summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/prism/backup.nix37
-rw-r--r--lass/1systems/prism/config.nix1
-rw-r--r--lass/2configs/codimd.nix56
-rw-r--r--lass/2configs/websites/domsen.nix28
4 files changed, 66 insertions, 56 deletions
diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix
new file mode 100644
index 000000000..52b4142b9
--- /dev/null
+++ b/lass/1systems/prism/backup.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresqlBackup.enable = true;
+
+ systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
+
+ services.borgbackup.jobs.hetzner = {
+ paths = [
+ "/var/backup"
+ ];
+ exclude = [
+ "*.pyc"
+ ];
+ repo = "u364341@u364341.your-storagebox.de:/./hetzner";
+ encryption.mode = "none";
+ compression = "auto,zstd";
+ startAt = "daily";
+ # TODO: change backup key
+ environment.BORG_RSH = "ssh -oPort=23 -i ${toString <secrets> + "/borgbackup.ssh.id25519"}";
+ preHook = ''
+ set -x
+ '';
+
+ postHook = ''
+ cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
+ task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
+ EOF
+ '';
+
+ prune.keep = {
+ within = "1d"; # Keep all archives from the last day
+ daily = 7;
+ weekly = 4;
+ monthly = 0;
+ };
+ };
+}
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index 1faa23ec3..0e58b62b8 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -3,6 +3,7 @@ with import <stockholm/lib>;
{
imports = [
+ ./backup.nix
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix
index 0927788a7..f8880dbdc 100644
--- a/lass/2configs/codimd.nix
+++ b/lass/2configs/codimd.nix
@@ -34,6 +34,7 @@ in
CMD_CSP_ALLOW_FRAMING = "true";
};
+ services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ];
systemd.services.hedgedoc-backup = {
startAt = "daily";
serviceConfig = {
@@ -42,61 +43,6 @@ in
};
};
- services.postgresqlBackup.enable = true;
-
- systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
-
- services.borgbackup.jobs.hetzner = {
- paths = [
- "/home"
- "/etc"
- "/var"
- "/root"
- ];
- exclude = [
- "*.pyc"
- "/home/*/.direnv"
- "/home/*/.cache"
- "/home/*/.cargo"
- "/home/*/.npm"
- "/home/*/.m2"
- "/home/*/.gradle"
- "/home/*/.opam"
- "/home/*/.clangd"
- "/var/lib/containerd"
- # already included in database backup
- "/var/lib/postgresql"
- # not so important
- "/var/lib/docker/"
- "/var/log/journal"
- "/var/cache"
- "/var/tmp"
- "/var/log"
- ];
- repo = "u348918@u348918.your-storagebox.de:/./hetzner";
- encryption.mode = "none";
- compression = "auto,zstd";
- startAt = "daily";
- # TODO: change backup key
- environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
- preHook = ''
- set -x
- '';
-
- postHook = ''
- cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
- task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
- EOF
- '';
-
- prune.keep = {
- within = "1d"; # Keep all archives from the last day
- daily = 7;
- weekly = 4;
- monthly = 0;
- };
- };
-
services.hedgedoc = {
enable = true;
configuration.allowOrigin = [ domain ];
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 9d28bedc6..71f7f8111 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -200,7 +200,25 @@ in {
{ domain = "beesmooth.ch"; }
];
};
-
+ services.borgbackup.jobs.hetzner.paths = [
+ "/home/xanf"
+ "/home/domsen"
+ "/home/bruno"
+ "/home/jla-trading"
+ "/home/jms"
+ "/home/ms"
+ "/home/bui"
+ "/home/klabusterbeere"
+ "/home/akayguen"
+ "/home/kasia"
+ "/home/dif"
+ "/home/lavafilms"
+ "/home/movematchers"
+ "/home/blackphoton"
+ "/home/avada"
+ "/home/sts"
+ "/home/familienrat"
+ ];
users.users.UBIK-SFTP = {
uid = genid_uint31 "UBIK-SFTP";
home = "/home/UBIK-SFTP";
@@ -362,6 +380,14 @@ in {
isNormalUser = true;
};
+ users.users.sts = {
+ uid = genid_uint31 "sts";
+ home = "/home/sts";
+ useDefaultShell = true;
+ createHome = true;
+ isNormalUser = true;
+ };
+
users.users.familienrat = {
uid = genid_uint31 "familienrat";
home = "/home/familienrat";