borg tweaks
This commit is contained in:
parent
20022f9a6d
commit
b472b4405a
|
@ -99,6 +99,8 @@
|
||||||
"/home/nathan/Downloads"
|
"/home/nathan/Downloads"
|
||||||
"/home/nathan/Music"
|
"/home/nathan/Music"
|
||||||
"/var/lib/docker"
|
"/var/lib/docker"
|
||||||
|
"/var/log"
|
||||||
|
"/home/nathan/*/Cache"
|
||||||
];
|
];
|
||||||
repo = "de1955@de1955.rsync.net:computers/levitation";
|
repo = "de1955@de1955.rsync.net:computers/levitation";
|
||||||
encryption = {
|
encryption = {
|
||||||
|
|
|
@ -40,4 +40,63 @@
|
||||||
users.users.nathan = {
|
users.users.nathan = {
|
||||||
extraGroups = [ "www-html" ];
|
extraGroups = [ "www-html" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
###
|
||||||
|
## Borg Backup
|
||||||
|
###
|
||||||
|
|
||||||
|
# Install borg
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
borgbackup
|
||||||
|
];
|
||||||
|
|
||||||
|
# Setup sops
|
||||||
|
sops.secrets."borg-sshKey" = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../secrets/borg.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."borg-matrixPassword" = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../secrets/borg.yaml;
|
||||||
|
};
|
||||||
|
# Setup the job
|
||||||
|
services.borgbackup.jobs = {
|
||||||
|
files = {
|
||||||
|
paths = [
|
||||||
|
"/home"
|
||||||
|
"/var"
|
||||||
|
"/etc"
|
||||||
|
];
|
||||||
|
exclude = [
|
||||||
|
"*/.cache"
|
||||||
|
"*/.tmp"
|
||||||
|
"/home/nathan/minecraft/server/backup"
|
||||||
|
"/var/lib/postgresql"
|
||||||
|
"/var/lib/redis"
|
||||||
|
"/var/lib/docker"
|
||||||
|
"/var/log"
|
||||||
|
];
|
||||||
|
repo = "de1955@de1955.rsync.net:computers/matrix";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.sops.secrets."borg-matrixPassword".path}";
|
||||||
|
};
|
||||||
|
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
|
||||||
|
compression = "auto,zstd";
|
||||||
|
startAt = "OnCalendar=00/4:00";
|
||||||
|
prune.keep = {
|
||||||
|
within = "7d"; # Keep all archives for the past week
|
||||||
|
daily = 1; # Keep 1 snapshot a day for 2 weeks
|
||||||
|
weekly = 4; # Keep 1 snapshot a week for 4 weeks
|
||||||
|
monthly = -1; # Keep unlimited monthly backups
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# Backup postgres
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
compression = "none";
|
||||||
|
backupAll = true;
|
||||||
|
startAt = "OnCalendar=00/2:00";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -72,6 +72,7 @@
|
||||||
"/var/lib/postgresql"
|
"/var/lib/postgresql"
|
||||||
"/var/lib/redis"
|
"/var/lib/redis"
|
||||||
"/var/lib/docker"
|
"/var/lib/docker"
|
||||||
|
"/var/log"
|
||||||
];
|
];
|
||||||
repo = "de1955@de1955.rsync.net:computers/oracles";
|
repo = "de1955@de1955.rsync.net:computers/oracles";
|
||||||
encryption = {
|
encryption = {
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str]
|
borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str]
|
||||||
borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str]
|
borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str]
|
||||||
borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str]
|
borg-oraclesPassword: ENC[AES256_GCM,data:TRWn/vj3SpSrRc0HcNI9If7e5Q93hO/+eLKoTQULHTBZqZKdnN0Lq6xhUQQf0s7LhS9D2Q==,iv:/vdqnlR6DowmPNpNP8Q3n2cL/gv91heS0NLFth9Wpl0=,tag:peIs7WpNO56DiTkva71fDw==,type:str]
|
||||||
|
borg-matrixPassword: ENC[AES256_GCM,data:7dZh8G36PAhfVU4k4mdnWAMCRKme9nAd4GUkdwdZiIAd037Ou2n3wJfZLA==,iv:rPGFyAmHe2H0g0mPxSo84NT/wwBwMt1vV9DAenvwbW4=,tag:2Q4ID6jsA02AC4vvPmBTPw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -61,8 +62,8 @@ sops:
|
||||||
WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/
|
WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/
|
||||||
nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg==
|
nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-06-10T23:17:10Z"
|
lastmodified: "2022-06-11T00:07:08Z"
|
||||||
mac: ENC[AES256_GCM,data:EgTvO6L9hAcOYQBl5bMmqZeimxEO9uTxKiGKqTBM0nyRU0Fj7zE1ZvuCtwSe0T9RHObBwzd5i1ij1qA4Bd5qDg2fnRs4DoxHPXJxERsD1CrZnE39D//+ppdsdGGaw5rtISlbl2b+4YFDSiYtbgrU73bz/LauUEc71fakBxQzLlI=,iv:imQB792YHWSoJIbxx6ZPiDK2IhwN6DZPrDbnbGA7U/0=,tag:Qtc6K1tQtNcc318Ez9wf9A==,type:str]
|
mac: ENC[AES256_GCM,data:o71aJDP01oX/hzJKjkOkM185wgQ0YSCeYtkjGnGF7OLZ5v7EFIK7iszU4nXP5XdtVydHBXDIWGZPLg2pIzWwlOun3K2sxsy6oGrbgE0rB4+G8SSqO6vi7Lny6+RMI8jYmMEx5hUNOWEc/YWtyBxiQ2iXf7Lcj/Xg2adDDHXUJ4c=,iv:n1D/VapaoLD4qhGhj7xRaqYSkaTizNmNCVYUrfYHyqU=,tag:hZD2iH0YWntEMB9JoMYDXg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in New Issue