surtr: borg backup to vidhar

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-02 18:20:24 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-02 18:20:24 +0100
commit: f563ddece04adfd8d80d4e984405f5c70a6c94f3 (patch)
tree: fe82abab81c8d33ff19aa657c1617a0befc21637 /hosts/surtr/borg.nix
parent: 6bafcb244bd6cd031ac9b65fce8a2a939698ecaa (diff)
download: nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.gz
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.bz2
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.xz
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/hosts/surtr/borg.nix b/hosts/surtr/borg.nix
new file mode 100644
index 00000000..b9fe53d7
--- /dev/null
+++ b/hosts/surtr/borg.nix
@@ -0,0 +1,50 @@
+{ lib, config, ... }:
+with lib;
+{
+  config = {
+    services.borgsnap = {
+      enable = true;
+      target = "borg.vidhar:.";
+      extraConfig = mkForce {
+        daily = "31";
+        monthly = "-1";
+      };
+      sshConfig = ''
+        Include /etc/ssh/ssh_config
+        ControlMaster auto
+        ControlPath /var/lib/borg/.borgssh-master-%r@%n:%p
+        ControlPersist yes
+        Host borg.vidhar
+          HostName vidhar.yggdrasil.li
+          User borg
+          IdentityFile ${config.sops.secrets."append.borg.vidhar".path}
+          IdentitiesOnly yes
+          BatchMode yes
+          ServerAliveInterval 10
+          ServerAliveCountMax 30
+      '';
+    };
+    sops.secrets."append.borg.vidhar" = {
+      format = "binary";
+      sopsFile = ../vidhar/borg/jotnar/surtr;
+      owner = "borg";
+      group = "borg";
+      mode = "0400";
+    };
+    users.users.borg = {
+      useDefaultShell = true;
+      isSystemUser = true;
+      group = "borg";
+    };
+    users.groups.borg = {};
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-02 18:20:24 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-02 18:20:24 +0100
commit	f563ddece04adfd8d80d4e984405f5c70a6c94f3 (patch)
tree	fe82abab81c8d33ff19aa657c1617a0befc21637 /hosts/surtr/borg.nix
parent	6bafcb244bd6cd031ac9b65fce8a2a939698ecaa (diff)
download	nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.gz nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.bz2 nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.xz nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.zip

diff --git a/hosts/surtr/borg.nix b/hosts/surtr/borg.nix new file mode 100644 index 00000000..b9fe53d7 --- /dev/null +++ b/hosts/surtr/borg.nix
@@ -0,0 +1,50 @@
	1	{ lib, config, ... }:
	2
	3	with lib;
	4
	5	{
	6	config = {
	7	services.borgsnap = {
	8	enable = true;
	9	target = "borg.vidhar:.";
	10
	11	extraConfig = mkForce {
	12	daily = "31";
	13	monthly = "-1";
	14	};
	15
	16	sshConfig = ''
	17	Include /etc/ssh/ssh_config
	18
	19	ControlMaster auto
	20	ControlPath /var/lib/borg/.borgssh-master-%r@%n:%p
	21	ControlPersist yes
	22
	23	Host borg.vidhar
	24	HostName vidhar.yggdrasil.li
	25	User borg
	26	IdentityFile ${config.sops.secrets."append.borg.vidhar".path}
	27	IdentitiesOnly yes
	28
	29	BatchMode yes
	30	ServerAliveInterval 10
	31	ServerAliveCountMax 30
	32	'';
	33	};
	34
	35	sops.secrets."append.borg.vidhar" = {
	36	format = "binary";
	37	sopsFile = ../vidhar/borg/jotnar/surtr;
	38	owner = "borg";
	39	group = "borg";
	40	mode = "0400";
	41	};
	42
	43	users.users.borg = {
	44	useDefaultShell = true;
	45	isSystemUser = true;
	46	group = "borg";
	47	};
	48	users.groups.borg = {};
	49	};
	50	}