Setup borg on levitation
This commit is contained in:
parent
6c10597504
commit
b52f0ea460
|
@ -1,20 +1,25 @@
|
|||
{ pkgs, lib, ... }: {
|
||||
{ pkgs, lib, config, ... }: {
|
||||
|
||||
# Define the hostname, enable dhcp
|
||||
###
|
||||
## Define the hostname, enable dhcp
|
||||
###
|
||||
networking = {
|
||||
hostName = "levitation";
|
||||
domain = "mccarty.io";
|
||||
useDHCP = false;
|
||||
interfaces.enp5s0.useDHCP = true;
|
||||
};
|
||||
|
||||
# Enable programs we don't want on every machine
|
||||
###
|
||||
## Enable programs we don't want on every machine
|
||||
###
|
||||
programs = {
|
||||
steam.enable = true;
|
||||
adb.enable = true;
|
||||
};
|
||||
|
||||
# Firewall ports
|
||||
###
|
||||
## Firewall ports
|
||||
###
|
||||
# 61377 - SoulSeek
|
||||
# Enable firewall and pass some ports
|
||||
networking.firewall = {
|
||||
|
@ -23,7 +28,9 @@
|
|||
allowedUDPPorts = [ 61377 ];
|
||||
};
|
||||
|
||||
###
|
||||
## Machine specific home-manager
|
||||
###
|
||||
home-manager.users.nathan = {
|
||||
# Sway outputs
|
||||
wayland.windowManager.sway.config = {
|
||||
|
@ -57,4 +64,55 @@
|
|||
output = "DP-3";
|
||||
};
|
||||
};
|
||||
|
||||
###
|
||||
## Borg Backups
|
||||
###
|
||||
|
||||
# Install borg
|
||||
environment.systemPackages = with pkgs; [
|
||||
borgbackup
|
||||
];
|
||||
# Setup sops
|
||||
sops.secrets."borg-sshKey" = {
|
||||
format = "yaml";
|
||||
sopsFile = ../secrets/borg.yaml;
|
||||
};
|
||||
sops.secrets."borg-levitationPassword" = {
|
||||
format = "yaml";
|
||||
sopsFile = ../secrets/borg.yaml;
|
||||
};
|
||||
# Setup the job
|
||||
services.borgbackup.jobs = {
|
||||
remote_backup = {
|
||||
paths = [
|
||||
"/home"
|
||||
"/var"
|
||||
"/etc"
|
||||
];
|
||||
exclude = [
|
||||
"*/.cache"
|
||||
"*/.tmp"
|
||||
"/home/nathan/Projects/*/target"
|
||||
"/home/nathan/Work/*/target"
|
||||
"/home/nathan/.local/share/Steam"
|
||||
"/home/nathan/Downloads"
|
||||
"/home/nathan/Music"
|
||||
];
|
||||
repo = "de1955@de1955.rsync.net:computers/levitation";
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}";
|
||||
};
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
|
||||
compression = "auto,zstd";
|
||||
startAt = "hourly";
|
||||
prune.keep = {
|
||||
within = "7d"; # Keep all archives for the past week
|
||||
daily = 1; # Keep 1 snapshot a day for 2 weeks
|
||||
weekly = 4; # Keep 1 snapshot a week for 4 weeks
|
||||
monthly = -1; # Keep unlimited monthly backups
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
borg-sshKey: ENC[AES256_GCM,data:rVDwCkDQbeYl8cAu/VlZzcW1XQERFVIhjGBigWZ1n0nSDga9812pJgnaIG6aoRVbuaiOVelSqZa0XJRlNU6yJtrT9sDulWb1nqFudSJ84cnhE3QzrgPzAGZJ60PcAQMI2/dqpb4pHGf0nyNBKf5OGCtOahwN3nqkAuiQkqE/XbGlPylHJ+3Hb+Q/RnmMrL5bhKQ9EvuauHwTczlII5JwkrrtZeuHiTZm1SzokQSTMgt71CUOOmDlKlSxXgHDn2g1C+rc+OHzZraWIFyOI0cMpYdfYOxkJM7Wh0/ByX5Iqlp6nTYAK3IbHr4bUUclw2QPMNtLebIaJzzZP8Hplg4sO1zxEWxG+moZzRT6rfd6FF+5EJ8KalgfTgIHVYVrwsQj3SoL258+IWbahQZI2Er1SixVwZQes46HuPaFn7Ydn+/RfJo33birUJ89H5ge/boEkaUT1cHKcbodxfvJsQJkbRUTzHqpRGIHRW9bF1m94/5D2LaaFmaFoJqondewwy1ZVzZIF0jePRhvF4lFtSmKP4jC1Z0xg2L/JnUo,iv:gHr+vtcY99MgSy9IiMmxy3mlOjcOJ4oN5NS3doNAXwo=,tag:AOaE2qHv5NalE7J/NVXQjw==,type:str]
