Compare commits
No commits in common. "c056d9c35ea32e49ff9365aa879e19df954d4ba1" and "fb8ee1278aa116153e53f0e26470754f5d06e4bc" have entirely different histories.
c056d9c35e
...
fb8ee1278a
|
@ -1,4 +1,4 @@
|
||||||
{ config, flake, ... }:
|
{ flake, ... }:
|
||||||
{
|
{
|
||||||
age.secrets."restic-repo-droppie" = {
|
age.secrets."restic-repo-droppie" = {
|
||||||
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||||
|
@ -10,25 +10,4 @@
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = "root";
|
owner = "root";
|
||||||
};
|
};
|
||||||
age.secrets.restic-repo-garage-nachtigall = {
|
|
||||||
file = "${flake.self}/secrets/restic-repo-garage-nachtigall.age";
|
|
||||||
mode = "400";
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
age.secrets.restic-repo-garage-nachtigall-env = {
|
|
||||||
file = "${flake.self}/secrets/restic-repo-garage-nachtigall-env.age";
|
|
||||||
mode = "400";
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
pub-solar-os.backups.repos.storagebox = {
|
|
||||||
passwordFile = config.age.secrets."restic-repo-storagebox".path;
|
|
||||||
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
|
|
||||||
};
|
|
||||||
|
|
||||||
pub-solar-os.backups.repos.garage = {
|
|
||||||
passwordFile = config.age.secrets."restic-repo-garage-nachtigall".path;
|
|
||||||
environmentFile = config.age.secrets."restic-repo-garage-nachtigall-env".path;
|
|
||||||
repository = "s3:https://buckets.pub.solar/nachtigall-backups";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -59,6 +59,11 @@
|
||||||
database-password-file = config.age.secrets.keycloak-database-password.path;
|
database-password-file = config.age.secrets.keycloak-database-password.path;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
pub-solar-os.backups.repos.storagebox = {
|
||||||
|
passwordFile = config.age.secrets."restic-repo-storagebox".path;
|
||||||
|
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.postgresql = {
|
systemd.services.postgresql = {
|
||||||
after = [ "var-lib-postgresql.mount" ];
|
after = [ "var-lib-postgresql.mount" ];
|
||||||
requisite = [ "var-lib-postgresql.mount" ];
|
requisite = [ "var-lib-postgresql.mount" ];
|
||||||
|
|
|
@ -39,15 +39,6 @@ in
|
||||||
example = "/etc/nixos/restic-password";
|
example = "/etc/nixos/restic-password";
|
||||||
};
|
};
|
||||||
|
|
||||||
environmentFile = mkOption {
|
|
||||||
type = with types; nullOr str;
|
|
||||||
default = null;
|
|
||||||
description = ''
|
|
||||||
Read repository secrets as environment variables from a file.
|
|
||||||
'';
|
|
||||||
example = "/etc/nixos/restic-env";
|
|
||||||
};
|
|
||||||
|
|
||||||
repository = mkOption {
|
repository = mkOption {
|
||||||
type = with types; nullOr str;
|
type = with types; nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -66,12 +57,11 @@ in
|
||||||
remotebackup = {
|
remotebackup = {
|
||||||
repository = "sftp:backup@host:/backups/home";
|
repository = "sftp:backup@host:/backups/home";
|
||||||
passwordFile = "/etc/nixos/secrets/restic-password";
|
passwordFile = "/etc/nixos/secrets/restic-password";
|
||||||
environmentFile = "/etc/nixos/secrets/restic-env";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
restic = mkOption {
|
backups = mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
Periodic backups to create with Restic.
|
Periodic backups to create with Restic.
