summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/backup
diff options
context:
space:
mode:
authorjeschli <jeschli@gmail.com>2018-12-04 19:27:27 +0100
committerjeschli <jeschli@gmail.com>2018-12-04 19:27:27 +0100
commit5030b74cc5c578bb82619a24592504a6008f1a10 (patch)
tree0551e3ddb94353b7438bec02174bf3379bc89b87 /makefu/2configs/backup
parent78b289201987675844aa37abeb4279eb4051ebe0 (diff)
parent82988de84c177c247ebbe80940c4d50b9f073b4e (diff)
Merge branch 'master' of prism.r:stockholm
Diffstat (limited to 'makefu/2configs/backup')
-rw-r--r--makefu/2configs/backup/server.nix11
-rw-r--r--makefu/2configs/backup/ssh/gum.pub1
-rw-r--r--makefu/2configs/backup/ssh/nextgum.pub1
-rw-r--r--makefu/2configs/backup/ssh/omo.pub1
-rw-r--r--makefu/2configs/backup/ssh/x.pub1
-rw-r--r--makefu/2configs/backup/state.nix25
6 files changed, 40 insertions, 0 deletions
diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix
new file mode 100644
index 000000000..f157e715f
--- /dev/null
+++ b/makefu/2configs/backup/server.nix
@@ -0,0 +1,11 @@
+{lib, ... }:
+let
+ hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
+in {
+ # TODO: for all enabled machines
+ services.borgbackup.repos = lib.genAttrs hosts (host: {
+ authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
+ path = "/var/lib/borgbackup/${host}";
+ user = "borg-${host}";
+ }) ;
+}
diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub
new file mode 100644
index 000000000..ed203d544
--- /dev/null
+++ b/makefu/2configs/backup/ssh/gum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/nextgum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub
new file mode 100644
index 000000000..053b4da87
--- /dev/null
+++ b/makefu/2configs/backup/ssh/omo.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub
new file mode 100644
index 000000000..fe894df33
--- /dev/null
+++ b/makefu/2configs/backup/ssh/x.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix
new file mode 100644
index 000000000..1143708bf
--- /dev/null
+++ b/makefu/2configs/backup/state.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+# back up all state
+let
+ sec = toString <secrets>;
+ sshkey = sec + "/borg.priv";
+ phrase = sec + "/borg.pw";
+in
+{
+ services.borgbackup.jobs.state = {
+ repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
+ paths = config.state;
+ encryption = {
+ mode = "repokey";
+ passCommand = "cat ${phrase}";
+ };
+ environment.BORG_RSH = "ssh -i ${sshkey}";
+ prune.keep =
+ { daily = 7;
+ weekly = 4;
+ monthly = -1; # Keep at least one archive for each month
+ };
+ compression = "auto,lzma";
+ startAt = "daily";
+ };
+}