From f563ddece04adfd8d80d4e984405f5c70a6c94f3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 2 Nov 2022 18:20:24 +0100
Subject: surtr: borg backup to vidhar

---
 hosts/surtr/borg.nix | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 hosts/surtr/borg.nix

(limited to 'hosts/surtr/borg.nix')

diff --git a/hosts/surtr/borg.nix b/hosts/surtr/borg.nix
new file mode 100644
index 00000000..b9fe53d7
--- /dev/null
+++ b/hosts/surtr/borg.nix
@@ -0,0 +1,50 @@
+{ lib, config, ... }:
+
+with lib;
+
+{
+  config = {
+    services.borgsnap = {
+      enable = true;
+      target = "borg.vidhar:.";
+
+      extraConfig = mkForce {
+        daily = "31";
+        monthly = "-1";
+      };
+
+      sshConfig = ''
+        Include /etc/ssh/ssh_config
+
+        ControlMaster auto
+        ControlPath /var/lib/borg/.borgssh-master-%r@%n:%p
+        ControlPersist yes
+
+        Host borg.vidhar
+          HostName vidhar.yggdrasil.li
+          User borg
+          IdentityFile ${config.sops.secrets."append.borg.vidhar".path}
+          IdentitiesOnly yes
+
+          BatchMode yes
+          ServerAliveInterval 10
+          ServerAliveCountMax 30
+      '';
+    };
+
+    sops.secrets."append.borg.vidhar" = {
+      format = "binary";
+      sopsFile = ../vidhar/borg/jotnar/surtr;
+      owner = "borg";
+      group = "borg";
+      mode = "0400";
+    };
+
+    users.users.borg = {
+      useDefaultShell = true;
+      isSystemUser = true;
+      group = "borg";
+    };
+    users.groups.borg = {};
+  };
+}
-- 
cgit v1.2.3