|
||||||
'';
|
'';
|
||||||
|
@ -184,7 +174,7 @@ in
|
||||||
|
|
||||||
runCheck = mkOption {
|
runCheck = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = (builtins.length config.pub-solar-os.backups.restic.${name}.checkOpts > 0);
|
default = (builtins.length config.pub-solar-os.backups.backups.${name}.checkOpts > 0);
|
||||||
defaultText = literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0'';
|
defaultText = literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0'';
|
||||||
description = "Whether to run the `check` command with the provided `checkOpts` options.";
|
description = "Whether to run the `check` command with the provided `checkOpts` options.";
|
||||||
example = true;
|
example = true;
|
||||||
|
@ -266,17 +256,17 @@ in
|
||||||
services.restic.backups =
|
services.restic.backups =
|
||||||
let
|
let
|
||||||
repos = config.pub-solar-os.backups.repos;
|
repos = config.pub-solar-os.backups.repos;
|
||||||
restic = config.pub-solar-os.backups.restic;
|
backups = config.pub-solar-os.backups.backups;
|
||||||
|
|
||||||
repoNames = builtins.attrNames repos;
|
storeNames = builtins.attrNames repos;
|
||||||
backupNames = builtins.attrNames restic;
|
backupNames = builtins.attrNames backups;
|
||||||
|
|
||||||
createBackups =
|
createBackups =
|
||||||
backupName:
|
backupName:
|
||||||
map (repoName: {
|
map (storeName: {
|
||||||
name = "${backupName}-${repoName}";
|
name = "${backupName}-${storeName}";
|
||||||
value = repos."${repoName}" // restic."${backupName}";
|
value = repos."${storeName}" // backups."${backupName}";
|
||||||
}) repoNames;
|
}) storeNames;
|
||||||
|
|
||||||
in
|
in
|
||||||
builtins.listToAttrs (lib.lists.flatten (map createBackups backupNames));
|
builtins.listToAttrs (lib.lists.flatten (map createBackups backupNames));
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
pub-solar-os.backups.restic.keycloak = {
|
pub-solar-os.backups.backups.keycloak = {
|
||||||
paths = [ "/tmp/keycloak-backup.sql" ];
|
paths = [ "/tmp/keycloak-backup.sql" ];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "*-*-* 03:00:00 Etc/UTC";
|
OnCalendar = "*-*-* 03:00:00 Etc/UTC";
|
||||||
|
|
|
@ -232,27 +232,4 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
pub-solar-os.backups.restic.mediawiki = {
|
|
||||||
paths = [
|
|
||||||
"/var/lib/mediawiki/images"
|
|
||||||
"/var/lib/mediawiki/uploads"
|
|
||||||
"/tmp/mediawiki-backup.sql"
|
|
||||||
];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "*-*-* 00:30:00 Etc/UTC";
|
|
||||||
};
|
|
||||||
initialize = true;
|
|
||||||
backupPrepareCommand = ''
|
|
||||||
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mediawiki > /tmp/mediawiki-backup.sql
|
|
||||||
'';
|
|
||||||
backupCleanupCommand = ''
|
|
||||||
rm /tmp/mediawiki-backup.sql
|
|
||||||
'';
|
|
||||||
pruneOpts = [
|
|
||||||
"--keep-daily 7"
|
|
||||||
"--keep-weekly 4"
|
|
||||||
"--keep-monthly 3"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
|
@ -1,43 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 iDKjwg yk6WgkJbk16Yqc/aWojwDePfNZN3XgaiacpZqufw1hc
|
|
||||||
qx3x0zCUB6l7qPS9R9xGO41s6ESGsNd/ixglY4gYDtY
