From 489d3924307171751b174d62f64ce29a5c2550cf Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 21 Oct 2018 23:04:27 +0200 Subject: ma backup: init --- makefu/2configs/backup/server.nix | 11 +++++++++++ makefu/2configs/backup/ssh/gum.pub | 1 + makefu/2configs/backup/ssh/nextgum.pub | 1 + makefu/2configs/backup/ssh/omo.pub | 1 + makefu/2configs/backup/ssh/x.pub | 1 + makefu/2configs/backup/state.nix | 25 +++++++++++++++++++++++++ 6 files changed, 40 insertions(+) create mode 100644 makefu/2configs/backup/server.nix create mode 100644 makefu/2configs/backup/ssh/gum.pub create mode 100644 makefu/2configs/backup/ssh/nextgum.pub create mode 100644 makefu/2configs/backup/ssh/omo.pub create mode 100644 makefu/2configs/backup/ssh/x.pub create mode 100644 makefu/2configs/backup/state.nix diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix new file mode 100644 index 000000000..f157e715f --- /dev/null +++ b/makefu/2configs/backup/server.nix @@ -0,0 +1,11 @@ +{lib, ... }: +let + hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh ); +in { + # TODO: for all enabled machines + services.borgbackup.repos = lib.genAttrs hosts (host: { + authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ]; + path = "/var/lib/borgbackup/${host}"; + user = "borg-${host}"; + }) ; +} diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub new file mode 100644 index 000000000..ed203d544 --- /dev/null +++ b/makefu/2configs/backup/ssh/gum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/nextgum.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub new file mode 100644 index 000000000..053b4da87 --- /dev/null +++ b/makefu/2configs/backup/ssh/omo.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub new file mode 100644 index 000000000..fe894df33 --- /dev/null +++ b/makefu/2configs/backup/ssh/x.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix new file mode 100644 index 000000000..1143708bf --- /dev/null +++ b/makefu/2configs/backup/state.nix @@ -0,0 +1,25 @@ +{ config, ... }: +# back up all state +let + sec = toString ; + sshkey = sec + "/borg.priv"; + phrase = sec + "/borg.pw"; +in +{ + services.borgbackup.jobs.state = { + repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:."; + paths = config.state; + encryption = { + mode = "repokey"; + passCommand = "cat ${phrase}"; + }; + environment.BORG_RSH = "ssh -i ${sshkey}"; + prune.keep = + { daily = 7; + weekly = 4; + monthly = -1; # Keep at least one archive for each month + }; + compression = "auto,lzma"; + startAt = "daily"; + }; +} -- cgit v1.2.3