From 1b04a415e98b72841e6b9dba0b0c030428ba0434 Mon Sep 17 00:00:00 2001 From: Silas Schöffel Date: Tue, 21 Jan 2025 21:21:14 +0100 Subject: feat(modules/backup): init --- system/secrets/backup/backuppass.age | 14 ---------- system/secrets/backup/backupssh.age | 23 ----------------- system/secrets/default.nix | 12 --------- system/services/default.nix | 1 - system/services/restic/default.nix | 50 ------------------------------------ 5 files changed, 100 deletions(-) delete mode 100644 system/secrets/backup/backuppass.age delete mode 100644 system/secrets/backup/backupssh.age delete mode 100644 system/services/restic/default.nix (limited to 'system') diff --git a/system/secrets/backup/backuppass.age b/system/secrets/backup/backuppass.age deleted file mode 100644 index 8ec40a9..0000000 --- a/system/secrets/backup/backuppass.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNDcxbkFiWndxZGdwR2lB -N2lxQjdxZS9FTTl1UDdTbGMyaEtaZ29aM1NVClE0L1dDdllIQUx3MXlJUEJya3N1 -Y1ovWVh4YjNUUXluKzAzd1VKZWFkUHMKLT4gWDI1NTE5IC9YR3JnQVQxYWhSVVdy -c3p2OExkb0xnbStKUHFRZkE0QTBpTStaYjBBak0KRnQ3enZLaXRNbVdtNXBveTN1 -U1FmZDBXZXJpZlorQVd5eXFSTVYxMHZaWQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -empPMTdrZWZGclAzdnBBbUFjZVB6YTl1VnMxY0dIenhjRGtnSUVjTktIcwpsRFFv -TURIVkswM1EreVgvWWZiSEU0aDBGYWZlZFk2dnZnNExLY3NBbVJvCi0+IGhJY2xX -anwtZ3JlYXNlIEw4S0Q2bHVyIFg1dSAjNnRcdWwKaU53OENqWUVJMWgrZURNbzQ5 -VjZzb1hNbndVCi0tLSBCNktxeXFiVzVlNjdQeXdNZnJtQ0NlVzZuWVpaMExZUVEv -RzdtaU1URzBJCoHd8ODHla1b7opUSmrEAm9S7Ul3QD0iLIyTpKn/PnB5vQ4oVd4H -kgB9FFvfYUpRSVebVyOh/Ocqq0Lalc6Gjc1+/tTbkcJLrhyO6G8x/519Sm0o7qXE -5/jXBpzFoFrsR68= ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/backup/backupssh.age b/system/secrets/backup/backupssh.age deleted file mode 100644 index bd7cafa..0000000 --- a/system/secrets/backup/backupssh.age +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VkhnUmpGU3hycEExSWxz -ZVAzM3B5M2pFbFFUMXVGWnRaa3Y1a2VtSDM4ClVncXlpUnNUc1JiM01YcmU4dnNQ -WGZXSFBUQ3FIN0U2K2lBZjVHOFlidXMKLT4gWDI1NTE5IFV4VUczSXJ5TVNEdHdN -VVVJYVgzMTN3Rm5IeXRoekt0dEx5eUVlUGFGVzQKZUJGcU9yWUIzaGVCMDE4bW5m -dGhXM1VDL1c1U0N0NDJEK1J5ODdsNTdqcwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -TDVjckpka2w2TFRFSXdNbTlOeDBYcFlvajBpMlp0eGJTOUdldlRTck9HRQovdGhY -TkxMZlhEZjVLZ0pPa29Zc09DcjY5YzArYnV4YklQU3Q2U0ZpenhJCi0+IH5SQFt+ -RGlILWdyZWFzZSB2MDBhTnw1OiBmIEhaQiBHZUVaKHErClMwOWlZVGhJcG1LOERw -dTVyOXhVVG5YSGNsd2xYR2lyMkh6cEtHbmYreWIwMU13OFJSYW1xTUVWZm5ySTRy -TzYKKzFwY1RpelpudDFZUzBpKzlMWEV6MnhhUDFpaTRMbVhKQkcrYVFlYnQxSFBj -bnhubmdyYzBiWVBOZwotLS0gV2xIaVhsSVBmU2xINDFXMFlyckJ3WjMxdzluSmFT -bUp2TnFnUHdQUmcxbwpOQ5eYFn1lvDjatNZLdErDyyi+b1xLzhkErEaqDxuY++9b -owQ0rdzFRCokI34Vsa4OOrHOhDUyp7n0EmfXGTrkroTF3hyzpr+2M4jnwVFC7uLU -BbU+ZvekUjekXYBy7WXSt30E9RiUJbiHF5FtOboS2A7j+BXbVaHWPEJgnHDbqVy/ -ejESfOaCkg6avXx32rTkV8FfqQmLSxOpwPnsKgiPeZlE6gXViZ0pLm4pwLr5w75s -ln1ksjjfqQ/wBZn+/tTPEpbwAulEe2qEutCL5NbUih8knx1Wvvm/oFtYvjjaA2ZQ -VizCl+v9cRNfkYfczKSTIrGHRuToADqxzxbA88oZFGHu7td6NCVdWIxenA8yaaT+ -csUCfCVUOd6EoKmEKhTqy0EPfDq807c/+lK4il7DbB2geXs/GiMc0he8KGWuruHU -U2wbOaMYdN9Uez1tlBWJhKrnwOPw3Jad615B/MRt9/rDOAaBVI5ttxpNkLcrx22k -rpLItm23yg35+4e+a9Vl03L7kTOqIurS4JRsMyJpRvrRPJMa5cEVMZ4ZzLe3HrGQ -WrH6OXPGKbq4ZB+1mSE= ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/default.nix b/system/secrets/default.nix index ab89942..7100eff 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -7,18 +7,6 @@ owner = "root"; group = "root"; }; - resticpass = { - file = ./backup/backuppass.age; - mode = "0700"; - owner = "root"; - group = "root"; - }; - resticssh = { - file = ./backup/backupssh.age; - mode = "0700"; - owner = "root"; - group = "root"; - }; taskserverCaKey = { file = ./taskserver/ca.age; mode = "700"; diff --git a/system/services/default.nix b/system/services/default.nix index d78ee28..4d3700d 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -3,7 +3,6 @@ ./invidious ./mail ./minecraft - ./restic ./taskserver ]; } diff --git a/system/services/restic/default.nix b/system/services/restic/default.nix deleted file mode 100644 index cfeaca3..0000000 --- a/system/services/restic/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - pkgs, - ... -}: { - services.restic.backups = let - snapshots = "/srv/snapshots"; - boxUser = "u384702-sub2"; - postgresUser = "postgres"; - in { - storagebox = { - initialize = true; - backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -u ${postgresUser} ${pkgs.postgresql}/bin/pg_dumpall --clean --if-exists --quote-all-identifiers > /srv/db_backup.sql - - [ -d /srv/snapshots ] || ${pkgs.btrfs-progs}/bin/btrfs subvolume create /srv/snapshots; - [ -d /srv/snapshots/srv ] && ${pkgs.btrfs-progs}/bin/btrfs subvolume delete /srv/snapshots/srv; - ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r /srv /srv/snapshots/srv; - - # dump() { - # # compression: - # # pg_dump -F t -v "$1" | xz -z -9 -e -T0 > "db_$1.tar.xz" - # pg_dump -v "$1" > "db_$1.tar.xz" - # } - # # List all databases, and dump each of them in its own file - # # psql --list --csv | while read -r line; do echo "$line" | grep ','; done | while IFS=, read -r name _; do echo "$name"; done | sed '1d' | while read -r db_name; do dump "$db_name"; done - ''; - paths = [ - snapshots - ]; - exclude = [ - ".snapshots" - "/var/lib/postgresql" # included in the db dump - ]; - extraBackupArgs = [ - "--verbose" # spam log - ]; - passwordFile = config.age.secrets.resticpass.path; - extraOptions = [ - "rclone.program='ssh -p 23 ${boxUser}@${boxUser}.your-storagebox.de -i ${config.age.secrets.resticssh.path}'" - ]; - repository = "rclone: "; # There is only one repository served - timerConfig = { - Requires = "network-online.target"; - OnCalendar = "daily"; - Persistent = true; - }; - }; - }; -} -- cgit 1.4.1