|
|
||||||
-> ssh-ed25519 uYcDNw nDZXlykiDEZIA+Srg6imZFRLAzhykR3PDVrfWb693Sg
|
|
||||||
MBJrrXbtLzBozetgfZaE52o1ixsrPK6Ojdp8sXhI3dc
|
|
||||||
-> ssh-rsa f5THog
|
|
||||||
WngnjCboeUafoR5NOg/+NFeW/ILxonIrcl7iUQLXoObcFWtmgzEebcogo3kqnkdk
|
|
||||||
cj7NnqQ/sFiHdPCBr+VyiWcP4BJHJeWF/w+Ht9SYP5+WlHUkC2IPxlcMzJFyy2ro
|
|
||||||
9PDq8FaPX5ZqarOfBW+U1pQsegxG9wkfoSzoF8NVL0jU5mwubPc+1s0ycbjMcGzP
|
|
||||||
CSCpWY0OqqRbCXj8gVBNOOoELVhgbNCO0oRWh6Iafqjrx/rO4MNAdZmUF9DiTZML
|
|
||||||
8QQjBFR7G8/+4ehGHn/9PF/0yVVsnPaJTEo3juS/By+NVcCihwP3b0SgQkjtp73+
|
|
||||||
2QZL4XImwR0bBLDla86IjvZWH7GkLzR8iAw75FZ/FGIxZ/XgwRcUqtcI8m105KAD
|
|
||||||
iX1v7ai0LUYko4RPSqdDItEdGjK31Dl4bCdaLakO+aZdtc+60c7hx8uEoTp7JY9W
|
|
||||||
Qmyv4rt5bVUUAeH0IyR72vTDpTtXSkbp0vypk6Zq+yhYjbe0wmakAPCF4WbIV9gQ
|
|
||||||
YIoSyicQ3NYxfrQGcQvmct2dNXXZcCr8BW704/J5w7ngw44FiZDUIC2y562sHD84
|
|
||||||
9rFO0obVGERJa55+MnZB4UYMqU3eWs+mkxHgWotx5yEtO0wMpTP9IFk92scJeV8h
|
|
||||||
bdr6fq1p6gtFlSNlA7P8A0go1SWs+qIoO/PEPyznoss
|
|
||||||
-> ssh-rsa kFDS0A
|
|
||||||
RM1VIV11yDWaG7KDnXbVt+Qo9kIC5kPO1JwpROuxbTH8tDGbu7bC2mJ6qsZo1R5x
|
|
||||||
ewtmDVwv+Gogs2drjQeQgdZH3qN0cMt34micbW2lvBW4NmvAGKEQ+dkkUgIWIhy9
|
|
||||||
dNuFBCHAGqfw7FDqvX1Mm3e50CsbIVqpurBXe882seMjm/nSVzGgjOOQVaQKmNSg
|
|
||||||
04s0gsLzN1f98kQtKuNPlG8Fun9y1bKLzWpBT2iriQInkhcWSwYqg1M0yM7U01j3
|
|
||||||
Kcxn4LJmgB9qNkloEKNpHCze5fgIGyOf+MsG4VN90CvwpNxy/EHrEyncXDxSxiCt
|
|
||||||
A81PVHCZfC7fQTR+hF2s1xGcW9mmtRpPPSEUrGY84cW2k8m4E5A9J7MJZ7FOKe6C
|
|
||||||
OY3LoU5KCV292ujHqYs1c7JSJRqVq4IMCupsNL6afzB/Fe+cV6GX7bXh1ZUl9HT7
|
|
||||||
B6j1QH2xA9OGz+6VDrB+B6cdnxp02zRZpuS19uPTJqpIg4Sgc4vvw7YFQfz8AfUD
|
|
||||||
/SafkBpVKznEHl1/gO7bOMa1nTkNBicUp6d2Z/zNtJ75NJPb3qYc4aVsaEuyMPts
|
|
||||||
ieMR/iieeiDOMPhedtibfCWZ+0YrtyIrkkUsPK5yG76VbJgMjSRyEP+bXTedih/b
|
|
||||||
bTkE78BoV5DmNxGEAva2BJpMKtn3Or8dCgSudoSlI14
|
|
||||||
-> piv-p256 vRzPNw Al8mhhyZ/0YFf7OSKeGm3LZhowpCdcITOhtjmky7Ygnq
|
|
||||||
CxFNUst8+6e6Cra/j7Pa2lZs3lHGLCOWRInb1VZTr2M
|
|
||||||
-> piv-p256 zqq/iw A+r/W9OhuPjuGXRuhp1vW45k/QzCFO6VLfp1W6l7RJVU
|
|
||||||
GxunFSBPJnzd5t5Ar42vr06tyJkJvZhljlGkHVZOFOQ
|
|
||||||
-> ssh-ed25519 YFSOsg e7udSQwtwKETHB0Re59fb1DdiBBPLDbV/JHmUUI4GSU
|
|
||||||
054wi1iKJm8lnWDjONCk+h2vea0setKqdCpXHuJaecI
|
|
||||||
-> ssh-ed25519 iHV63A S2sle86zYVPjtCozODRjqtTs6a5GksTpJHkmO/WYzHU
|
|
||||||
7h5kS8Hc3BiyhiWerEa9xPX6o+D/bxoJLK1fXFq1jWc
|
|
||||||
-> ssh-ed25519 BVsyTA 7meQJdKDB4JLKsYmBPgDBUnWhil1fKnoijm+uzHDemY
|
|
||||||
1bxklkYv5KYab9fXjMtz/w5QTUYMlZFTQG/khBftlWo
|
|
||||||
-> ssh-ed25519 +3V2lQ n1bF6+o/16zx7dEt/Um1gL30mARiuPaE6z3N+qjFZx4
|
|
||||||
7ZjmhkuJDYXLcMoUEA0wosWcWZ1T1oR45kVhFyQwN1E
|
|
||||||
--- TbpcaLv/1jF23nynpaw1XjSKsO2t9hAxovPQHKhXAoQ
|
|
||||||
P‰^¢f«E~¢÷ß6ÿO[Ö-cf]–øÄ9eÓ6Ñû‘4Eÿl2=sÿßW‡…O¿QFCzcõbÖTšÎÉÿ;[a
|
|
|
@ -54,8 +54,6 @@ in
|
||||||
|
|
||||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"restic-repo-garage-nachtigall.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
||||||
"restic-repo-garage-nachtigall-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
||||||
|
|
||||||
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
|
Loading…
Reference in a new issue