Setup borg on levitation
This commit is contained in:
parent
6c10597504
commit
b52f0ea460
|
@ -1,20 +1,25 @@
|
||||||
{ pkgs, lib, ... }: {
|
{ pkgs, lib, config, ... }: {
|
||||||
|
|
||||||
# Define the hostname, enable dhcp
|
###
|
||||||
|
## Define the hostname, enable dhcp
|
||||||
|
###
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "levitation";
|
hostName = "levitation";
|
||||||
domain = "mccarty.io";
|
domain = "mccarty.io";
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.enp5s0.useDHCP = true;
|
interfaces.enp5s0.useDHCP = true;
|
||||||
};
|
};
|
||||||
|
###
|
||||||
# Enable programs we don't want on every machine
|
## Enable programs we don't want on every machine
|
||||||
|
###
|
||||||
programs = {
|
programs = {
|
||||||
steam.enable = true;
|
steam.enable = true;
|
||||||
adb.enable = true;
|
adb.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall ports
|
###
|
||||||
|
## Firewall ports
|
||||||
|
###
|
||||||
# 61377 - SoulSeek
|
# 61377 - SoulSeek
|
||||||
# Enable firewall and pass some ports
|
# Enable firewall and pass some ports
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
|
@ -23,7 +28,9 @@
|
||||||
allowedUDPPorts = [ 61377 ];
|
allowedUDPPorts = [ 61377 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
###
|
||||||
## Machine specific home-manager
|
## Machine specific home-manager
|
||||||
|
###
|
||||||
home-manager.users.nathan = {
|
home-manager.users.nathan = {
|
||||||
# Sway outputs
|
# Sway outputs
|
||||||
wayland.windowManager.sway.config = {
|
wayland.windowManager.sway.config = {
|
||||||
|
@ -57,4 +64,55 @@
|
||||||
output = "DP-3";
|
output = "DP-3";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
###
|
||||||
|
## Borg Backups
|
||||||
|
###
|
||||||
|
|
||||||
|
# Install borg
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
borgbackup
|
||||||
|
];
|
||||||
|
# Setup sops
|
||||||
|
sops.secrets."borg-sshKey" = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../secrets/borg.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."borg-levitationPassword" = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../secrets/borg.yaml;
|
||||||
|
};
|
||||||
|
# Setup the job
|
||||||
|
services.borgbackup.jobs = {
|
||||||
|
remote_backup = {
|
||||||
|
paths = [
|
||||||
|
"/home"
|
||||||
|
"/var"
|
||||||
|
"/etc"
|
||||||
|
];
|
||||||
|
exclude = [
|
||||||
|
"*/.cache"
|
||||||
|
"*/.tmp"
|
||||||
|
"/home/nathan/Projects/*/target"
|
||||||
|
"/home/nathan/Work/*/target"
|
||||||
|
"/home/nathan/.local/share/Steam"
|
||||||
|
"/home/nathan/Downloads"
|
||||||
|
"/home/nathan/Music"
|
||||||
|
];
|
||||||
|
repo = "de1955@de1955.rsync.net:computers/levitation";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}";
|
||||||
|
};
|
||||||
|
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
|
||||||
|
compression = "auto,zstd";
|
||||||
|
startAt = "hourly";
|
||||||
|
prune.keep = {
|
||||||
|
