clan-infra/modules/web01/borgbackup.nix

65 lines
1.7 KiB
Nix
Raw Normal View History

2023-07-19 12:40:08 +00:00
{ config, ... }: {
# 100GB storagebox is under the nix-community hetzner account
# $ nix run nixpkgs#xkcdpass -- -d '-' -n 3 -C capitalize "$@"
sops.secrets.hetzner-borgbackup-ssh = { };
# $ ssh-keygen -t ed25519 -N "" -f /tmp/ssh_host_ed25519_key
sops.secrets.hetzner-borgbackup-passphrase = { };
systemd.services.borgbackup-job-nixpkgs-update.serviceConfig.ReadWritePaths = [
"/var/log/telegraf"
];
services.borgbackup.jobs.clan-lol = {
paths = [
"/home"
"/var"
"/root"
];
exclude = [
"*.pyc"
"/home/*/.direnv"
"/home/*/.cache"
"/home/*/.cargo"
"/home/*/.npm"
"/home/*/.m2"
"/home/*/.gradle"
"/home/*/.opam"
"/home/*/.clangd"
"/var/lib/containerd"
# already included in database backup
"/var/lib/postgresql"
# not so important
"/var/lib/docker/"
"/var/log/journal"
"/var/cache"
"/var/tmp"
"/var/log"
];
repo = "u359378@u359378.your-storagebox.de:/./borgbackup";
encryption = {
mode = "repokey";
passCommand = "cat ${config.sops.secrets.hetzner-borgbackup-passphrase.path}";
};
compression = "auto,zstd";
startAt = "daily";
environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
preHook = ''
set -x
'';
postHook = ''
cat > /var/log/telegraf/borgbackup-clan-lol <<EOF
task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
EOF
'';
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = 0;
};
};
}