nix-config/features/server/backups.nix

103 lines
2.5 KiB
Nix
Raw Normal View History

{
config,
secrets,
pkgs,
...
}:
2024-08-12 15:56:45 +02:00
{
2024-08-23 23:03:29 +02:00
imports = [
2024-08-23 23:49:48 +02:00
./backups-repos.nix
2024-08-23 23:03:29 +02:00
];
2024-08-12 16:10:31 +02:00
sops.secrets.borgRepoPassword = { };
2024-08-23 23:03:29 +02:00
sops.secrets.borgRemoteServerPassword = {
2024-08-25 12:44:14 +02:00
sopsFile = "${secrets}/secrets/backup.yaml";
2024-08-23 23:03:29 +02:00
};
2024-08-12 16:10:31 +02:00
sops.secrets.sshBorgOffsiteBackup = {
sopsFile = "${secrets}/secrets/backup.yaml";
};
sops.secrets.borgOffsiteBackupHostKeys = {
sopsFile = "${secrets}/secrets/backup.yaml";
};
2024-08-12 16:03:31 +02:00
services.borgbackup.jobs = {
2024-08-12 16:10:31 +02:00
/*
2024-08-23 23:03:29 +02:00
localBackup = {
paths = "/";
exclude = [
"/nix"
"/srv/Multimedia"
"/srv/media"
"/srv/backups/serverBackups"
"/srv/backups/localComputerBackups"
"/var/cache"
"/var/run"
"/tmp"
"/proc"
"/sys"
"/dev"
"/mnt"
"/run"
];
repo = "/srv/backups/serverBackups";
doInit = true;
encryption = {
mode = "repokey";
passCommand = "cat /run/secrets/borgRepoPassword";
};
compression = "auto,lzma";
startAt = "weekly";
};
2024-08-12 16:10:31 +02:00
2024-08-23 23:03:29 +02:00
/*
serverBackup = {
};
2024-08-12 16:10:31 +02:00
*/
};
services.borgbackup.repos = {
2024-08-12 15:56:45 +02:00
borgPersonalServer = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHyeTAANyYqMFded6mJHWuhGVXROu3TqDV2b8icjolfO root@meowcats-silly-computer"
];
path = "/srv/backups/localComputerBackups";
};
};
2024-08-23 23:03:29 +02:00
services.borgmatic = {
enable = true;
configurations = {
remoteServer = {
source_directories = [
"/var"
"/etc"
"/home"
"/srv/freshrss"
"/srv/Minecraft"
];
2024-08-25 12:57:12 +02:00
postgresql_databases = [
2024-08-25 13:07:10 +02:00
{ name = "forgejo"; }
{ name = "nextcloud"; }
{ name = "matrix-synapse"; }
2024-08-23 23:03:29 +02:00
];
exclude_patterns = [ "/home/*/.cache" ];
2024-08-25 15:30:38 +02:00
encryption_passcommand = "${pkgs.coreutils}/bin/cat /run/secrets/borgRemoteServerPassword";
ssh_command = "ssh -o GlobalKnownHostsFile=${config.sops.secrets.borgOffsiteBackupHostKeys.path} -i ${config.sops.secrets.sshBorgOffsiteBackup.path}";
2024-08-23 23:03:29 +02:00
};
};
};
2024-08-25 12:46:55 +02:00
systemd.timers."borgmatic" = {
2024-08-23 23:03:29 +02:00
enable = true;
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
WakeSystem = true;
2024-08-25 12:49:10 +02:00
Unit = "borgmatic.service";
2024-08-23 23:03:29 +02:00
};
};
2024-08-12 15:56:45 +02:00
}