summaryrefslogtreecommitdiff
path: root/hosts/vidhar/borg/default.nix
blob: 3558a421c04a9ce1d4493af29e9e9ba6c4ef44d7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{ pkgs, lib, ... }:

with lib;

{
  config = {
    services.borgbackup.repos.borg = {
      path = "/srv/backup/borg";
      authorizedKeysAppendOnly = let
        dir = ./authorized-keys;
        toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
      in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir));
    };

    boot.postBootCommands = mkBefore ''
      ${pkgs.findutils}/bin/find /srv/backup/borg -maxdepth 1 -type d -empty -delete
    '';

    users.users.borg.extraGroups = ["ssh"];

    services.openssh.extraConfig = ''
      Match User borg
        ClientAliveInterval 10
        ClientAliveCountMax 30

      Match All
    '';

    sops.secrets.borg-passphrase = {
      sopsFile = ./passphrase.yaml;
      format = "yaml";
      key = "borg";
      owner = "borg";
      group = "borg";
      mode = "0440";
    };
  };
}