diff --git a/modules/backup-job.nix b/modules/backup-job.nix index c448ab5..71a57e6 100644 --- a/modules/backup-job.nix +++ b/modules/backup-job.nix @@ -1,9 +1,7 @@ { config, lib, pkgs, ... }: with lib; -let - cfg = config.custom.services.backup-job; -in -{ +let cfg = config.custom.services.backup-job; +in { options.custom.services.backup-job = { enable = mkEnableOption "backup-job"; @@ -12,6 +10,13 @@ in default = [ ]; }; + patterns = mkOption { + type = with types; listOf str; + default = [ ]; + }; + + repoName = mkOption { type = types.str; }; + readWritePaths = mkOption { type = with types; listOf path; default = [ ]; @@ -36,9 +41,7 @@ in default = "03:30"; }; - sshKey = mkOption { - type = with types; path; - }; + sshKey = mkOption { type = with types; path; }; }; config = mkIf cfg.enable { @@ -52,8 +55,10 @@ in services.borgbackup.jobs.data = { paths = [ "/nix/var/data" cfg.sshKey ] ++ cfg.additionalPaths; + patterns = cfg.patterns; doInit = false; - repo = "borgbackup@212.129.12.205:./"; + repo = + "ssh://u348077@u348077.your-storagebox.de:23/home/repos/${cfg.repoName}"; encryption = { mode = "repokey-blake2"; passCommand = "cat ${config.sops.secrets.borgPassphrase.path}"; diff --git a/profiles/backend.nix b/profiles/backend.nix index b71c19c..8aa9a5d 100644 --- a/profiles/backend.nix +++ b/profiles/backend.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: { imports = [ ../environment.nix ../hardware/hcloud.nix @@ -23,6 +22,7 @@ custom = { services.backup-job = { enable = true; + repoName = "bk1"; additionalPaths = [ "/var/lib/nextcloud/config" "/var/lib/mastodon" ]; readWritePaths = [ "/nix/var/data/murmur" "/nix/var/data/backup/" ]; preHook = '' @@ -74,9 +74,7 @@ services.uptime-kuma = { enable = true; - settings = { - PORT = "3001"; - }; + settings = { PORT = "3001"; }; }; services.nginx.virtualHosts."uptime.froidmont.org" = { @@ -85,13 +83,15 @@ enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}"; + proxyPass = + "http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}"; proxyWebsockets = true; }; }; networking.firewall.allowedTCPPorts = [ 80 443 64738 ]; networking.firewall.allowedUDPPorts = [ 64738 ]; - networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port 9000 ]; + networking.firewall.interfaces."eth1".allowedTCPPorts = + [ config.services.prometheus.exporters.node.port 9000 ]; } diff --git a/profiles/db.nix b/profiles/db.nix index ee8f514..506c04f 100644 --- a/profiles/db.nix +++ b/profiles/db.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: { imports = [ ../environment.nix ../hardware/hcloud.nix @@ -8,7 +7,10 @@ ../modules/monitoring-exporters.nix ]; - networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port config.services.postgresql.port ]; + networking.firewall.interfaces."eth1".allowedTCPPorts = [ + config.services.prometheus.exporters.node.port + config.services.postgresql.port + ]; sops.secrets = { borgSshKey = { @@ -20,6 +22,7 @@ custom = { services.backup-job = { enable = true; + repoName = "db1"; readWritePaths = [ "/nix/var/data/postgresql" "/nix/var/data/backup/" ]; preHook = '' ${pkgs.postgresql_12}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp diff --git a/profiles/storage.nix b/profiles/storage.nix index 88cf9e6..edaa7a3 100644 --- a/profiles/storage.nix +++ b/profiles/storage.nix @@ -33,6 +33,12 @@ services.backup-job = { enable = true; + repoName = "bl"; + patterns = [ + "- /nix/var/data/media" + "- /nix/var/data/transmission/downloads" + "- /nix/var/data/transmission/.incomplete" + ]; readWritePaths = [ "/nix/var/data/backup" ]; preHook = "${pkgs.docker}/bin/docker exec stb-mariadb sh -c 'mysqldump -u stb -pstb stb' > /nix/var/data/backup/stb_mariadb.sql";