diff options
-rw-r--r-- | lass/1systems/prism/backup.nix | 37 | ||||
-rw-r--r-- | lass/1systems/prism/config.nix | 1 | ||||
-rw-r--r-- | lass/2configs/codimd.nix | 56 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 28 |
4 files changed, 66 insertions, 56 deletions
diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix new file mode 100644 index 000000000..52b4142b9 --- /dev/null +++ b/lass/1systems/prism/backup.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresqlBackup.enable = true; + + systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; + + services.borgbackup.jobs.hetzner = { + paths = [ + "/var/backup" + ]; + exclude = [ + "*.pyc" + ]; + repo = "u364341@u364341.your-storagebox.de:/./hetzner"; + encryption.mode = "none"; + compression = "auto,zstd"; + startAt = "daily"; + # TODO: change backup key + environment.BORG_RSH = "ssh -oPort=23 -i ${toString <secrets> + "/borgbackup.ssh.id25519"}"; + preHook = '' + set -x + ''; + + postHook = '' + cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF + task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)" + EOF + ''; + + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 4; + monthly = 0; + }; + }; +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1faa23ec3..0e58b62b8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -3,6 +3,7 @@ with import <stockholm/lib>; { imports = [ + ./backup.nix <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/libvirt.nix> diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 0927788a7..f8880dbdc 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -34,6 +34,7 @@ in CMD_CSP_ALLOW_FRAMING = "true"; }; + services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ]; systemd.services.hedgedoc-backup = { startAt = "daily"; serviceConfig = { @@ -42,61 +43,6 @@ in }; }; - services.postgresqlBackup.enable = true; - - systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; - - services.borgbackup.jobs.hetzner = { - paths = [ - "/home" - "/etc" - "/var" - "/root" - ]; - exclude = [ - "*.pyc" - "/home/*/.direnv" - "/home/*/.cache" - "/home/*/.cargo" - "/home/*/.npm" - "/home/*/.m2" - "/home/*/.gradle" - "/home/*/.opam" - "/home/*/.clangd" - "/var/lib/containerd" - # already included in database backup - "/var/lib/postgresql" - # not so important - "/var/lib/docker/" - "/var/log/journal" - "/var/cache" - "/var/tmp" - "/var/log" - ]; - repo = "u348918@u348918.your-storagebox.de:/./hetzner"; - encryption.mode = "none"; - compression = "auto,zstd"; - startAt = "daily"; - # TODO: change backup key - environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}"; - preHook = '' - set -x - ''; - - postHook = '' - cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF - task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)" - EOF - ''; - - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 4; - monthly = 0; - }; - }; - services.hedgedoc = { enable = true; configuration.allowOrigin = [ domain ]; diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 9d28bedc6..71f7f8111 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -200,7 +200,25 @@ in { { domain = "beesmooth.ch"; } ]; }; - + services.borgbackup.jobs.hetzner.paths = [ + "/home/xanf" + "/home/domsen" + "/home/bruno" + "/home/jla-trading" + "/home/jms" + "/home/ms" + "/home/bui" + "/home/klabusterbeere" + "/home/akayguen" + "/home/kasia" + "/home/dif" + "/home/lavafilms" + "/home/movematchers" + "/home/blackphoton" + "/home/avada" + "/home/sts" + "/home/familienrat" + ]; users.users.UBIK-SFTP = { uid = genid_uint31 "UBIK-SFTP"; home = "/home/UBIK-SFTP"; @@ -362,6 +380,14 @@ in { isNormalUser = true; }; + users.users.sts = { + uid = genid_uint31 "sts"; + home = "/home/sts"; + useDefaultShell = true; + createHome = true; + isNormalUser = true; + }; + users.users.familienrat = { uid = genid_uint31 "familienrat"; home = "/home/familienrat"; |