borgbackup: dogfood clan-core
Some checks failed
buildbot/nix-build .#checks.x86_64-linux.package-clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-ensure-tea-login Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-create-pr Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-flake-update Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-flake-update-pr-clan Build done.
buildbot/nix-build .#checks.aarch64-linux.package-renovate Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-core Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-homepage Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-infra Build done.
buildbot/nix-build .#checks.x86_64-linux.package-renovate Build done.
buildbot/nix-build .#checks.x86_64-linux.treefmt Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gitea Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-web01 Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-default Build done.
buildbot/nix-eval Build done.
Some checks failed
buildbot/nix-build .#checks.x86_64-linux.package-clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-ensure-tea-login Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-create-pr Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-flake-update Build done.
buildbot/nix-build .#checks.x86_64-linux.package-action-flake-update-pr-clan Build done.
buildbot/nix-build .#checks.aarch64-linux.package-renovate Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-core Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-homepage Build done.
buildbot/nix-build .#checks.x86_64-linux.package-job-flake-update-clan-infra Build done.
buildbot/nix-build .#checks.x86_64-linux.package-renovate Build done.
buildbot/nix-build .#checks.x86_64-linux.treefmt Build done.
buildbot/nix-build .#checks.x86_64-linux.package-gitea Build done.
buildbot/nix-build .#checks.x86_64-linux.nixos-web01 Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.clan-merge Build done.
buildbot/nix-build .#checks.x86_64-linux.devShell-default Build done.
buildbot/nix-eval Build done.
This commit is contained in:
parent
bd1ee55b06
commit
1c5588a45d
|
@ -1,25 +1,21 @@
|
||||||
{ config, ... }:
|
{ config, self, ... }:
|
||||||
{
|
{
|
||||||
|
imports = [ self.inputs.clan-core.clanModules.borgbackup ];
|
||||||
|
|
||||||
# 100GB storagebox is under the nix-community hetzner account
|
# 100GB storagebox is under the nix-community hetzner account
|
||||||
|
clan.borgbackup.destinations.${config.networking.hostName} = {
|
||||||
systemd.services.borgbackup-job-clan-lol.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
|
repo = "u366395@u366395.your-storagebox.de:/./borgbackup";
|
||||||
|
rsh = "ssh -oPort=23 -i ${config.clanCore.facts.services.borgbackup.secret."borgbackup.ssh".path}";
|
||||||
# Run this from the hetzner network:
|
|
||||||
# ssh-keyscan -p 23 u359378.your-storagebox.de
|
|
||||||
programs.ssh.knownHosts = {
|
|
||||||
storagebox-ecdsa.hostNames = [ "[u359378.your-storagebox.de]:23" ];
|
|
||||||
storagebox-ecdsa.publicKey = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw==";
|
|
||||||
|
|
||||||
storagebox-rsa.hostNames = [ "[u359378.your-storagebox.de]:23" ];
|
|
||||||
storagebox-rsa.publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.borgbackup.jobs.clan-lol = {
|
clanCore.state.system.folders = [
|
||||||
paths = [
|
"/home"
|
||||||
"/home"
|
"/etc"
|
||||||
"/var"
|
"/var"
|
||||||
"/root"
|
"/root"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.borgbackup.jobs.${config.networking.hostName} = {
|
||||||
exclude = [
|
exclude = [
|
||||||
"*.pyc"
|
"*.pyc"
|
||||||
"/home/*/.direnv"
|
"/home/*/.direnv"
|
||||||
|
@ -40,32 +36,20 @@
