phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move backup to Hetzner's storage box

Browse source
This commit is contained in:
Paul-Henri Froidmont 2023-04-22 02:46:55 +02:00
parent 8c4e559348
commit ff0abf6309
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
4 changed files with 32 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/backup-job.nix
View file

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let cfg = config.custom.services.backup-job;
cfg = config.custom.services.backup-job; in {
in
{
options.custom.services.backup-job = { options.custom.services.backup-job = {
enable = mkEnableOption "backup-job"; enable = mkEnableOption "backup-job";
@ -12,6 +10,13 @@ in
default = [ ]; default = [ ];
}; };
patterns = mkOption {
type = with types; listOf str;
default = [ ];
};
repoName = mkOption { type = types.str; };
readWritePaths = mkOption { readWritePaths = mkOption {
type = with types; listOf path; type = with types; listOf path;
default = [ ]; default = [ ];
@ -36,9 +41,7 @@ in
default = "03:30"; default = "03:30";
}; };
sshKey = mkOption { sshKey = mkOption { type = with types; path; };
type = with types; path;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -52,8 +55,10 @@ in
services.borgbackup.jobs.data = { services.borgbackup.jobs.data = {
paths = [ "/nix/var/data" cfg.sshKey ] ++ cfg.additionalPaths; paths = [ "/nix/var/data" cfg.sshKey ] ++ cfg.additionalPaths;
patterns = cfg.patterns;
doInit = false; doInit = false;
repo = "borgbackup@212.129.12.205:./"; repo =
"ssh://u348077@u348077.your-storagebox.de:23/home/repos/${cfg.repoName}";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.borgPassphrase.path}"; passCommand = "cat ${config.sops.secrets.borgPassphrase.path}";

14
profiles/backend.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
imports = [ imports = [
../environment.nix ../environment.nix
../hardware/hcloud.nix ../hardware/hcloud.nix
@ -23,6 +22,7 @@
custom = { custom = {
services.backup-job = { services.backup-job = {
enable = true; enable = true;
repoName = "bk1";
additionalPaths = [ "/var/lib/nextcloud/config" "/var/lib/mastodon" ]; additionalPaths = [ "/var/lib/nextcloud/config" "/var/lib/mastodon" ];
readWritePaths = [ "/nix/var/data/murmur" "/nix/var/data/backup/" ]; readWritePaths = [ "/nix/var/data/murmur" "/nix/var/data/backup/" ];
preHook = '' preHook = ''
@ -74,9 +74,7 @@
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
settings = { settings = { PORT = "3001"; };
PORT = "3001";
};
}; };
services.nginx.virtualHosts."uptime.froidmont.org" = { services.nginx.virtualHosts."uptime.froidmont.org" = {
@ -85,13 +83,15 @@
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}"; proxyPass =
"http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 64738 ]; networking.firewall.allowedTCPPorts = [ 80 443 64738 ];
networking.firewall.allowedUDPPorts = [ 64738 ]; networking.firewall.allowedUDPPorts = [ 64738 ];
networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port 9000 ]; networking.firewall.interfaces."eth1".allowedTCPPorts =
[ config.services.prometheus.exporters.node.port 9000 ];
} }

9
profiles/db.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
{
imports = [ imports = [
../environment.nix ../environment.nix
../hardware/hcloud.nix ../hardware/hcloud.nix
@ -8,7 +7,10 @@
../modules/monitoring-exporters.nix ../modules/monitoring-exporters.nix
]; ];
networking.firewall.interfaces."eth1".allowedTCPPorts = [ config.services.prometheus.exporters.node.port config.services.postgresql.port ]; networking.firewall.interfaces."eth1".allowedTCPPorts = [
config.services.prometheus.exporters.node.port
config.services.postgresql.port
];
sops.secrets = { sops.secrets = {
borgSshKey = { borgSshKey = {
@ -20,6 +22,7 @@
custom = { custom = {
services.backup-job = { services.backup-job = {
enable = true; enable = true;
repoName = "db1";
readWritePaths = [ "/nix/var/data/postgresql" "/nix/var/data/backup/" ]; readWritePaths = [ "/nix/var/data/postgresql" "/nix/var/data/backup/" ];
preHook = '' preHook = ''
${pkgs.postgresql_12}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp ${pkgs.postgresql_12}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp

6
profiles/storage.nix
View file

@ -33,6 +33,12 @@
services.backup-job = { services.backup-job = {
enable = true; enable = true;
repoName = "bl";
patterns = [
"- /nix/var/data/media"
"- /nix/var/data/transmission/downloads"
"- /nix/var/data/transmission/.incomplete"
];
readWritePaths = [ "/nix/var/data/backup" ]; readWritePaths = [ "/nix/var/data/backup" ];
preHook = preHook =
"${pkgs.docker}/bin/docker exec stb-mariadb sh -c 'mysqldump -u stb -pstb stb' > /nix/var/data/backup/stb_mariadb.sql"; "${pkgs.docker}/bin/docker exec stb-mariadb sh -c 'mysqldump -u stb -pstb stb' > /nix/var/data/backup/stb_mariadb.sql";