summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/backup
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-11-10 19:52:37 +0100
committertv <tv@krebsco.de>2018-11-10 19:52:37 +0100
commit5ea1c2fcbb5756ef99d5fade8a7cd9e33b04a0c6 (patch)
treef6edbd9d1ff68773f413065a1f1c5dd71150be1a /makefu/2configs/backup
parent9a801fa642a60a2c46240670b4e3ad66ea77d995 (diff)
parent05b288604e7e653efb6035b9953aa849e6e6bc19 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs/backup')
-rw-r--r--makefu/2configs/backup/server.nix11
-rw-r--r--makefu/2configs/backup/ssh/gum.pub1
-rw-r--r--makefu/2configs/backup/ssh/nextgum.pub1
-rw-r--r--makefu/2configs/backup/ssh/omo.pub1
-rw-r--r--makefu/2configs/backup/ssh/x.pub1
-rw-r--r--makefu/2configs/backup/state.nix25
6 files changed, 40 insertions, 0 deletions
diff --git a/makefu/2configs/backup/server.nix b/makefu/2configs/backup/server.nix
new file mode 100644
index 000000000..f157e715f
--- /dev/null
+++ b/makefu/2configs/backup/server.nix
@@ -0,0 +1,11 @@
+{lib, ... }:
+let
+ hosts = lib.mapAttrsToList (f: _: lib.removeSuffix ".pub" f) (builtins.readDir ./ssh );
+in {
+ # TODO: for all enabled machines
+ services.borgbackup.repos = lib.genAttrs hosts (host: {
+ authorizedKeys = [ (builtins.readFile (./ssh + "/${host}.pub") ) ];
+ path = "/var/lib/borgbackup/${host}";
+ user = "borg-${host}";
+ }) ;
+}
diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub
new file mode 100644
index 000000000..ed203d544
--- /dev/null
+++ b/makefu/2configs/backup/ssh/gum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
diff --git a/makefu/2configs/backup/ssh/nextgum.pub b/makefu/2configs/backup/ssh/nextgum.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/nextgum.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/backup/ssh/omo.pub b/makefu/2configs/backup/ssh/omo.pub
new file mode 100644
index 000000000..053b4da87
--- /dev/null
+++ b/makefu/2configs/backup/ssh/omo.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtA3XzpjByYQ9uSHQr0dkNUyi6nROjwv1S2IQtUu4pi makefu@x
diff --git a/makefu/2configs/backup/ssh/x.pub b/makefu/2configs/backup/ssh/x.pub
new file mode 100644
index 000000000..fe894df33
--- /dev/null
+++ b/makefu/2configs/backup/ssh/x.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRfhUv9twYbO7tUe2r2LOXEMNxW14GO3Q0RTkUWeMxw makefu@x
diff --git a/makefu/2configs/backup/state.nix b/makefu/2configs/backup/state.nix
new file mode 100644
index 000000000..1143708bf
--- /dev/null
+++ b/makefu/2configs/backup/state.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+# back up all state
+let
+ sec = toString <secrets>;
+ sshkey = sec + "/borg.priv";
+ phrase = sec + "/borg.pw";
+in
+{
+ services.borgbackup.jobs.state = {
+ repo = "borg-${config.krebs.build.host.name}@backup.makefu.r:.";
+ paths = config.state;
+ encryption = {
+ mode = "repokey";
+ passCommand = "cat ${phrase}";
+ };
+ environment.BORG_RSH = "ssh -i ${sshkey}";
+ prune.keep =
+ { daily = 7;
+ weekly = 4;
+ monthly = -1; # Keep at least one archive for each month
+ };
+ compression = "auto,lzma";
+ startAt = "daily";
+ };
+}