backups #47
|
@ -80,7 +80,7 @@
|
||||||
|
|
||||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
|
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
|
||||||
|
|
||||||
deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations {
|
deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations {
|
||||||
nachtigall = {
|
nachtigall = {
|
||||||
sshUser = username;
|
sshUser = username;
|
||||||
};
|
};
|
||||||
|
|
|
@ -107,4 +107,25 @@
|
||||||
environment.variables = {
|
environment.variables = {
|
||||||
GPG_TTY = "$(tty)";
|
GPG_TTY = "$(tty)";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.restic.backups.forgejo = {
|
||||||
|
paths = [
|
||||||
|
"/var/lib/forgejo"
|
||||||
|
"/tmp/forgejo-backup.sql"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||||
|
# droppie will be offline if nachtigall misses the timer
|
||||||
|
Persistent = false;
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
|
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
||||||
|
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql
|
||||||
|
'';
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm /tmp/forgejo-backup.sql
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,4 +46,24 @@
|
||||||
"pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
|
"pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.restic.backups.keycloak = {
|
||||||
|
paths = [
|
||||||
|
"/tmp/keycloak-backup.sql"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||||
|
# droppie will be offline if nachtigall misses the timer
|
||||||
|
Persistent = false;
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
|
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
||||||
|
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql
|
||||||
|
'';
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm /tmp/keycloak-backup.sql
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -79,4 +79,21 @@
|
||||||
# "allauth.socialaccount.providers.gitlab"
|
# "allauth.socialaccount.providers.gitlab"
|
||||||
# ])
|
# ])
|
||||||
#'';
|
#'';
|
||||||
|
|
||||||
|
services.restic.backups.mailman = {
|
||||||
|
paths = [
|
||||||
|
"/var/lib/mailman"
|
||||||
|
"/var/lib/mailman-web/mailman-web.db"
|
||||||
|
"/var/lib/mailman-web/settings_local.json"
|
||||||
|
"/var/lib/postfix/conf/aliases.db"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||||
|
# droppie will be offline if nachtigall misses the timer
|
||||||
|
Persistent = false;
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
|
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
||||||
|
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -93,4 +93,24 @@
|
||||||
OMNIAUTH_ONLY = "true";
|
OMNIAUTH_ONLY = "true";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.restic.backups.mastodon = {
|
||||||
|
paths = [
|
||||||
|
"/tmp/mastodon-backup.sql"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||||
|
# droppie will be offline if nachtigall misses the timer
|
||||||
|
Persistent = false;
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
b12f marked this conversation as resolved
Outdated
|
|||||||
|
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
||||||
|
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql
|
||||||
|
'';
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm /tmp/mastodon-backup.sql
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -130,4 +130,25 @@
|
||||||
autoUpdateApps.enable = true;
|
autoUpdateApps.enable = true;
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.restic.backups.nextcloud = {
|
||||||
|
paths = [
|
||||||
|
"/var/lib/nextcloud/data"
|
||||||
|
"/tmp/nextcloud-backup.sql"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||||
|
# droppie will be offline if nachtigall misses the timer
|
||||||
|
Persistent = false;
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
|
passwordFile = config.age.secrets."restic-repo-droppie".path;
|
||||||
|
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql
|
||||||
|
'';
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm /tmp/nextcloud-backup.sql
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
7
hosts/nachtigall/backups.nix
Normal file
7
hosts/nachtigall/backups.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ flake, ... }: {
|
||||||
|
age.secrets."restic-repo-droppie" = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,5 +1,9 @@
|
||||||
{ config, pkgs, flake, ... }:
|
|
||||||
{
|
{
|
||||||
|
flake,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
# Use GRUB2 as the boot loader.
|
# Use GRUB2 as the boot loader.
|
||||||
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
||||||
boot.loader.systemd-boot.enable = false;
|
boot.loader.systemd-boot.enable = false;
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
|
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
./backups.nix
|
||||||
./apps/nginx.nix
|
./apps/nginx.nix
|
||||||
|
|
||||||
./apps/collabora.nix
|
./apps/collabora.nix
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ self, lib, inputs, ... }: {
|
{ self, lib, inputs, ... }: {
|
||||||
# Configuration common to all Linux systems
|
# Configuration common to all Linux systems
|
||||||
flake = {
|
flake = {
|
||||||
pub-solar.lib = let
|
lib = let
|
||||||
callLibs = file: import file {inherit lib;};
|
callLibs = file: import file {inherit lib;};
