summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-01-02 21:44:21 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-01-03 16:21:34 +0100
commit3b5ab82fa714a0d483a7b90d60f9f7c857646e33 (patch)
tree0aa24694ff2f4079c325e6eda18e3a6259b6b700
parenteb2cb6f263dffb82da86372b14d6fcd7077fe9fe (diff)
downloadnixos-3b5ab82fa714a0d483a7b90d60f9f7c857646e33.tar
nixos-3b5ab82fa714a0d483a7b90d60f9f7c857646e33.tar.gz
nixos-3b5ab82fa714a0d483a7b90d60f9f7c857646e33.tar.bz2
nixos-3b5ab82fa714a0d483a7b90d60f9f7c857646e33.tar.xz
nixos-3b5ab82fa714a0d483a7b90d60f9f7c857646e33.zip
sif: borgbackup
-rw-r--r--hosts/sif/default.nix26
-rw-r--r--modules/borgbackup/default.nix7
-rw-r--r--modules/borgbackup/repokeys/borg_munin__borg.yaml33
3 files changed, 65 insertions, 1 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 4e9826bd..9271515f 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -1,4 +1,4 @@
1{ flake, pkgs, customUtils, lib, config, ... }: 1{ flake, pkgs, customUtils, lib, config, path, ... }:
2{ 2{
3 imports = with flake.nixosModules.systemProfiles; [ 3 imports = with flake.nixosModules.systemProfiles; [
4 ./hw.nix 4 ./hw.nix
@@ -259,6 +259,30 @@
259 SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service" 259 SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="${systemd}/bin/systemctl --no-block start ac-plugged.service"
260 ''; 260 '';
261 261
262 services.borgbackup = {
263 snapshots = "btrfs";
264 prefix = "yggdrasil.midgard.sif.";
265 targets = {
266 "munin" = {
267 repo = "borg.munin:borg";
268 paths = [ "/home/gkleen" ];
269 prune = {
270 "home" =
271 [ "--keep-within" "24H"
272 "--keep-daily" "31"
273 "--keep-monthly" "12"
274 "--keep-yearly" "-1"
275 ];
276 };
277 keyFile = "/run/secrets/borg-repokey--borg_munin__borg";
278 };
279 };
280 };
281 sops.secrets.borg-repokey--borg_munin__borg = {
282 sopsFile = /. + path + "/modules/borgbackup/repokeys/borg_munin__borg.yaml";
283 key = "key";
284 };
285
262 services.btrfs.autoScrub = { 286 services.btrfs.autoScrub = {
263 enable = true; 287 enable = true;
264 fileSystems = [ "/" "/home" ]; 288 fileSystems = [ "/" "/home" ];
diff --git a/modules/borgbackup/default.nix b/modules/borgbackup/default.nix
index 47f8e06d..a0419d0e 100644
--- a/modules/borgbackup/default.nix
+++ b/modules/borgbackup/default.nix
@@ -65,6 +65,11 @@ let
65 type = types.int; 65 type = types.int;
66 default = 600; 66 default = 600;
67 }; 67 };
68
69 keyFile = mkOption {
70 type = types.nullOr types.path;
71 default = null;
72 };
68 }; 73 };
69 }; 74 };
70in { 75in {
@@ -171,6 +176,7 @@ in {
171 IOSchedulingPriority = 7; 176 IOSchedulingPriority = 7;
172 SuccessExitStatus = [1 2]; 177 SuccessExitStatus = [1 2];
173 Slice = "system-borgbackup.slice"; 178 Slice = "system-borgbackup.slice";
179 Environment = lib.mkIf (tCfg.keyFile != null) "BORG_KEY_FILE=${tCfg.keyFile}";
174 }; 180 };
