feat(servers): switch to borgbackup jobs for granular control
All checks were successful
Discord / discord commits (push) Successful in 1m14s
All checks were successful
Discord / discord commits (push) Successful in 1m14s
This commit is contained in:
parent
e3300dcac3
commit
ea1a29494c
5 changed files with 55 additions and 44 deletions
|
@ -6,7 +6,7 @@
|
|||
../../modules/tailscale.nix
|
||||
|
||||
./modules/binary-cache.nix
|
||||
./modules/borgmatic.nix
|
||||
./modules/borgbackup.nix
|
||||
./modules/minecraft.nix
|
||||
];
|
||||
|
||||
|
|
51
devices/servivi/modules/borgbackup.nix
Normal file
51
devices/servivi/modules/borgbackup.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Make this file declare default settings
|
||||
options.services.borgbackup = with lib; {
|
||||
defaults = mkOption {
|
||||
type = types.attrs;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
users.groups.borg = {};
|
||||
users.users.borg = {
|
||||
isSystemUser = true;
|
||||
createHome = true;
|
||||
home = "/var/lib/borg";
|
||||
group = "borg";
|
||||
extraGroups = ["mc"];
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
pve.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/4mrp8E4Ittwg8feRmPtDHSDR2+Pq4uZHeF5MweVcW";
|
||||
};
|
||||
|
||||
services.borgbackup = {
|
||||
defaults = {
|
||||
user = "borg";
|
||||
environment = {
|
||||
# TODO: use secrets
|
||||
BORG_RSH = "ssh -i ${config.users.users.borg.home}/.ssh/id_ed25519";
|
||||
};
|
||||
|
||||
repo = "ssh://matt@pve/data/backups/borg";
|
||||
encryption = {
|
||||
mode = "repokey";
|
||||
passCommand = let
|
||||
cat = "${pkgs.coreutils}/bin/cat";
|
||||
key = config.sops.secrets.borg-repo.path;
|
||||
in "${cat} ${key}";
|
||||
};
|
||||
|
||||
# Run every 3 hours
|
||||
startAt = "00/3:00";
|
||||
compression = "auto,lzma";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# Make this file declare default settings
|
||||
options.services.borgmatic = with lib; {
|
||||
defaults = mkOption {
|
||||
type = types.attrs;
|
||||
};
|
||||
};
|
||||
|
||||
# Make sure known_hosts has the needed info
|
||||
config = {
|
||||
services.borgmatic = {
|
||||
enable = true;
|
||||
|
||||
defaults = {
|
||||
keep_daily = 7;
|
||||
|
||||
# FIXME: doesn't work, have to put it in /root/.ssh
|
||||
ssh_command = "ssh -i /root/.ssh/borg";
|
||||
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.borg-repo.path}";
|
||||
|
||||
source_directories_must_exist = true;
|
||||
borgmatic_source_directory = "/tmp/borgmatic";
|
||||
store_config_files = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -10,7 +10,6 @@
|
|||
modded-minecraft-servers = {
|
||||
eula = true;
|
||||
user = config.vars.user;
|
||||
group = "users";
|
||||
|
||||
instances = let
|
||||
jre8 = pkgs.temurin-bin-8;
|
||||
|
@ -89,19 +88,12 @@
|
|||
};
|
||||
};
|
||||
|
||||
borgmatic.configurations.mc =
|
||||
config.services.borgmatic.defaults
|
||||
borgbackup.jobs.mc =
|
||||
config.services.borgbackup.defaults
|
||||
// {
|
||||
source_directories = [
|
||||
paths = [
|
||||
"/var/lib/minecraft"
|
||||
];
|
||||
|
||||
repositories = [
|
||||
{
|
||||
label = "PVE";
|
||||
path = "ssh://matt@pve/data/backups/borg";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
Loading…
Reference in a new issue