From 9bc7ad4afe727660f05c037386d0a00f5625801a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 31 Aug 2023 17:47:17 +0200 Subject: l prism.r: add backups --- lass/1systems/prism/backup.nix | 37 ++++++++++++++++++++++++++ lass/1systems/prism/config.nix | 1 + lass/2configs/codimd.nix | 56 +-------------------------------------- lass/2configs/websites/domsen.nix | 28 +++++++++++++++++++- 4 files changed, 66 insertions(+), 56 deletions(-) create mode 100644 lass/1systems/prism/backup.nix diff --git a/lass/1systems/prism/backup.nix b/lass/1systems/prism/backup.nix new file mode 100644 index 000000000..52b4142b9 --- /dev/null +++ b/lass/1systems/prism/backup.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: +{ + services.postgresqlBackup.enable = true; + + systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; + + services.borgbackup.jobs.hetzner = { + paths = [ + "/var/backup" + ]; + exclude = [ + "*.pyc" + ]; + repo = "u364341@u364341.your-storagebox.de:/./hetzner"; + encryption.mode = "none"; + compression = "auto,zstd"; + startAt = "daily"; + # TODO: change backup key + environment.BORG_RSH = "ssh -oPort=23 -i ${toString + "/borgbackup.ssh.id25519"}"; + preHook = '' + set -x + ''; + + postHook = '' + cat > /var/log/telegraf/borgbackup-job-hetzner.service <; { imports = [ + ./backup.nix diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 0927788a7..f8880dbdc 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -34,6 +34,7 @@ in CMD_CSP_ALLOW_FRAMING = "true"; }; + services.borgbackup.jobs.hetzner.paths = [ "/var/backup" ]; systemd.services.hedgedoc-backup = { startAt = "daily"; serviceConfig = { @@ -42,61 +43,6 @@ in }; }; - services.postgresqlBackup.enable = true; - - systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; - - services.borgbackup.jobs.hetzner = { - paths = [ - "/home" - "/etc" - "/var" - "/root" - ]; - exclude = [ - "*.pyc" - "/home/*/.direnv" - "/home/*/.cache" - "/home/*/.cargo" - "/home/*/.npm" - "/home/*/.m2" - "/home/*/.gradle" - "/home/*/.opam" - "/home/*/.clangd" - "/var/lib/containerd" - # already included in database backup - "/var/lib/postgresql" - # not so important - "/var/lib/docker/" - "/var/log/journal" - "/var/cache" - "/var/tmp" - "/var/log" - ]; - repo = "u348918@u348918.your-storagebox.de:/./hetzner"; - encryption.mode = "none"; - compression = "auto,zstd"; - startAt = "daily"; - # TODO: change backup key - environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}"; - preHook = '' - set -x - ''; - - postHook = '' - cat > /var/log/telegraf/borgbackup-job-hetzner.service <