Backup hcloud instances with borg

2025-12-25 05:36:59 +01:00 · 2021-07-15 23:46:01 +02:00 · 2021-07-15 23:46:01 +02:00 · 292619386b
commit 292619386b
parent 59cb6ac9b9
6 changed files with 87 additions and 6 deletions
--- a/modules/custom-backup-job.nix
+++ b/modules/custom-backup-job.nix
@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.custom-backup-job;
+in {
+  options.services.custom-backup-job = {
+    additionalReadWritePaths = mkOption {
+      type = with types; listOf path;
+      default = [];
+    };
+
+    additionalPreHook = mkOption {
+      type = types.lines;
+      default = "";
+    };
+
+    startAt = mkOption {
+      type = with types; either str (listOf str);
+      default = "03:30";
+    };
+  };
+
+  config = {
+   services.borgbackup.jobs.data = {
+     paths = [ "/nix/var/data" ];
+     doInit = false;
+     repo =  "backup@212.129.12.205:./";
+     encryption = {
+       mode = "repokey-blake2";
+       passCommand = "cat /var/keys/borgbackup-passphrase";
+     };
+     readWritePaths = [
+       "/var/keys/borgbackup-ssh-key"
+     ] ++ cfg.additionalReadWritePaths;
+     preHook = ''
+       #There is no way to specify the permissions on keys so we fix them here
+       chmod 0600 /var/keys/borgbackup-ssh-key
+     '' + cfg.additionalPreHook;
+     environment = { BORG_RSH = "ssh -i /var/keys/borgbackup-ssh-key"; };
+     compression = "lz4";
+     startAt = cfg.startAt;
+     prune.keep = {
+       within = "2d";
+       daily = 14;
+       weekly = 8;
+       monthly = 12;
+     };
+   };
+  };
+}
--- a/modules/postgresql.nix
+++ b/modules/postgresql.nix
@ -5,8 +5,13 @@
    package = pkgs.postgresql_12;
    initialScript = "/var/keys/postgres-init.sql";
    enableTCPIP = true;
+    identMap = ''
+    root_as_others         root                  synapse
+    '';
    authentication = ''
-      host all all 10.0.1.0/24 md5
+      local  all     postgres               peer
+      local  all     all                    peer map=root_as_others
+      host   all     all     10.0.1.0/24    md5
    '';
  };
  users.users.postgres.extraGroups = [ "keys" ];
--- a/modules/synapse.nix
+++ b/modules/synapse.nix
@ -93,6 +93,7 @@ in
    database_args = {
      host = "fake"; # This section is overriden in deploy_nixos keys
    };
+    dataDir = "/nix/var/data/matrix-synapse";
    extraConfigFiles = [ "/var/keys/synapse-extra-config.yaml" ];
  };
  users.users.matrix-synapse.extraGroups = [ "keys" ];