|
||||||
in rec {
|
in rec {
|
||||||
## Define your own library functions here!
|
## Define your own library functions here!
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
|
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
|
||||||
path = "/root/.ssh/id_ed25519";
|
path = "/root/.ssh/id_ed25519";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
owner = root;
|
owner = "root";
|
||||||
};
|
};
|
||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
27
secrets/restic-repo-droppie.age
Normal file
27
secrets/restic-repo-droppie.age
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg T5uxRdAUm+mxC5VdLsJcvA7BolM8l0cofI8V6fEUEBE
|
||||||
|
dCpeg4SheN/krKGe72jHNbdul3Lvy/AwG3dq4pY/AkM
|
||||||
|
-> ssh-ed25519 uYcDNw PGHCygBqKuORMouxi/JHzzRPeM2ON+YMOYV9E1vX+Vo
|
||||||
|
F7yp4gLrEEj4BCYwsDl2LPCCRUtbDfZ/AzAAhah4+dA
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
lQLfw3v75CzhrS7WyHPwU+Cm+vwrlCg7hhfKGb7J67elxh21GG/6qaZfRwWL11zc
|
||||||
|
P6G3Gt//92qBwrRuWN+G7fuhThTuEsHsqqpA8JOnNIgwfk8rNN2kTj8XbkIE7Uq8
|
||||||
|
R5ZQplV7QTtWZ0CGBl4lu4d6cf3zdFZJw6VaDoqNmC6WjwEGw4T6maZqlEmtsEra
|
||||||
|
i1LYssPXAFbeYxa1wsD/B9pI05WrGbgpBuEpybb+9v3O+u57bLAFAC1NCsj0OKNz
|
||||||
|
+7HJe5jaC5yntOjitrIrG7hIemOR5oPn5rX4+gyhEOzGud4IyMmMRKw8+1lsSqEJ
|
||||||
|
88BLgtO1LZ+K7XA4T4uhMNzJNlibo8uhPZVcpuOHAM2mb77kyOEEnGBTewT17Wyg
|
||||||
|
pJUIigTd8RHQmhQoyRM/EwbX15fSHmjrqwppCpQmTCNDdj+BhdfjaE8nRSJzBWDa
|
||||||
|
1C4tzxEoCAwCdowdS5Dh8Ho73JCbZr0GGpZgEoKhZJtPW/is9LCYKUIn/RQCfWvS
|
||||||
|
J9rQIGBJt3e0zNz2l+/cab0Z7z5nrfN8WJUYRWe/LJ4w2UbhTp8Qo9c5kKmP0qJg
|
||||||
|
cej2+H/v3o1KNdXdumUgmL9XeKTJeFQ1XIAbNzWa2eziLAigeg1fPraPpxLm6vfm
|
||||||
|
JBOB7xuATiOegs1KxnZh3GI6tO9GRaN1GOGMj6Vw/yc
|
||||||
|
-> ssh-ed25519 YFSOsg fO1nyrzWiiDBKUsi5WVZs6gj0oj8AnCDgzT45RuTaEI
|
||||||
|
zLBD5W/Ab8afsUGjBk2DHGYnwYca11FWRubaHPQqu0w
|
||||||
|
-> ssh-ed25519 iHV63A LEq9h44BkYmAt3ABHka7EdfZVQ7VGbU81SApWQ4O0TA
|
||||||
|
kqOs+WIAQKQdCEyDSHF0+1TU6W0d9Nk5uMzpw1X9tE8
|
||||||
|
-> ssh-ed25519 BVsyTA 15QuQEzMBnFLOQ1VXYc/bhXPClbNY27WUxVi/PKdrg4
|
||||||
|
k5J8BnC0ltep+Unjvc9rbsTAERAAwHVBx3Le1Uw3i7k
|
||||||
|
-> fz6"|e\K-grease ~A 1vo}k)X ;M<?)N(
|
||||||
|
Vk3qpd1xFZX7MJ9C7gYW
|
||||||
|
--- 7AC9JN+pNedtCrkbAxsME8f/pDqsGJf9a6hA5YvILhU
|
||||||
|
ËeÉ#&›ZÁ‘8áäÞ çgNȺœ9è·ìEùÄhItDq&§j0–6nðË1Ç‘F/&Â6(óH|B<>¥ù^Y}Œ;8š·fHaVc_¢Ä~^_ÛÇ؆m9sŽ-
|
|
@ -43,4 +43,6 @@ in {
|
||||||
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue
gitea
->mastodon