path + }"; + }; + environment = { + BORG_RSH = "ssh -i ${ + toString + config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path + }"; + BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; + }; + prune.keep = { + within = "10d"; # Keep all backups in the last 10 days. + weekly = 8; # Keep 8 additional end of week archives. + monthly = -1; # Keep end of month archive for every month + }; + doInit = true; + }; + }