feat(servers): switch to borgbackup jobs for granular control

2023-12-27 01:59:28 -05:00 · 2023-12-27 01:59:28 -05:00 · ea1a29494c
commit ea1a29494c
parent e3300dcac3
5 changed files with 55 additions and 44 deletions
--- a/devices/servivi/default.nix
+++ b/devices/servivi/default.nix
@ -6,7 +6,7 @@
    ../../modules/tailscale.nix
    ./modules/binary-cache.nix
-    ./modules/borgmatic.nix
+    ./modules/borgbackup.nix
    ./modules/minecraft.nix
  ];
--- a/devices/servivi/modules/borgbackup.nix
+++ b/devices/servivi/modules/borgbackup.nix
@ -0,0 +1,51 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  # Make this file declare default settings
  options.services.borgbackup = with lib; {
    defaults = mkOption {
      type = types.attrs;
    };
  };
  config = {
    users.groups.borg = {};
    users.users.borg = {
      isSystemUser = true;
      createHome = true;
      home = "/var/lib/borg";
      group = "borg";
      extraGroups = ["mc"];
    };
    programs.ssh.knownHosts = {
      pve.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/4mrp8E4Ittwg8feRmPtDHSDR2+Pq4uZHeF5MweVcW";
    };
    services.borgbackup = {
      defaults = {
        user = "borg";
        environment = {
          # TODO: use secrets
          BORG_RSH = "ssh -i ${config.users.users.borg.home}/.ssh/id_ed25519";
        };
        repo = "ssh://matt@pve/data/backups/borg";
        encryption = {
          mode = "repokey";
          passCommand = let
            cat = "${pkgs.coreutils}/bin/cat";
            key = config.sops.secrets.borg-repo.path;
          in "${cat} ${key}";
        };
        # Run every 3 hours
        startAt = "00/3:00";
        compression = "auto,lzma";
      };
    };
  };
 }
--- a/devices/servivi/modules/borgmatic.nix
+++ b/devices/servivi/modules/borgmatic.nix
@ -1,32 +0,0 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  # Make this file declare default settings
  options.services.borgmatic = with lib; {
    defaults = mkOption {
      type = types.attrs;
    };
  };
  # Make sure known_hosts has the needed info
  config = {
    services.borgmatic = {
      enable = true;
      defaults = {
        keep_daily = 7;
        # FIXME: doesn't work, have to put it in /root/.ssh
        ssh_command = "ssh -i /root/.ssh/borg";
        encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.borg-repo.path}";
        source_directories_must_exist = true;
        borgmatic_source_directory = "/tmp/borgmatic";
        store_config_files = false;
      };
    };
  };
 }
--- a/devices/servivi/modules/minecraft.nix
+++ b/devices/servivi/modules/minecraft.nix
@ -10,7 +10,6 @@
    modded-minecraft-servers = {
      eula = true;
      user = config.vars.user;
      group = "users";
      instances = let
        jre8 = pkgs.temurin-bin-8;
@ -89,19 +88,12 @@
      };
    };
-    borgmatic.configurations.mc =
+    borgbackup.jobs.mc =
-      config.services.borgmatic.defaults
+      config.services.borgbackup.defaults
      // {
-        source_directories = [
+        paths = [
          "/var/lib/minecraft"
        ];
        repositories = [
          {
            label = "PVE";
            path = "ssh://matt@pve/data/backups/borg";
          }
        ];
      };
  };
 }
--- a/flake.lock
+++ b/flake.lock