feat(servers): switch to borgbackup jobs for granular control
All checks were successful
Discord / discord commits (push) Successful in 1m14s
All checks were successful
Discord / discord commits (push) Successful in 1m14s
This commit is contained in:
parent
e3300dcac3
commit
ea1a29494c
5 changed files with 71 additions and 60 deletions
|
@ -6,7 +6,7 @@
|
||||||
../../modules/tailscale.nix
|
../../modules/tailscale.nix
|
||||||
|
|
||||||
./modules/binary-cache.nix
|
./modules/binary-cache.nix
|
||||||
./modules/borgmatic.nix
|
./modules/borgbackup.nix
|
||||||
./modules/minecraft.nix
|
./modules/minecraft.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
51
devices/servivi/modules/borgbackup.nix
Normal file
51
devices/servivi/modules/borgbackup.nix
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# Make this file declare default settings
|
||||||
|
options.services.borgbackup = with lib; {
|
||||||
|
defaults = mkOption {
|
||||||
|
type = types.attrs;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
users.groups.borg = {};
|
||||||
|
users.users.borg = {
|
||||||
|
isSystemUser = true;
|
||||||
|
createHome = true;
|
||||||
|
home = "/var/lib/borg";
|
||||||
|
group = "borg";
|
||||||
|
extraGroups = ["mc"];
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.ssh.knownHosts = {
|
||||||
|
pve.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/4mrp8E4Ittwg8feRmPtDHSDR2+Pq4uZHeF5MweVcW";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.borgbackup = {
|
||||||
|
defaults = {
|
||||||
|
user = "borg";
|
||||||
|
environment = {
|
||||||
|
# TODO: use secrets
|
||||||
|
BORG_RSH = "ssh -i ${config.users.users.borg.home}/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
|
||||||
|
repo = "ssh://matt@pve/data/backups/borg";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey";
|
||||||
|
passCommand = let
|
||||||
|
cat = "${pkgs.coreutils}/bin/cat";
|
||||||
|
key = config.sops.secrets.borg-repo.path;
|
||||||
|
in "${cat} ${key}";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Run every 3 hours
|
||||||
|
startAt = "00/3:00";
|
||||||
|
compression = "auto,lzma";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,32 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
# Make this file declare default settings
|
|
||||||
options.services.borgmatic = with lib; {
|
|
||||||
defaults = mkOption {
|
|
||||||
type = types.attrs;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Make sure known_hosts has the needed info
|
|
||||||
config = {
|
|
||||||
services.borgmatic = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
defaults = {
|
|
||||||
keep_daily = 7;
|
|
||||||
|
|
||||||
# FIXME: doesn't work, have to put it in /root/.ssh
|
|
||||||
ssh_command = "ssh -i /root/.ssh/borg";
|
|
||||||
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.borg-repo.path}";
|
|
||||||
|
|
||||||
source_directories_must_exist = true;
|
|
||||||
borgmatic_source_directory = "/tmp/borgmatic";
|
|
||||||
store_config_files = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -10,7 +10,6 @@
|
||||||
modded-minecraft-servers = {
|
modded-minecraft-servers = {
|
||||||
eula = true;
|
eula = true;
|
||||||
user = config.vars.user;
|
user = config.vars.user;
|
||||||
group = "users";
|
|
||||||
|
|
||||||
instances = let
|
instances = let
|
||||||
jre8 = pkgs.temurin-bin-8;
|
jre8 = pkgs.temurin-bin-8;
|
||||||
|
@ -89,19 +88,12 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
borgmatic.configurations.mc =
|
borgbackup.jobs.mc =
|
||||||
config.services.borgmatic.defaults
|
config.services.borgbackup.defaults
|
||||||
// {
|
// {
|
||||||
source_directories = [
|
paths = [
|
||||||
"/var/lib/minecraft"
|
"/var/lib/minecraft"
|
||||||
];
|
];
|
||||||
|
|
||||||
repositories = [
|
|
||||||
{
|
|
||||||
label = "PVE";
|
|
||||||
path = "ssh://matt@pve/data/backups/borg";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
32
flake.lock
32
flake.lock
|
@ -719,11 +719,11 @@
|
||||||
"nixpkgs": "nixpkgs_6"
|
"nixpkgs": "nixpkgs_6"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703628847,
|
"lastModified": 1703654106,
|
||||||
"narHash": "sha256-CiMGqa1twXq50Ub2gGqwZ6jZuWWbISgvj61pUC5uAXc=",
|
"narHash": "sha256-2VoiAD/zzZ6/KiN18qm2pEclBP611+YRRzmiikTRdpc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs-wayland",
|
"repo": "nixpkgs-wayland",
|
||||||
"rev": "34e93cad9a011f28c094ba4d94adc7f59cec08ad",
|
"rev": "454c1fc492b82c28ab3ec8ef6edae0ec6eef41ad",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -766,11 +766,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703255338,
|
"lastModified": 1703438236,
|
||||||
"narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
|
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
|
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -867,11 +867,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703619116,
|
"lastModified": 1703659416,
|
||||||
"narHash": "sha256-FAs/EoccWduokTKuqYeRzW2o3Eb6T3SpgWDoqHGeFwU=",
|
"narHash": "sha256-+S75gs0rUWlWpiozAh3sCPar+gfZ96efG7Ifpo5rleA=",
|
||||||
"owner": "matt1432",
|
"owner": "matt1432",
|
||||||
"repo": "nixos-minecraft-servers",
|
"repo": "nixos-minecraft-servers",
|
||||||
"rev": "cffa361baa1990558f96b18e454502b8ed74a8f1",
|
"rev": "cee4e78311e225aae0af6a49f410d5da23d40b66",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -898,11 +898,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703646418,
|
"lastModified": 1703659518,
|
||||||
"narHash": "sha256-+O5UYPoboInEqQM0KeNVTz8Dff2dTxDwZOSRTgdOejM=",
|
"narHash": "sha256-MhYyeYf6vLB8Itrbfd6v8osQqxfo7RcHgNQUd2/KaqM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "4b648583aa2718a55740bd6f7e2916c9771762c8",
|
"rev": "6561f85abf01b5f47ce49407d34ea7b3332d11a7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -961,11 +961,11 @@
|
||||||
"sops-nix": "sops-nix"
|
"sops-nix": "sops-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703648158,
|
"lastModified": 1703659676,
|
||||||
"narHash": "sha256-z2My4To69oyY4xYofSJCAKK6BOMcbA9qRZJoUBpi6+U=",
|
"narHash": "sha256-GV7aDQygrPSXwR6auRHpanMzvXvKBbw1F2o78BA/ZeM=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "22a1a1c6a18639e11e4e47a667870dffa527623e",
|
"rev": "792df10f43731b75e4d11ce76e0cde911381869e",
|
||||||
"revCount": 17,
|
"revCount": 18,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
|
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue