cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

implement backup module and use on ytnix

Browse source
This commit is contained in:
cy 2024-12-30 21:54:25 -05:00
parent 71ced36b83
commit f23cc43287
5 changed files with 129 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -102,6 +102,7 @@
} }
./hosts/ytnix ./hosts/ytnix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules
]; ];
}; };
@ -113,6 +114,7 @@
} }
./hosts/chunk ./hosts/chunk
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules
]; ];
}; };
@ -125,6 +127,7 @@
./hosts/titan ./hosts/titan
disko.nixosModules.disko disko.nixosModules.disko
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules
]; ];
}; };
}; };

6
hosts/chunk/borg.nix
View file

@ -48,11 +48,11 @@
# warnings are often not that serious # warnings are often not that serious
failOnWarnings = false; failOnWarnings = false;
postHook = '' postHook = ''
${pkgs.curl}/bin/curl -u $(cat ${ ${pkgs.curl}/bin/curl -O /dev/null -u $(cat ${
config.sops.secrets."services/ntfy".path config.sops.secrets."services/ntfy".path
}) -d "chunk: backup completed with exit code: $exitStatus }) -d "chunk: backup completed with exit code: $exitStatus
$(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \ $(journalctl --output-fields=MESSAGE -o cat -qu borgbackup-job-crashRsync.service |tail -n 10)
https://ntfy.cything.io/chunk " https://ntfy.cything.io/ytnix
''; '';
prune.keep = { prune.keep = {

58
hosts/ytnix/default.nix
View file

@ -188,66 +188,20 @@
programs.sway.enable = true; programs.sway.enable = true;
services.borgbackup.jobs.ytnixRsync = { my.backup= {
# systemd.timer(5) enable = true;
persistentTimer = true; jobName = "ytnixRsync";
paths = [
"/root"
"/home"
"/var/lib"
"/opt"
"/etc"
];
exclude = [ exclude = [
"**/.cache"
"**/node_modules"
"**/cache"
"**/Cache"
"/var/lib/docker"
"/var/lib/private/ollama" "/var/lib/private/ollama"
"/var/lib/libvirt"
"/var/lib/systemd"
"/home/**/Downloads" "/home/**/Downloads"
"**/.rustup"
"**/.cargo"
"**/.docker"
"**/borg"
"/home/yt/fun" "/home/yt/fun"
"/home/yt/.local/share/Steam" "/home/yt/.local/share/Steam"
"**/.wine" "**/.wine"
"/home/yt/Games" "/home/yt/Games"
]; ];
repo = "de3911@de3911.rsync.net:borg/yt"; repo = "yt";
encryption = { passFile = config.sops.secrets."borg/rsyncnet".path;
mode = "repokey-blake2"; sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path;
passCommand = ''cat ${config.sops.secrets."borg/rsyncnet".path}'';
};
environment = {
BORG_RSH = ''ssh -i ${config.sops.secrets."rsyncnet/id_ed25519".path}'';
BORG_REMOTE_PATH = "borg1";
BORG_EXIT_CODES = "modern";
};
compression = "auto,zstd,8";
startAt = "hourly";
extraCreateArgs = [
"--stats"
"-x"
];
# warnings are often not that serious
failOnWarnings = false;
postHook = ''
${pkgs.curl}/bin/curl -u $(cat ${
config.sops.secrets."services/ntfy".path
}) -d "ytnixRsync: backup completed with exit code: $exitStatus
$(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
https://ntfy.cything.io/chunk
'';
prune.keep = {
within = "2d";
daily = 365;
};
extraPruneArgs = [ "--stats" ];
}; };
services.btrbk.instances.local = { services.btrbk.instances.local = {

112
modules/backup.nix Normal file
View file

@ -0,0 +1,112 @@
{ config, lib, pkgs, ... }: let
cfg = config.my.backup;
hostname = config.networking.hostName;
defaultPaths = [
"/root"
"/home"
"/var/lib"
"/opt"
"/etc"
"/var/backup"
];
defaultExclude = [
"**/.cache"
"**/node_modules"
"**/cache"
"**/Cache"
"/var/lib/docker"
"/var/lib/systemd"
"/var/lib/libvirt"
"**/.rustup"
"**/.cargo"
"**/.docker"
"**/borg"
];
in {
options.my.backup = {
enable = lib.mkEnableOption "backup";
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "Paths to backup. Appended to the list of defaultPaths";
};
exclude = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "Paths to exclude. Appended to the list of defaultExclude";
};
repo = lib.mkOption {
type = lib.types.str;
description = "Borg repository to backup to. This is appended to `de3911@de3911.rsync.net:borg/`.";
};
startAt = lib.mkOption {
type = lib.types.str;
default = "hourly";
description = "see systemd.timer(5)";
};
jobName = lib.mkOption {
type = lib.types.str;
description = "Name of the job to run as. Archives created are prefixed with hostName-jobName";
};
passFile = lib.mkOption {
type = lib.types.str;
description = "Path to the file containing the encryption passphrase";
};
sshKeyFile = lib.mkOption {
type = lib.types.str;
description = "Path to the file containg the SSH identity key";
};
};
config = lib.mkIf cfg.enable {
programs.ssh.knownHostsFiles = [
(pkgs.writeText "rsyncnet-keys" ''
de3911.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo
'')
]; # needs to be a list
services.borgbackup.jobs.${cfg.jobName} = {
inherit (cfg) startAt;
# systemd.timer(5)
persistentTimer = true;
paths = defaultPaths ++ cfg.paths;
exclude = defaultExclude ++ cfg.exclude;
repo = "de3911@de3911.rsync.net:borg/" + cfg.repo;
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${cfg.passFile}";
};
environment = {
BORG_RSH = "ssh -i ${cfg.sshKeyFile}";
BORG_REMOTE_PATH = "borg1";
BORG_EXIT_CODES = "modern";
};
compression = "auto,zstd,8";
extraCreateArgs = [
"--stats"
"-x"
];
# warnings are often not that serious
failOnWarnings = false;
postHook = ''
invocationId=$(systemctl show -p InvocationID --value borgbackup-job-${cfg.jobName}.service)
title="${hostname}: backup completed with exit code: $exitStatus"
msg=$(journalctl -o cat _SYSTEMD_INVOCATION_ID=$invocationId)
${pkgs.curl}/bin/curl -sL -u $(cat ${
config.sops.secrets."services/ntfy".path
}) \
-H "Title: $title" \
-d "$msg" \
https://ntfy.cything.io/backups > /dev/null
'';
prune.keep = {
within = "2d";
daily = 365;
};
extraPruneArgs = [ "--stats" ];
};
};
}

5
modules/default.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
imports = [
./backup.nix
];
}