l prism.r: add backups

lass/1systems/prism/backup.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresqlBackup.enable = true;
+
+  systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
+
+  services.borgbackup.jobs.hetzner = {
+    paths = [
+      "/var/backup"
+    ];
+    exclude = [
+      "*.pyc"
+    ];
+    repo = "u364341@u364341.your-storagebox.de:/./hetzner";
+    encryption.mode = "none";
+    compression = "auto,zstd";
+    startAt = "daily";
+    # TODO: change backup key
+    environment.BORG_RSH = "ssh -oPort=23 -i ${toString <secrets> + "/borgbackup.ssh.id25519"}";
+    preHook = ''
+      set -x
+    '';
+
+    postHook = ''
+      cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
+      task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
+      EOF
+    '';
+
+    prune.keep = {
+      within = "1d"; # Keep all archives from the last day
+      daily = 7;
+      weekly = 4;
+      monthly = 0;
+    };
+  };
+}

lass/1systems/prism/config.nix

@@ -3,6 +3,7 @@ with import <stockholm/lib>;
 
 {
   imports = [
+    ./backup.nix
     <stockholm/lass>
     <stockholm/lass/2configs/retiolum.nix>
     <stockholm/lass/2configs/libvirt.nix>

lass/2configs/codimd.nix

@@ -34,6 +34,7 @@ in
     CMD_CSP_ALLOW_FRAMING = "true";
   };
 
+  services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ];
   systemd.services.hedgedoc-backup = {
     startAt = "daily";
     serviceConfig = {
@@ -42,61 +43,6 @@ in
     };
   };
 
-  services.postgresqlBackup.enable = true;
-
-  systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
-
-  services.borgbackup.jobs.hetzner = {
-    paths = [
-      "/home"
-      "/etc"
-      "/var"
-      "/root"
-    ];
-    exclude = [
-      "*.pyc"
-      "/home/*/.direnv"
-      "/home/*/.cache"
-      "/home/*/.cargo"
-      "/home/*/.npm"
-      "/home/*/.m2"
-      "/home/*/.gradle"
-      "/home/*/.opam"
-      "/home/*/.clangd"
-      "/var/lib/containerd"
-      # already included in database backup
-      "/var/lib/postgresql"
-      # not so important
-      "/var/lib/docker/"
-      "/var/log/journal"
-      "/var/cache"
-      "/var/tmp"
-      "/var/log"
-    ];
-    repo = "u348918@u348918.your-storagebox.de:/./hetzner";
-    encryption.mode = "none";
-    compression = "auto,zstd";
-    startAt = "daily";
-    # TODO: change backup key
-    environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
-    preHook = ''
-      set -x
-    '';
-
-    postHook = ''
-      cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
-      task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
-      EOF
-    '';
-
-    prune.keep = {
-      within = "1d"; # Keep all archives from the last day
-      daily = 7;
-      weekly = 4;
-      monthly = 0;
-    };
-  };
-
   services.hedgedoc = {
     enable = true;
     configuration.allowOrigin = [ domain ];

lass/2configs/websites/domsen.nix

@@ -200,7 +200,25 @@ in {
       { domain = "beesmooth.ch"; }
     ];
   };
-
+  services.borgbackup.jobs.hetzner.paths = [
+    "/home/xanf"
+    "/home/domsen"
+    "/home/bruno"
+    "/home/jla-trading"
+    "/home/jms"
+    "/home/ms"
+    "/home/bui"
+    "/home/klabusterbeere"
+    "/home/akayguen"
+    "/home/kasia"
+    "/home/dif"
+    "/home/lavafilms"
+    "/home/movematchers"
+    "/home/blackphoton"
+    "/home/avada"
+    "/home/sts"
+    "/home/familienrat"
+  ];
   users.users.UBIK-SFTP = {
     uid = genid_uint31 "UBIK-SFTP";
     home = "/home/UBIK-SFTP";
@@ -362,6 +380,14 @@ in {
     isNormalUser = true;
   };
 
+  users.users.sts = {
+    uid = genid_uint31 "sts";
+    home = "/home/sts";
+    useDefaultShell = true;
+    createHome = true;
+    isNormalUser = true;
+  };
+
   users.users.familienrat = {
     uid = genid_uint31 "familienrat";
     home = "/home/familienrat";