175 })) cfg.targets) // (mapAttrs' (target: tCfg: nameValuePair "borgbackup-prune-${target}" { 181 })) cfg.targets) // (mapAttrs' (target: tCfg: nameValuePair "borgbackup-prune-${target}" {
176 enable = tCfg.prune != {}; 182 enable = tCfg.prune != {};
@@ -193,6 +199,7 @@ in {
193 serviceConfig = { 199 serviceConfig = {
194 Type = "oneshot"; 200 Type = "oneshot";
195 Slice = "system-borgbackup.slice"; 201 Slice = "system-borgbackup.slice";
202 Environment = lib.mkIf (tCfg.keyFile != null) "BORG_KEY_FILE=${tCfg.keyFile}";
196 }; 203 };
197 }) cfg.targets); 204 }) cfg.targets);
198 }; 205 };
diff --git a/modules/borgbackup/repokeys/borg_munin__borg.yaml b/modules/borgbackup/repokeys/borg_munin__borg.yaml
new file mode 100644
index 00000000..f302fe06
--- /dev/null
+++ b/modules/borgbackup/repokeys/borg_munin__borg.yaml
@@ -0,0 +1,33 @@
1key: ENC[AES256_GCM,data:mxh+Jtxx+HyD246yPwo0vy7vSTz3IG8VmfbxPMwqJRreh9ZwkGnH5aCTDOvWOHIrkmzaRMF3oCi1P8D29+abMUZdt0MuJ3UE6iL8+SXlflR+WACgALM2Df+x9B3BwQM3yeoCiWG+ebr0iQPHM3jqqpkjoRv1CcythxG2deZueur9lzgC2CwG1g3O8Prnl9z0JQGOa+gjic8Zwfn38B1BECeNPrbjzICGBOrSbN/6EnfBDygI2QzseamzK2I6R6jT+QxHvkl+Zi1m2TRB+4o82VgTjPhIReJyT7PrlDnUyrKObhCOlb3v+LiSdp16IPIDVs968kyDzgyi7QPOpGr+5tutWCZrau5xhPDrONKByl/0nVVwEZfRIYATvEXtn5okJru/mglcpeD0I7AtLt+Vfv9CB9pQczvkHo0cDtgudQDf9ADt/nkmqHugm5VfMg9m9aGbKqzXt6pPOMsXSbS43K7wgDaduLZ/PW4Ookx9gTNLtJHnZ64GBorOv4QSrZIZF8pE1FsQdUhmp/YzVhaNBnjCr+Jh77sYjoOwzF77Xy+VP2C/yVIf492P+FcgkSj6XhYYqHffpFW9l/xmUvyQF5gjj2k5T21UvgChhI1HeLPzQ7W9+xuGSMtg58aD/VPe1loCy8zLITNl71bneararRS5vItoZyzMdmIRMLAZD1klPmDNe1yufTpubOXzNYbWUqFUZtwH/mDL5GRZBD9dqs2b3F26c1CUyw==,iv:NJBHesKSZ1zuKk8qHnYKqIwMnFkH+rkQD1bam5XpLXU=,tag:EiYbIFY/r/eTSTJIhYV+GA==,type:str]
2sops:
3 kms: []
4 gcp_kms: []
5 azure_kv: []
6 hc_vault: []
7 lastmodified: '2021-01-02T20:38:48Z'
8 mac: ENC[AES256_GCM,data:3rkFTOk3r2dx3hOqu1u7XIIibTDfqNlRcWY9X2N/LFa/BKojgDt5tcpbphV4HqWvl8nS+fPcVrIElJfQ/QGFEOx68G95BhByntT9+JhSbHJt73dGnCSroZCw5QefdydREGvA5n00Vo9yT9IMvQsQbmpRzo6hcrSSUvagZqmZckA=,iv:F/HllDzyxgulIWZbfz9bFKR+SFg4PoaUYZ5N5hfIzw0=,tag:h2NXmvj/thhBg1rIkwdXXA==,type:str]
9 pgp:
10 - created_at: '2021-01-02T20:38:09Z'
11 enc: |
12 -----BEGIN PGP MESSAGE-----
13
14 hF4Dgwm4NZSaLAcSAQdAwmvyXlr9MyfPfLgkfQkoktKBV2WA2xhZrGL7NeeGfhAw
15 REk+clJ9WgiJ0iceRAONPnEjeiK0J6Fsj+5Ulq8flFGkoj5Pta0pm/9fudKmcPdC
16 0l4BF0G5LSpG1EmY+LmVdSdas16rWgthnojoXPvbbHG6jZs3aDETshdiN8Bdlqsf
17 aVhq2LYzscnYezNcdernR4uojtiFny8qcmdF3tFacr+mkgfgIQr0W9yWFhDH15gm
18 =4TwU
19 -----END PGP MESSAGE-----
20 fp: F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
21 - created_at: '2021-01-02T20:38:09Z'
22 enc: |
23 -----BEGIN PGP MESSAGE-----
24
25 hF4DXxoViZlp6dISAQdAruPXj9IsllEN7R5jk4gF7bW0ZirhvX7qsu22/6HbSw8w
26 66RwN3WGjYO1CcVbHKuLqVVaUBCnrR/4XHN0JYUaqjubrSZBTWFKTBFsKSTT0LZq
27 0l4BKcsXrbGpYC5+yQvg0RHJ7LplxpKOmqMY8KGckvGnVf2xg7k6wuWQREFzqwt+
28 lOa3x+xFy9c0JwE8AafyKjb/cgqJiMb96lhsH57BpXJa2E39ImQbXqzDzdx2jEUt
29 =3rxi
30 -----END PGP MESSAGE-----
31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
32 unencrypted_suffix: _unencrypted
33 version: 3.6.1