|
||||
borg-levitationPassword: ENC[AES256_GCM,data:nAtAlhmv6NAE88f81BeroMnMd/lr7ZnUTmLlAMtn4/ML8TuiZjijCJ4LiUSg5FLeWmDEALUN5g/T,iv:2qoF4mw/sbitLmticTsKndcYdV2B+6YjXjKHJr591nk=,tag:ENPk7gm3tmVOSgzfrn7Vag==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1ud80054jwf6ff7xx65ta6g7qxx2flc24r5gyyfjz43kvppjutqyskr2qm2
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajVrQjRjemFTNTdBOTFn
|
||||
bTN4TjVoT0hpd3RvUFRwSkdPZzhzNWJ4dWtVCkFSd2lvSE5BLzlGVmhYb3BFMXM1
|
||||
dlZiOFdCUnZ5UExZMkpqSDFPemRITFkKLS0tIFdLZU96YjNZN1FiRTBpN3R6c0RJ
|
||||
Z3JBZWM3RTdqcG44M0RBYXJDci9MUG8KKzI86Y2gYYyhKHK+H5U3aoJuU2a+RiRz
|
||||
pulu06DWlL6R3e4HUDTpe0m1/RHwYxE8ap+WgVlq7jvG0STZV2a6pg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tsq68swufcjq6qavqpzrtse4474p5gs58v6qp6w7gum49yz45cgsegxhuw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b0M2WkNPRzI3YW15cHYz
|
||||
TUcwUGt0bldSV3REKzF4dkk2anVLTjFCbGdvCnNJbWpONjJXU3dBaG1Za0tQS0Uw
|
||||
engwS0RWRnVCRmdDaGx1UElsNVdZWjQKLS0tIGp2K1BsL0RlaFFzWTdKQmV3NnVa
|
||||
c1ZONlRic2xBUzhTVVZYMWpGRWJ3bncK829TyEoxOAjmbdAJEZpmt+sW66bpVUgY
|
||||
njlFpVrwAjLe49RezMelWbfI+ZIlL5+eKvoMzaG3te9daTxPjRoaVQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12ayrv88xjt4r276fzc9du70x8q0r7xutt85vj627ykf4k8kgms4sc6wywn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQkRtS3lyUG9xK3laNndP
|
||||
V2hOVXMvSmpRKzBqeW43Y01vS2VBRWFQK2xJCk9zQXgzSUFEd1BkcjhicXFpQ3hI
|
||||
KzhYMXlZaFcrcGx0VG05ZEl4eWttY0kKLS0tIE1saUV4WHNKVC9ocHIzV2JTWENs
|
||||
M0FqdDF2TU5JY3RwM2lXZEg4SVlscG8KoPu3vxd5watGkeKBPcwnfY79n27RKtre
|
||||
zZDkeCldJNaIsvX2PPjm3NKUdUjVG1m8m8bQrvq0e4IAWkBwOFjUrA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1r0aszjkyp4zlcw2w2vrk8hmcyvntshr8rew4ehlu5zad4eh6mspsatuczd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTTJ4Mm9rZklxWlcraW5C
|
||||
TUl5UVp1eUxkd0Mxamh5YVpQN0ZxMU83TVRvCmlvMWd0MFc2c3htWllySVRZcWYz
|
||||
UjNLQkUwVG1Kb0tMb1J0ZHpSMnJDU1kKLS0tIHVIR1cxTXRoSUJtRllsYlk5c3FS
|
||||
dzNxQzl0VGVsZExhL05vcWJiSzk2c0kKsU5nsgBcKh8EdrTYco6FvVRkk+8tUVtu
|
||||
gltw8yhYC3TmbdsW185KIDMCxaX8btWmtBKoQk7RiSlHNgcNn+ebbg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QTl5blVHUjZYdGdLY00w
|
||||
aCtYalhVNzFsYlJSZmRPTVpGSmRoSkg5YnhnCmVlbCtka2lUck42MmZIRGkyQ2RC
|
||||
NWQ5OW5Wc1liOWplbGtXbWxDZHlQQUUKLS0tIG1nOEpjcHpaZjRpM3ZEa3hlSDZL
|
||||
K2JPTDBMemdyZU9RU0JzRDZFQ2hLZ1EKJrV5DVDw/zqvZ3fzDPc2xcQjGzFy+2pn
|
||||
Y5yO+fQJC6mrrIQiQG1Jhl6RZNXPgI02f/iJKodDZ33QTc1e9/916w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeUttdmhEalQ4R0EwbXVH
|
||||
azZrMmx0Q1p5K2ZTTXM3RTQzWWZlNUV6cmhRCmppdGExTmU0aGF3Rk9lS3hnOHd4
|
||||
cStBejlrZU42OHJJbEVKblppUUgvdmsKLS0tIGo5YkJGdkdFUGxta3k5aGVGRGRk
|
||||
WmhzcngwekJ1UzJQNzBwNU9Kb3FLNzQKgWC/Pruek+lfMtyj8M1s88l46emKVqV/
|
||||
nO3VxonQywOz1QaNEBODNTwly48MzNREwV1bUZy4DBAeraG4O3fRFg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-10T22:53:54Z"
|
||||
mac: ENC[AES256_GCM,data:ZCTwUX3m4BPjJxMzaTmG1FNFmxJ+rO/5aKe8AB/Fca2Ut5V6GccrpnjVx43ccNSTibDEgdxvUPtAZRLZ0nZXsAFE1tI5KoCk5XxzhCddmG0gkrMDpt2bgnv+eNgwU5fpMNu1+IdwnUf9ut4LaJBtpojDQjM9wWpcVMAJKTfh83Y=,iv:M5SWFxX2anu7yoUd3S3HZ98LfzQrr20CHtX3KR9GI1U=,tag:/BXJkqtLT83AnuA6fZWQVg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in New Issue