borg tweaks

This commit is contained in:
Nathan McCarty 2022-06-10 20:10:18 -04:00
parent 20022f9a6d
commit b472b4405a
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
4 changed files with 65 additions and 2 deletions

View File

@ -99,6 +99,8 @@
"/home/nathan/Downloads" "/home/nathan/Downloads"
"/home/nathan/Music" "/home/nathan/Music"
"/var/lib/docker" "/var/lib/docker"
"/var/log"
"/home/nathan/*/Cache"
]; ];
repo = "de1955@de1955.rsync.net:computers/levitation"; repo = "de1955@de1955.rsync.net:computers/levitation";
encryption = { encryption = {

View File

@ -40,4 +40,63 @@
users.users.nathan = { users.users.nathan = {
extraGroups = [ "www-html" ]; extraGroups = [ "www-html" ];
}; };
###
## Borg Backup
###
# Install borg
environment.systemPackages = with pkgs; [
borgbackup
];
# Setup sops
sops.secrets."borg-sshKey" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
sops.secrets."borg-matrixPassword" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
# Setup the job
services.borgbackup.jobs = {
files = {
paths = [
"/home"
"/var"
"/etc"
];
exclude = [
"*/.cache"
"*/.tmp"
"/home/nathan/minecraft/server/backup"
"/var/lib/postgresql"
"/var/lib/redis"
"/var/lib/docker"
"/var/log"
];
repo = "de1955@de1955.rsync.net:computers/matrix";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg-matrixPassword".path}";
};
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
compression = "auto,zstd";
startAt = "OnCalendar=00/4:00";
prune.keep = {
within = "7d"; # Keep all archives for the past week
daily = 1; # Keep 1 snapshot a day for 2 weeks
weekly = 4; # Keep 1 snapshot a week for 4 weeks
monthly = -1; # Keep unlimited monthly backups
};
};
};
# Backup postgres
services.postgresqlBackup = {
enable = true;
compression = "none";
backupAll = true;
startAt = "OnCalendar=00/2:00";
};
} }

View File

@ -72,6 +72,7 @@
"/var/lib/postgresql" "/var/lib/postgresql"
"/var/lib/redis" "/var/lib/redis"
"/var/lib/docker" "/var/lib/docker"
"/var/log"
]; ];
repo = "de1955@de1955.rsync.net:computers/oracles"; repo = "de1955@de1955.rsync.net:computers/oracles";
encryption = { encryption = {

View File

@ -1,6 +1,7 @@
borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str] borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str]
borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str] borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str]
borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str] borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str]
borg-matrixPassword: ENC[AES256_GCM,data:7dZh8G36PAhfVU4k4mdnWAMCRKme9nAd4GUkdwdZiIAd037Ou2n3wJfZLA==,iv:rPGFyAmHe2H0g0mPxSo84NT/wwBwMt1vV9DAenvwbW4=,tag:2Q4ID6jsA02AC4vvPmBTPw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -61,8 +62,8 @@ sops:
WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/ WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/
nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg== nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-06-10T23:17:10Z" lastmodified: "2022-06-11T00:07:08Z"
mac: ENC[AES256_GCM,data:EgTvO6L9hAcOYQBl5bMmqZeimxEO9uTxKiGKqTBM0nyRU0Fj7zE1ZvuCtwSe0T9RHObBwzd5i1ij1qA4Bd5qDg2fnRs4DoxHPXJxERsD1CrZnE39D//+ppdsdGGaw5rtISlbl2b+4YFDSiYtbgrU73bz/LauUEc71fakBxQzLlI=,iv:imQB792YHWSoJIbxx6ZPiDK2IhwN6DZPrDbnbGA7U/0=,tag:Qtc6K1tQtNcc318Ez9wf9A==,type:str] mac: ENC[AES256_GCM,data:o71aJDP01oX/hzJKjkOkM185wgQ0YSCeYtkjGnGF7OLZ5v7EFIK7iszU4nXP5XdtVydHBXDIWGZPLg2pIzWwlOun3K2sxsy6oGrbgE0rB4+G8SSqO6vi7Lny6+RMI8jYmMEx5hUNOWEc/YWtyBxiQ2iXf7Lcj/Xg2adDDHXUJ4c=,iv:n1D/VapaoLD4qhGhj7xRaqYSkaTizNmNCVYUrfYHyqU=,tag:hZD2iH0YWntEMB9JoMYDXg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3