palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

restic: fix backup

Browse source
This commit is contained in:
Ingolf Wagner 2020-04-29 21:32:54 +02:00
parent 0a01174657
commit 9a82b633f1
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
4 changed files with 20 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configs/pepe/configuration.nix
View file

@ -15,7 +15,6 @@
]; ];
networking.hostName = "pepe"; networking.hostName = "pepe";
services.printing.enable = false;
# fonts # fonts
# ----- # -----
@ -39,5 +38,8 @@
balance = false; balance = false;
}; };
services.printing.enable = false;
services.smartd.enable = true;
} }

35
configs/workhorse/configuration.nix
View file

@ -40,6 +40,12 @@
networking.hostName = "workhorse"; networking.hostName = "workhorse";
# font
# ----
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
system.custom.fonts.dpi = 140;
# enable initrd ssh # enable initrd ssh
configuration.init-ssh = { configuration.init-ssh = {
enable = "enabled"; enable = "enabled";
@ -56,34 +62,9 @@
balance = false; balance = false;
}; };
security.wrappers = { virtualisation = { docker.enable = false; };
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
};
services.logind.lidSwitch = lib.mkForce "ignore";
system.custom.x11.enable = lib.mkForce false;
programs.custom.steam.enable = false;
programs.custom.video.enable = false;
# font
# ----
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
system.custom.fonts.dpi = 140;
services.printing.enable = true;
nix.useSandbox = true;
virtualisation = {
docker.enable = true;
#virtualbox = {
# host.enable = true;
# guest.x11 = true;
# guest.enable = true;
#};
};
services.printing.enable = false;
services.smartd.enable = true; services.smartd.enable = true;
} }

9
system/all/restic.nix
View file

@ -19,7 +19,7 @@
setup = server: { setup = server: {
enable = lib.mkDefault true; enable = lib.mkDefault true;
passwordFile = toString <secrets/backup/restic-repo>; passwordFile = toString <secrets/backup/restic-repo>;
repo = "sftp::backup/remote-${config.networking.hostName}"; repo = "sftp::remote/remote-${config.networking.hostName}";
requires = [ ]; requires = [ ];
extraArguments = [ extraArguments = [
"sftp.command='ssh backup@${server} -i ${ "sftp.command='ssh backup@${server} -i ${
@ -52,6 +52,13 @@
backup.services.restic = lib.zipAttrsWith (name: vals: lib.head vals) backup.services.restic = lib.zipAttrsWith (name: vals: lib.head vals)
(map (server: { "on-${server}" = setup server; }) servers); (map (server: { "on-${server}" = setup server; }) servers);
systemd.services = let
timeoutConfig = server: {
name = "backup.on-${server}";
value = { serviceConfig.TimeoutSec = 30 * 60; };
};
in builtins.listToAttrs (map timeoutConfig servers);
environment.etc."info/restic-${hostname}.json" = { environment.etc."info/restic-${hostname}.json" = {
enable = true; enable = true;
text = builtins.toJSON (map infoEntry servers); text = builtins.toJSON (map infoEntry servers);

2
system/all/sftp-user.nix
View file

@ -6,7 +6,7 @@
"backup" = { "backup" = {
enable = true; enable = true;
initialize = true; initialize = true;
home = toString /backup/remote/backup; home = toString /backup/remote;
authorizedKeys.keyFiles = authorizedKeys.keyFiles =
[ (toString <common_secrets/backup/sftp-user_rsa.pub>) ] [ (toString <common_secrets/backup/sftp-user_rsa.pub>) ]
++ config.users.users.root.openssh.authorizedKeys.keyFiles; ++ config.users.users.root.openssh.authorizedKeys.keyFiles;