Browse Source

Add backup target for Haless

Sven Slootweg 5 months ago
parent
commit
c204dceb7a
1 changed files with 37 additions and 0 deletions
  1. 37 0
      configuration/default.nix

+ 37 - 0
configuration/default.nix

@ -50,10 +50,15 @@ in {
50 50
				createHome = true;
51 51
				home = "/home/backup-f0x";
52 52
			};
53
			backup-haless = {
54
				createHome = true;
55
				home = "/home/backup-haless";
56
			};
53 57
		};
54 58
55 59
		users.extraGroups = {
56 60
			backup-f0x = { members = [ "backup-f0x" ]; };
61
			backup-haless = { members = [ "backup-haless" ]; };
57 62
		};
58 63
59 64
		services.borgbackup.repos = {
@ -71,6 +76,18 @@ in {
71 76
					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeMWPR38zXAbURVTJs+yGDnld5kO7bcgp/70l4wJG0k borg-backup@luna"
72 77
				];
73 78
			};
79
			"haless" = {
80
				allowSubRepos = true;
81
				path = "/home/backup-haless";
82
				user = "backup-haless";
83
				group = "backup-haless";
84
				authorizedKeys = [
85
					"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzV5dI01NhwuL6ayiO0STcSQiDf7lEtu63NuLZKQUdZVuVHIqyt3Gquks2OI1NZGrJdXA315yw89ZqyMo+z7gSGHEV6P0fAXKW6G78JOFWsA5lGpaLxTsZ6Q7r0Z9FMqDvA5Jlsyznyj9hhO1cz01WPLzB92ypd9ifldtrAQIYQItxGXOuRkBJiShuIRqtr4Q2chXiOoRZKb4v4Gyt/UPxTpvfM/zcOz0zi1d4ijSbLqgIUJhxvrWADfdgEQ77unepDoD+HT51QBX7dj8RuYivxLSA3vpfNeCgt2CYBf6FYnmWkWSnN1RCtQPJNxsMuLzC2ZBbIkz0tDgcIBPbHxGr sven@linux-rfa7.site"
86
				];
87
				authorizedKeysAppendOnly = [
88
					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAOpXsDxE7SXeSw/kjgzdwEkNsL9REMabMqYVPM9rem root@machine-haless-03.cryto.net"
89
				];
90
			};
74 91
		};
75 92
	};
76 93
@ -119,6 +136,26 @@ in {
119 136
120 137
		networking.firewall.allowedTCPPorts = [ 80 443 ];
121 138
139
		services.borgbackup.jobs.system = {
140
			paths = "/";
141
			exclude = [
142
				"/nix"
143
				"/boot"
144
				"/sys"
145
				"/run"
146
				"/tmp"
147
				"/dev"
148
				"/proc"
149
			];
150
			repo = "backup-haless@machine-borg2-01.cryto.net:haless-03";
151
			encryption = {
152
				mode = "repokey-blake2";
153
				passphrase = (import ../private/machine-haless-03.cryto.net/borg-passphrase.nix);
154
			};
155
			compression = "auto,zlib";
156
			startAt = "daily";
157
		};
158
122 159
		services.nginx = {
123 160
			enable = true;
124 161
			virtualHosts = {