diff options
Diffstat (limited to 'hosts/vidhar/pgbackrest/default.nix')
| -rw-r--r-- | hosts/vidhar/pgbackrest/default.nix | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix index 49644e51..ebee2cd0 100644 --- a/hosts/vidhar/pgbackrest/default.nix +++ b/hosts/vidhar/pgbackrest/default.nix | |||
| @@ -18,7 +18,7 @@ in { | |||
| 18 | pg1-host-type = "tls"; | 18 | pg1-host-type = "tls"; |
| 19 | pg1-host = "pgbackrest.surtr.yggdrasil"; | 19 | pg1-host = "pgbackrest.surtr.yggdrasil"; |
| 20 | pg1-host-ca-file = toString ./ca/ca.crt; | 20 | pg1-host-ca-file = toString ./ca/ca.crt; |
| 21 | pg1-host-cert-file = toString ./tls.crt; | 21 | pg1-host-cert-file = toString ./ca/vidhar.crt; |
| 22 | pg1-host-key-file = config.sops.secrets."pgbackrest.key".path; | 22 | pg1-host-key-file = config.sops.secrets."pgbackrest.key".path; |
| 23 | inherit (surtrRepoCfg) pg1-path; | 23 | inherit (surtrRepoCfg) pg1-path; |
| 24 | 24 | ||
| @@ -37,6 +37,20 @@ in { | |||
| 37 | repo2-retention-archive = 7; | 37 | repo2-retention-archive = 7; |
| 38 | }; | 38 | }; |
| 39 | 39 | ||
| 40 | "srv01.uniworx.de" = { | ||
| 41 | pg1-host-type = "tls"; | ||
| 42 | pg1-host = "srv01.uniworx.de"; | ||
| 43 | pg1-host-ca-file = toString ./ca/ca.crt; | ||
| 44 | pg1-host-cert-file = toString ./ca/srv01.uniworx.de.crt; | ||
| 45 | pg1-host-key-file = config.sops.secrets."pgbackrest.key".path; | ||
| 46 | pg1-path = "/var/lib/postgresql/15"; | ||
| 47 | |||
| 48 | repo2-path = "/var/lib/pgbackrest"; | ||
| 49 | repo2-retention-full-type = "time"; | ||
| 50 | repo2-retention-full = 14; | ||
| 51 | repo2-retention-archive = 7; | ||
| 52 | }; | ||
| 53 | |||
| 40 | "global" = { | 54 | "global" = { |
| 41 | compress-type = "zst"; | 55 | compress-type = "zst"; |
| 42 | compress-level = 9; | 56 | compress-level = 9; |
| @@ -46,9 +60,9 @@ in { | |||
| 46 | }; | 60 | }; |
| 47 | 61 | ||
| 48 | "global:server" = { | 62 | "global:server" = { |
| 49 | tls-server-address = "2a03:4000:52:ada:1:1::"; | 63 | tls-server-address = "2a03:4000:52:ada:4:1::"; |
| 50 | tls-server-ca-file = toString ./ca/ca.crt; | 64 | tls-server-ca-file = toString ./ca/ca.crt; |
| 51 | tls-server-cert-file = toString ./tls.crt; | 65 | tls-server-cert-file = toString ./ca/vidhar.crt; |
| 52 | tls-server-key-file = config.sops.secrets."pgbackrest.key".path; | 66 | tls-server-key-file = config.sops.secrets."pgbackrest.key".path; |
| 53 | tls-server-auth = ["surtr.yggdrasil=surtr"]; | 67 | tls-server-auth = ["surtr.yggdrasil=surtr"]; |
| 54 | }; | 68 | }; |
| @@ -92,7 +106,7 @@ in { | |||
| 92 | 106 | ||
| 93 | sops.secrets."pgbackrest.key" = { | 107 | sops.secrets."pgbackrest.key" = { |
| 94 | format = "binary"; | 108 | format = "binary"; |
| 95 | sopsFile = ./tls.key; | 109 | sopsFile = ./ca/vidhar.key; |
| 96 | owner = "pgbackrest"; | 110 | owner = "pgbackrest"; |
| 97 | group = "pgbackrest"; | 111 | group = "pgbackrest"; |
| 98 | mode = "0400"; | 112 | mode = "0400"; |