Compare commits

...

2 commits

Author SHA1 Message Date
Ingolf Wagner
07a2b5f2d1
🚧 borgbackup for paperless 2024-10-06 09:40:42 +09:00
Ingolf Wagner
253b146406
Update facts/secrets for service paperless-ngx.ssh in machine chungus 2024-10-06 09:22:23 +09:00
3 changed files with 34 additions and 0 deletions

View file

@ -236,6 +236,7 @@
# backup key # backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
]; ];
} }
) )

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5cHogtLN70T5g7b30r2RR4l6TEFB4t8O8FZ+NMUTfj nixbld@cherry

View file

@ -3,6 +3,7 @@
pkgs, pkgs,
lib, lib,
nixos-artwork, nixos-artwork,
factsGenerator,
... ...
}: }:
{ {
@ -50,4 +51,35 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
clan.core.facts.services."paperless-ngx.borg" = factsGenerator.password { name = "borgbackup"; };
clan.core.facts.services."paperless-ngx.ssh" = factsGenerator.ssh { name = "paperless-ngx"; };
# backup
services.borgbackup.jobs."paperless-ngx" = {
paths = [ config.services.paperless.dataDir ];
repo = "root@orbi.bear:${config.networking.hostName}/paperless-borg-backup";
compression = "auto,lzma";
startAt = "daily";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${
toString config.clan.core.facts.services."paperless-ngx.borg".secret."password.borgbackup".path
}";
};
environment = {
BORG_RSH = "ssh -i ${
toString
config.clan.core.facts.services."paperless-ngx.ssh".secret."ssh.paperless-ngx.id_ed25519".path
}";
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
prune.keep = {
within = "10d"; # Keep all backups in the last 10 days.
weekly = 8; # Keep 8 additional end of week archives.
monthly = -1; # Keep end of month archive for every month
};
doInit = true;
};
} }