l prism.r: add backups

This commit is contained in:
lassulus 2023-08-31 17:47:17 +02:00
parent 6592341dc3
commit 9bc7ad4afe
4 changed files with 66 additions and 56 deletions

View file

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
{
services.postgresqlBackup.enable = true;
systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
services.borgbackup.jobs.hetzner = {
paths = [
"/var/backup"
];
exclude = [
"*.pyc"
];
repo = "u364341@u364341.your-storagebox.de:/./hetzner";
encryption.mode = "none";
compression = "auto,zstd";
startAt = "daily";
# TODO: change backup key
environment.BORG_RSH = "ssh -oPort=23 -i ${toString <secrets> + "/borgbackup.ssh.id25519"}";
preHook = ''
set -x
'';
postHook = ''
cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
EOF
'';
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = 0;
};
};
}

View file

@ -3,6 +3,7 @@ with import <stockholm/lib>;
{
imports = [
./backup.nix
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/libvirt.nix>

View file

@ -34,6 +34,7 @@ in
CMD_CSP_ALLOW_FRAMING = "true";
};
services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ];
systemd.services.hedgedoc-backup = {
startAt = "daily";
serviceConfig = {
@ -42,61 +43,6 @@ in
};
};
services.postgresqlBackup.enable = true;
systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
services.borgbackup.jobs.hetzner = {
paths = [
"/home"
"/etc"
"/var"
"/root"
];
exclude = [
"*.pyc"
"/home/*/.direnv"
"/home/*/.cache"
"/home/*/.cargo"
"/home/*/.npm"
"/home/*/.m2"
"/home/*/.gradle"
"/home/*/.opam"
"/home/*/.clangd"
"/var/lib/containerd"
# already included in database backup
"/var/lib/postgresql"
# not so important
"/var/lib/docker/"
"/var/log/journal"
"/var/cache"
"/var/tmp"
"/var/log"
];
repo = "u348918@u348918.your-storagebox.de:/./hetzner";
encryption.mode = "none";
compression = "auto,zstd";
startAt = "daily";
# TODO: change backup key
environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
preHook = ''
set -x
'';
postHook = ''
cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF
task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
EOF
'';
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = 0;
};
};
services.hedgedoc = {
enable = true;
configuration.allowOrigin = [ domain ];

View file

@ -200,7 +200,25 @@ in {
{ domain = "beesmooth.ch"; }
];
};
services.borgbackup.jobs.hetzner.paths = [
"/home/xanf"
"/home/domsen"
"/home/bruno"
"/home/jla-trading"
"/home/jms"
"/home/ms"
"/home/bui"
"/home/klabusterbeere"
"/home/akayguen"
"/home/kasia"
"/home/dif"
"/home/lavafilms"
"/home/movematchers"
"/home/blackphoton"
"/home/avada"
"/home/sts"
"/home/familienrat"
];
users.users.UBIK-SFTP = {
uid = genid_uint31 "UBIK-SFTP";
home = "/home/UBIK-SFTP";
@ -362,6 +380,14 @@ in {
isNormalUser = true;
};
users.users.sts = {
uid = genid_uint31 "sts";
home = "/home/sts";
useDefaultShell = true;
createHome = true;
isNormalUser = true;
};
users.users.familienrat = {
uid = genid_uint31 "familienrat";
home = "/home/familienrat";