From aa02038dfa3005a910e8c1b0885843786c8aa58c Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 1 Oct 2023 18:52:42 +0200
Subject: vidhar(pgbackrest): srv02.uniworx.de

---
 hosts/vidhar/pgbackrest/default.nix | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'hosts/vidhar/pgbackrest/default.nix')

diff --git a/hosts/vidhar/pgbackrest/default.nix b/hosts/vidhar/pgbackrest/default.nix
index 899b0e0f..0f86ebe9 100644
--- a/hosts/vidhar/pgbackrest/default.nix
+++ b/hosts/vidhar/pgbackrest/default.nix
@@ -4,6 +4,12 @@ let
   surtrRepoCfg = flake.nixosConfigurations."surtr".config.services.pgbackrest.settings.surtr;
 in {
   config = {
+    assertions = [
+      (let
+        inherit (config.services.pgbackrest.package) version;
+      in { assertion = version == "2.45"; message = "Presumably incompatible pgBackRest version: ${version}"; })
+    ];
+
     services.pgbackrest = {
       enable = true;
       package = flakeInputs.nixpkgs-stable.legacyPackages.${config.nixpkgs.system}.pgbackrest;
@@ -54,6 +60,20 @@ in {
           repo2-retention-archive = 7;
         };
 
+        "srv02.uniworx.de" = {
+          pg1-host-type = "tls";
+          pg1-host = "srv02.uniworx.de";
+          pg1-host-ca-file = toString ./ca/ca.crt;
+          pg1-host-cert-file = toString ./ca/vidhar.crt;
+          pg1-host-key-file = config.sops.secrets."pgbackrest.key".path;
+          pg1-path = "/var/lib/postgresql/15";
+
+          repo2-path = "/var/lib/pgbackrest";
+          repo2-retention-full-type = "time";
+          repo2-retention-full = 14;
+          repo2-retention-archive = 7;
+        };
+
         "global" = {
           compress-type = "zst";
           compress-level = 9;
@@ -67,7 +87,7 @@ in {
           tls-server-ca-file = toString ./ca/ca.crt;
           tls-server-cert-file = toString ./ca/vidhar.crt;
           tls-server-key-file = config.sops.secrets."pgbackrest.key".path;
-          tls-server-auth = ["surtr.yggdrasil=surtr" "srv01.uniworx.de=srv01.uniworx.de"];
+          tls-server-auth = ["surtr.yggdrasil=surtr" "srv01.uniworx.de=srv01.uniworx.de" "srv02.uniworx.de=srv02.uniworx.de"];
         };
 
         "global:archive-push" = {
@@ -93,6 +113,14 @@ in {
         group = "pgbackrest";
         timerConfig.OnCalendar = "daily Europe/Berlin";
       };
+
+      backups."srv02.uniworx.de-daily" = {
+        stanza = "srv02.uniworx.de";
+        repo = "2";
+        user = "pgbackrest";
+        group = "pgbackrest";
+        timerConfig.OnCalendar = "daily Europe/Berlin";
+      };
     };
 
     systemd.tmpfiles.rules = [
-- 
cgit v1.2.3