Setup borg on oracles

2022-06-10 19:30:15 -04:00 · 2022-06-10 19:30:15 -04:00 · 52f5a2c9c1
parent b52f0ea460
commit 52f5a2c9c1
3 changed files with 65 additions and 2 deletions
--- a/machines/levitation.nix
+++ b/machines/levitation.nix
@ -98,6 +98,7 @@
        "/home/nathan/.local/share/Steam"
        "/home/nathan/Downloads"
        "/home/nathan/Music"
+        "/var/lib/docker"
      ];
      repo = "de1955@de1955.rsync.net:computers/levitation";
      encryption = {
--- a/machines/oracles.nix
+++ b/machines/oracles.nix
@ -45,5 +45,66 @@
  # Install java
  environment.systemPackages = with pkgs; [
    jdk
+    borgbackup
  ];
+
+  # Setup sops
+  sops.secrets."borg-sshKey" = {
+    format = "yaml";
+    sopsFile = ../secrets/borg.yaml;
+  };
+  sops.secrets."borg-oraclesPassword" = {
+    format = "yaml";
+    sopsFile = ../secrets/borg.yaml;
+  };
+  # Setup the job
+  services.borgbackup.jobs = {
+    files = {
+      paths = [
+        "/home"
+        "/var"
+        "/etc"
+      ];
+      exclude = [
+        "*/.cache"
+        "*/.tmp"
+        "/home/nathan/minecraft/server/backup"
+        "/var/lib/postgresql"
+        "/var/lib/redis"
+        "/var/lib/docker"
+      ];
+      repo = "de1955@de1955.rsync.net:computers/oracles";
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}";
+      };
+      environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
+      compression = "auto,zstd";
+      startAt = "hourly";
+      prune.keep = {
+        within = "7d"; # Keep all archives for the past week
+        daily = 1; # Keep 1 snapshot a day for 2 weeks
+        weekly = 4; # Keep 1 snapshot a week for 4 weeks
+        monthly = -1; # Keep unlimited monthly backups
+      };
+    };
+    postgres = {
+      dumpCommand = "su postgres -c pg_dumpall";
+      repo = "de1955@de1955.rsync.net:databases/oracles/postgres";
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}";
+      };
+      environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
+      compression = "auto,zstd";
+      startAt = "hourly";
+      prune.keep = {
+        within = "7d"; # Keep all archives for the past week
+        daily = 1; # Keep 1 snapshot a day for 2 weeks
+        weekly = 4; # Keep 1 snapshot a week for 4 weeks
+        monthly = -1; # Keep unlimited monthly backups
+      };
+    };
+  };
+
 }
--- a/secrets/borg.yaml
+++ b/secrets/borg.yaml
@ -1,5 +1,6 @@
 borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str]
 borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str]
+borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -60,8 +61,8 @@ sops:
            WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/
            nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-06-10T22:53:54Z"
-    mac: ENC[AES256_GCM,data:ZCTwUX3m4BPjJxMzaTmG1FNFmxJ+rO/5aKe8AB/Fca2Ut5V6GccrpnjVx43ccNSTibDEgdxvUPtAZRLZ0nZXsAFE1tI5KoCk5XxzhCddmG0gkrMDpt2bgnv+eNgwU5fpMNu1+IdwnUf9ut4LaJBtpojDQjM9wWpcVMAJKTfh83Y=,iv:M5SWFxX2anu7yoUd3S3HZ98LfzQrr20CHtX3KR9GI1U=,tag:/BXJkqtLT83AnuA6fZWQVg==,type:str]
+    lastmodified: "2022-06-10T23:17:10Z"
+    mac: ENC[AES256_GCM,data:EgTvO6L9hAcOYQBl5bMmqZeimxEO9uTxKiGKqTBM0nyRU0Fj7zE1ZvuCtwSe0T9RHObBwzd5i1ij1qA4Bd5qDg2fnRs4DoxHPXJxERsD1CrZnE39D//+ppdsdGGaw5rtISlbl2b+4YFDSiYtbgrU73bz/LauUEc71fakBxQzLlI=,iv:imQB792YHWSoJIbxx6ZPiDK2IhwN6DZPrDbnbGA7U/0=,tag:Qtc6K1tQtNcc318Ez9wf9A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3