|
||||||
"/var/tmp"
|
"/var/tmp"
|
||||||
"/var/log"
|
"/var/log"
|
||||||
];
|
];
|
||||||
# $ ssh-keygen -y -f /run/secrets/hetzner-borgbackup-ssh > /tmp/hetzner-borgbackup-ssh.pub
|
|
||||||
# $ cat /tmp/hetzner-borgbackup-ssh.pub | ssh -p23 u366395@u366395.your-storagebox.de install-ssh-key
|
|
||||||
repo = "u366395@u366395.your-storagebox.de:/./borgbackup";
|
|
||||||
|
|
||||||
# Disaster recovery:
|
# Disaster recovery:
|
||||||
# get the backup passphrase and ssh key from the sops and store them in /tmp
|
# get the backup passphrase and ssh key from the sops and store them in /tmp
|
||||||
# $ export BORG_PASSCOMMAND='cat /tmp/hetzner-borgbackup-passphrase'
|
# $ export BORG_PASSCOMMAND='cat /tmp/hetzner-borgbackup-passphrase'
|
||||||
# $ export BORG_REPO='u359378@u359378.your-storagebox.de:/./borgbackup'
|
# $ export BORG_REPO='u359378@u359378.your-storagebox.de:/./borgbackup'
|
||||||
# $ export BORG_RSH='ssh -oPort=23 -i /tmp/hetzner-borgbackup-ssh'
|
# $ export BORG_RSH='ssh -oPort=23 -i /tmp/hetzner-borgbackup-ssh'
|
||||||
# $ borg list
|
# $ borg list
|
||||||
# web01-clan-lol-2023-07-21T14:12:22 Fri, 2023-07-21 14:12:27 [539b1037669ffd0d3f50020f439bbe2881b7234910e405eafc333125383351bc]
|
# web01-clan-lol-2023-07-21T14:12:22 Fri, 2023-07-21 14:12:27 [539b1037669ffd0d3f50020f439bbe2881b7234910e405eafc333125383351bc]
|
||||||
# $ borg mount u359378@u359378.your-storagebox.de:/./borgbackup::web01-clan-lol-2023-07-21T14:12:22 /tmp/backup
|
# $ borg mount u359378@u359378.your-storagebox.de:/./borgbackup::web01-clan-lol-2023-07-21T14:12:22 /tmp/backup
|
||||||
doInit = true;
|
|
||||||
encryption = {
|
|
||||||
mode = "repokey-blake2";
|
|
||||||
# $ nix run nixpkgs#xkcdpass -- -d '-' -n 3 -C capitalize "$@"
|
|
||||||
passCommand = "cat ${config.sops.secrets.hetzner-borgbackup-passphrase.path}";
|
|
||||||
};
|
|
||||||
compression = "auto,zstd";
|
|
||||||
startAt = "daily";
|
|
||||||
|
|
||||||
# Also enable ssh support in the storagebox web interface.
|
# Also enable ssh support in the storagebox web interface.
|
||||||
# By default the storage box is only accessible from the hetzner network.
|
# By default the storage box is only accessible from the hetzner network.
|
||||||
# $ ssh-keygen -t ed25519 -N "" -f /tmp/ssh_host_ed25519_key
|
# $ clan facts generate
|
||||||
# $ cat /tmp/ssh_host_ed25519_key.pub | ssh -p23 u359378@u359378.your-storagebox.de install-ssh-key
|
# $ clan facts list web01 | jq .borgbackup.ssh.pub | ssh -p23 u359378@u359378.your-storagebox.de install-ssh-key
|
||||||
environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
|
|
||||||
preHook = ''
|
preHook = ''
|
||||||
set -x
|
set -x
|
||||||
'';
|
'';
|
||||||
|
@ -75,12 +59,17 @@
|
||||||
task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
|
task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
|
||||||
EOF
|
EOF
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
prune.keep = {
|
systemd.services."borgbackup-job-${config.networking.hostName}".serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
|
||||||
within = "1d"; # Keep all archives from the last day
|
|
||||||
daily = 7;
|
# Run this from the hetzner network:
|
||||||
weekly = 4;
|
# ssh-keyscan -p 23 u359378.your-storagebox.de
|
||||||
monthly = 0;
|
programs.ssh.knownHosts = {
|
||||||
};
|
storagebox-ecdsa.hostNames = [ "[u359378.your-storagebox.de]:23" ];
|
||||||
|
storagebox-ecdsa.publicKey = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw==";
|
||||||
|
|
||||||
|
storagebox-rsa.hostNames = [ "[u359378.your-storagebox.de]:23" ];
|
||||||
|
storagebox-rsa.publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user