copy nb configuration and modules

2023-07-12 16:13:10 +02:00
parent 1af70a3095
commit 127eab91d5
114 changed files with 9070 additions and 0 deletions
--- a/utils/modules/borgbackup.nix
+++ b/utils/modules/borgbackup.nix
@@ -0,0 +1,87 @@
+{ pkgs, config, lib, ... }:
+
+let
+  repo = config.borgbackup.repo;
+  #repo = config.borgrepo;
+  #repo = "u149513-sub3@u149513-sub3.your-backup.de:borg";
+  borgMount = pkgs.writeShellScriptBin "borg-mount" ''
+    export BORG_PASSCOMMAND='cat ${config.sops.secrets.borg-passphrase.path}'
+    borg mount --rsh "ssh -p23 -i ${config.sops.secrets.borg-ssh-key.path}" ${repo}::$1 $2
+  '';
+  borgList = pkgs.writeShellScriptBin "borg-list" ''
+    export BORG_PASSCOMMAND='cat ${config.sops.secrets.borg-passphrase.path}'
+    borg --rsh "ssh -p23 -i ${config.sops.secrets.borg-ssh-key.path}" list ${repo}
+  '';
+
+  borgBackup = pkgs.writeShellScriptBin "borg-backup" ''
+    systemctl restart borgbackup-job-default.service
+  '';
+
+  borgRestore = pkgs.writeShellScriptBin "borg-restore" ''
+    cd /
+    export BORG_PASSCOMMAND='cat ${config.sops.secrets.borg-passphrase.path}'
+    borg --rsh "ssh -p23 -i ${config.sops.secrets.borg-ssh-key.path}" list ${repo}
+    borg extract --list --rsh "ssh -p23 -i ${config.sops.secrets.borg-ssh-key.path}" ${repo}::$1
+  '';
+in {
+  options = with lib; with types; {
+    borgbackup = mkOption {
+      description = "Options for borg module";
+      type = submodule {
+        options.repo = mkOption {
+          type = types.str;
+          description = "borg repo";
+        };
+      };
+    };
+  };
+
+  
+
+  config = {
+    sops.secrets.borg-passphrase = {};
+    sops.secrets.borg-ssh-key = {};
+
+    environment.systemPackages = [
+      borgMount
+      borgList
+      borgBackup
+      borgRestore
+    ];
+
+    services.borgbackup.jobs.default = {
+      paths = [
+        "/home"
+        "/var"
+        "/root"
+      ];
+      exclude = [
+        "/var/lib/containerd"
+        # already included in database backup
+        "/var/lib/mysql"
+        "/var/lib/postgresql"
+        "/var/lib/docker/"
+        "/var/log"
+        "/var/cache"
+        "/var/tmp"
+        "/var/log"
+      ];
+      environment.BORG_RSH = "ssh -p23 -i ${config.sops.secrets.borg-ssh-key.path}";
+      repo = repo;
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat ${config.sops.secrets.borg-passphrase.path}";
+      };
+      compression = "auto,zstd";
+      startAt = "*-*-* 03:00:00";
+
+      prune.keep = {
+        within = "1d"; # Keep all archives from the last day
+        daily = 7;
+        weekly = 4;
+        monthly = 6;
+      };
+    };
+  };
+
+}