surtr: borg backup to vidhar

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-02 18:20:24 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-02 18:20:24 +0100
commit: f563ddece04adfd8d80d4e984405f5c70a6c94f3 (patch)
tree: fe82abab81c8d33ff19aa657c1617a0befc21637 /hosts
parent: 6bafcb244bd6cd031ac9b65fce8a2a939698ecaa (diff)
download: nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.gz
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.bz2
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.xz
nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.zip
3 files changed, 51 insertions, 5 deletions
diff --git a/hosts/surtr/borg.nix b/hosts/surtr/borg.nix
new file mode 100644
index 00000000..b9fe53d7
--- /dev/null
+++ b/hosts/surtr/borg.nix
@@ -0,0 +1,50 @@
+{ lib, config, ... }:
+with lib;
+{
+  config = {
+    services.borgsnap = {
+      enable = true;
+      target = "borg.vidhar:.";
+      extraConfig = mkForce {
+        daily = "31";
+        monthly = "-1";
+      };
+      sshConfig = ''
+        Include /etc/ssh/ssh_config
+        ControlMaster auto
+        ControlPath /var/lib/borg/.borgssh-master-%r@%n:%p
+        ControlPersist yes
+        Host borg.vidhar
+          HostName vidhar.yggdrasil.li
+          User borg
+          IdentityFile ${config.sops.secrets."append.borg.vidhar".path}
+          IdentitiesOnly yes
+          BatchMode yes
+          ServerAliveInterval 10
+          ServerAliveCountMax 30
+      '';
+    };
+    sops.secrets."append.borg.vidhar" = {
+      format = "binary";
+      sopsFile = ../vidhar/borg/jotnar/surtr;
+      owner = "borg";
+      group = "borg";
+      mode = "0400";
+    };
+    users.users.borg = {
+      useDefaultShell = true;
+      isSystemUser = true;
+      group = "borg";
+    };
+    users.groups.borg = {};
+  };
+}
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index f616d749..cebb2b6c 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -2,7 +2,7 @@
 {
  imports = with flake.nixosModules.systemProfiles; [
    tmpfs-root qemu-guest openssh rebuild-machines zfs
-    ./zfs.nix ./dns ./tls ./http ./bifrost ./matrix ./postgresql.nix ./prometheus ./email ./vpn
+    ./zfs.nix ./dns ./tls ./http ./bifrost ./matrix ./postgresql.nix ./prometheus ./email ./vpn ./borg.nix
  ];
  config = {
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 46c2f338..f5a411ac 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -228,10 +228,6 @@ with lib;
      "turn.synapse.li" = {
        zone = "synapse.li";
        certCfg = {
-          server = "https://acme.zerossl.com/v2/DV90";
-          extraLegoFlags = [
-            "--cert.timeout" "300"
-          ];
          postRun = ''
            ${pkgs.systemd}/bin/systemctl try-restart coturn.service
          '';
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-02 18:20:24 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-02 18:20:24 +0100
commit	f563ddece04adfd8d80d4e984405f5c70a6c94f3 (patch)
tree	fe82abab81c8d33ff19aa657c1617a0befc21637 /hosts
parent	6bafcb244bd6cd031ac9b65fce8a2a939698ecaa (diff)
download	nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.gz nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.bz2 nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.tar.xz nixos-f563ddece04adfd8d80d4e984405f5c70a6c94f3.zip

diff --git a/hosts/surtr/borg.nix b/hosts/surtr/borg.nix new file mode 100644 index 00000000..b9fe53d7 --- /dev/null +++ b/hosts/surtr/borg.nix
@@ -0,0 +1,50 @@
		1	{ lib, config, ... }:
		2
		3	with lib;
		4
		5	{
		6	config = {
		7	services.borgsnap = {
		8	enable = true;
		9	target = "borg.vidhar:.";
		10
		11	extraConfig = mkForce {
		12	daily = "31";
		13	monthly = "-1";
		14	};
		15
		16	sshConfig = ''
		17	Include /etc/ssh/ssh_config
		18
		19	ControlMaster auto
		20	ControlPath /var/lib/borg/.borgssh-master-%r@%n:%p
		21	ControlPersist yes
		22
		23	Host borg.vidhar
		24	HostName vidhar.yggdrasil.li
		25	User borg
		26	IdentityFile ${config.sops.secrets."append.borg.vidhar".path}
		27	IdentitiesOnly yes
		28
		29	BatchMode yes
		30	ServerAliveInterval 10
		31	ServerAliveCountMax 30
		32	'';
		33	};
		34
		35	sops.secrets."append.borg.vidhar" = {
		36	format = "binary";
		37	sopsFile = ../vidhar/borg/jotnar/surtr;
		38	owner = "borg";
		39	group = "borg";
		40	mode = "0400";
		41	};
		42
		43	users.users.borg = {
		44	useDefaultShell = true;
		45	isSystemUser = true;
		46	group = "borg";
		47	};
		48	users.groups.borg = {};
		49	};
		50	}


diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index f616d749..cebb2b6c 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix
@@ -2,7 +2,7 @@
2	{	2	{
3	imports = with flake.nixosModules.systemProfiles; [	3	imports = with flake.nixosModules.systemProfiles; [
4	tmpfs-root qemu-guest openssh rebuild-machines zfs	4	tmpfs-root qemu-guest openssh rebuild-machines zfs
5	./zfs.nix ./dns ./tls ./http ./bifrost ./matrix ./postgresql.nix ./prometheus ./email ./vpn	5	./zfs.nix ./dns ./tls ./http ./bifrost ./matrix ./postgresql.nix ./prometheus ./email ./vpn ./borg.nix
6	];	6	];
7		7
8	config = {	8	config = {


diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 46c2f338..f5a411ac 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix
@@ -228,10 +228,6 @@ with lib;
228	"turn.synapse.li" = {	228	"turn.synapse.li" = {
229	zone = "synapse.li";	229	zone = "synapse.li";
230	certCfg = {	230	certCfg = {
231	server = "https://acme.zerossl.com/v2/DV90";
232	extraLegoFlags = [
233	"--cert.timeout" "300"
234	];
235	postRun = ''	231	postRun = ''
236	${pkgs.systemd}/bin/systemctl try-restart coturn.service	232	${pkgs.systemd}/bin/systemctl try-restart coturn.service
237	'';	233	'';