within = "7d"; # Keep all archives for the past week
|
||||||
|
daily = 1; # Keep 1 snapshot a day for 2 weeks
|
||||||
|
weekly = 4; # Keep 1 snapshot a week for 4 weeks
|
||||||
|
monthly = -1; # Keep unlimited monthly backups
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,67 @@
|
||||||
|
borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str]
|
||||||
|
borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajVrQjRjemFTNTdBOTFn
|
||||||
|
bTN4TjVoT0hpd3RvUFRwSkdPZzhzNWJ4dWtVCkFSd2lvSE5BLzlGVmhYb3BFMXM1
|
||||||
|
dlZiOFdCUnZ5UExZMkpqSDFPemRITFkKLS0tIFdLZU96YjNZN1FiRTBpN3R6c0RJ
|
||||||
|
Z3JBZWM3RTdqcG44M0RBYXJDci9MUG8KKzI86Y2gYYyhKHK+H5U3aoJuU2a+RiRz
|
||||||
|
pulu06DWlL6R3e4HUDTpe0m1/RHwYxE8ap+WgVlq7jvG0STZV2a6pg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b0M2WkNPRzI3YW15cHYz
|
||||||
|
TUcwUGt0bldSV3REKzF4dkk2anVLTjFCbGdvCnNJbWpONjJXU3dBaG1Za0tQS0Uw
|
||||||
|
engwS0RWRnVCRmdDaGx1UElsNVdZWjQKLS0tIGp2K1BsL0RlaFFzWTdKQmV3NnVa
|
||||||
|
c1ZONlRic2xBUzhTVVZYMWpGRWJ3bncK829TyEoxOAjmbdAJEZpmt+sW66bpVUgY
|
||||||
|
njlFpVrwAjLe49RezMelWbfI+ZIlL5+eKvoMzaG3te9daTxPjRoaVQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQkRtS3lyUG9xK3laNndP
|
||||||
|
V2hOVXMvSmpRKzBqeW43Y01vS2VBRWFQK2xJCk9zQXgzSUFEd1BkcjhicXFpQ3hI
|
||||||
|
KzhYMXlZaFcrcGx0VG05ZEl4eWttY0kKLS0tIE1saUV4WHNKVC9ocHIzV2JTWENs
|
||||||
|
M0FqdDF2TU5JY3RwM2lXZEg4SVlscG8KoPu3vxd5watGkeKBPcwnfY79n27RKtre
|
||||||
|
zZDkeCldJNaIsvX2PPjm3NKUdUjVG1m8m8bQrvq0e4IAWkBwOFjUrA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTTJ4Mm9rZklxWlcraW5C
|
||||||
|
TUl5UVp1eUxkd0Mxamh5YVpQN0ZxMU83TVRvCmlvMWd0MFc2c3htWllySVRZcWYz
|
||||||
|
UjNLQkUwVG1Kb0tMb1J0ZHpSMnJDU1kKLS0tIHVIR1cxTXRoSUJtRllsYlk5c3FS
|
||||||
|
dzNxQzl0VGVsZExhL05vcWJiSzk2c0kKsU5nsgBcKh8EdrTYco6FvVRkk+8tUVtu
|
||||||
|
gltw8yhYC3TmbdsW185KIDMCxaX8btWmtBKoQk7RiSlHNgcNn+ebbg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QTl5blVHUjZYdGdLY00w
|
||||||
|
aCtYalhVNzFsYlJSZmRPTVpGSmRoSkg5YnhnCmVlbCtka2lUck42MmZIRGkyQ2RC
|
||||||
|
NWQ5OW5Wc1liOWplbGtXbWxDZHlQQUUKLS0tIG1nOEpjcHpaZjRpM3ZEa3hlSDZL
|
||||||
|
K2JPTDBMemdyZU9RU0JzRDZFQ2hLZ1EKJrV5DVDw/zqvZ3fzDPc2xcQjGzFy+2pn
|
||||||
|
Y5yO+fQJC6mrrIQiQG1Jhl6RZNXPgI02f/iJKodDZ33QTc1e9/916w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeUttdmhEalQ4R0EwbXVH
|
||||||
|
azZrMmx0Q1p5K2ZTTXM3RTQzWWZlNUV6cmhRCmppdGExTmU0aGF3Rk9lS3hnOHd4
|
||||||
|
cStBejlrZU42OHJJbEVKblppUUgvdmsKLS0tIGo5YkJGdkdFUGxta3k5aGVGRGRk
|
||||||
|
WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/
|
||||||
|
nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2022-06-10T22:53:54Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ZCTwUX3m4BPjJxMzaTmG1FNFmxJ+rO/5aKe8AB/Fca2Ut5V6GccrpnjVx43ccNSTibDEgdxvUPtAZRLZ0nZXsAFE1tI5KoCk5XxzhCddmG0gkrMDpt2bgnv+eNgwU5fpMNu1+IdwnUf9ut4LaJBtpojDQjM9wWpcVMAJKTfh83Y=,iv:M5SWFxX2anu7yoUd3S3HZ98LfzQrr20CHtX3KR9GI1U=,tag:/BXJkqtLT83AnuA6fZWQVg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in New Issue