diff --git a/devices/servivi/default.nix b/devices/servivi/default.nix index 9a0599a5..5aed4089 100644 --- a/devices/servivi/default.nix +++ b/devices/servivi/default.nix @@ -6,7 +6,7 @@ ../../modules/tailscale.nix ./modules/binary-cache.nix - ./modules/borgmatic.nix + ./modules/borgbackup.nix ./modules/minecraft.nix ]; diff --git a/devices/servivi/modules/borgbackup.nix b/devices/servivi/modules/borgbackup.nix new file mode 100644 index 00000000..881e8f71 --- /dev/null +++ b/devices/servivi/modules/borgbackup.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + pkgs, + ... +}: { + # Make this file declare default settings + options.services.borgbackup = with lib; { + defaults = mkOption { + type = types.attrs; + }; + }; + + config = { + users.groups.borg = {}; + users.users.borg = { + isSystemUser = true; + createHome = true; + home = "/var/lib/borg"; + group = "borg"; + extraGroups = ["mc"]; + }; + + programs.ssh.knownHosts = { + pve.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/4mrp8E4Ittwg8feRmPtDHSDR2+Pq4uZHeF5MweVcW"; + }; + + services.borgbackup = { + defaults = { + user = "borg"; + environment = { + # TODO: use secrets + BORG_RSH = "ssh -i ${config.users.users.borg.home}/.ssh/id_ed25519"; + }; + + repo = "ssh://matt@pve/data/backups/borg"; + encryption = { + mode = "repokey"; + passCommand = let + cat = "${pkgs.coreutils}/bin/cat"; + key = config.sops.secrets.borg-repo.path; + in "${cat} ${key}"; + }; + + # Run every 3 hours + startAt = "00/3:00"; + compression = "auto,lzma"; + }; + }; + }; +} diff --git a/devices/servivi/modules/borgmatic.nix b/devices/servivi/modules/borgmatic.nix deleted file mode 100644 index e941c769..00000000 --- a/devices/servivi/modules/borgmatic.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - # Make this file declare default settings - options.services.borgmatic = with lib; { - defaults = mkOption { - type = types.attrs; - }; - }; - - # Make sure known_hosts has the needed info - config = { - services.borgmatic = { - enable = true; - - defaults = { - keep_daily = 7; - - # FIXME: doesn't work, have to put it in /root/.ssh - ssh_command = "ssh -i /root/.ssh/borg"; - encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.borg-repo.path}"; - - source_directories_must_exist = true; - borgmatic_source_directory = "/tmp/borgmatic"; - store_config_files = false; - }; - }; - }; -} diff --git a/devices/servivi/modules/minecraft.nix b/devices/servivi/modules/minecraft.nix index a4fdba7e..f5b9e0d4 100644 --- a/devices/servivi/modules/minecraft.nix +++ b/devices/servivi/modules/minecraft.nix @@ -10,7 +10,6 @@ modded-minecraft-servers = { eula = true; user = config.vars.user; - group = "users"; instances = let jre8 = pkgs.temurin-bin-8; @@ -89,19 +88,12 @@ }; }; - borgmatic.configurations.mc = - config.services.borgmatic.defaults + borgbackup.jobs.mc = + config.services.borgbackup.defaults // { - source_directories = [ + paths = [ "/var/lib/minecraft" ]; - - repositories = [ - { - label = "PVE"; - path = "ssh://matt@pve/data/backups/borg"; - } - ]; }; }; } diff --git a/flake.lock b/flake.lock index 5a244bfc..11af4ca6 100644 --- a/flake.lock +++ b/flake.lock @@ -719,11 +719,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1703628847, - "narHash": "sha256-CiMGqa1twXq50Ub2gGqwZ6jZuWWbISgvj61pUC5uAXc=", + "lastModified": 1703654106, + "narHash": "sha256-2VoiAD/zzZ6/KiN18qm2pEclBP611+YRRzmiikTRdpc=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "34e93cad9a011f28c094ba4d94adc7f59cec08ad", + "rev": "454c1fc492b82c28ab3ec8ef6edae0ec6eef41ad", "type": "github" }, "original": { @@ -766,11 +766,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1703255338, - "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", + "lastModified": 1703438236, + "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", + "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", "type": "github" }, "original": { @@ -867,11 +867,11 @@ ] }, "locked": { - "lastModified": 1703619116, - "narHash": "sha256-FAs/EoccWduokTKuqYeRzW2o3Eb6T3SpgWDoqHGeFwU=", + "lastModified": 1703659416, + "narHash": "sha256-+S75gs0rUWlWpiozAh3sCPar+gfZ96efG7Ifpo5rleA=", "owner": "matt1432", "repo": "nixos-minecraft-servers", - "rev": "cffa361baa1990558f96b18e454502b8ed74a8f1", + "rev": "cee4e78311e225aae0af6a49f410d5da23d40b66", "type": "github" }, "original": { @@ -898,11 +898,11 @@ }, "nur": { "locked": { - "lastModified": 1703646418, - "narHash": "sha256-+O5UYPoboInEqQM0KeNVTz8Dff2dTxDwZOSRTgdOejM=", + "lastModified": 1703659518, + "narHash": "sha256-MhYyeYf6vLB8Itrbfd6v8osQqxfo7RcHgNQUd2/KaqM=", "owner": "nix-community", "repo": "NUR", - "rev": "4b648583aa2718a55740bd6f7e2916c9771762c8", + "rev": "6561f85abf01b5f47ce49407d34ea7b3332d11a7", "type": "github" }, "original": { @@ -961,11 +961,11 @@ "sops-nix": "sops-nix" }, "locked": { - "lastModified": 1703648158, - "narHash": "sha256-z2My4To69oyY4xYofSJCAKK6BOMcbA9qRZJoUBpi6+U=", + "lastModified": 1703659676, + "narHash": "sha256-GV7aDQygrPSXwR6auRHpanMzvXvKBbw1F2o78BA/ZeM=", "ref": "refs/heads/main", - "rev": "22a1a1c6a18639e11e4e47a667870dffa527623e", - "revCount": 17, + "rev": "792df10f43731b75e4d11ce76e0cde911381869e", + "revCount": 18, "type": "git", "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" },