Add backup target for Haless

configuration/default.nix

@@ -50,10 +50,15 @@ in {
 				createHome = true;
 				home = "/home/backup-f0x";
 			};
+			backup-haless = {
+				createHome = true;
+				home = "/home/backup-haless";
+			};
 		};
 
 		users.extraGroups = {
 			backup-f0x = { members = [ "backup-f0x" ]; };
+			backup-haless = { members = [ "backup-haless" ]; };
 		};
 
 		services.borgbackup.repos = {
@@ -71,6 +76,18 @@ in {
 					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeMWPR38zXAbURVTJs+yGDnld5kO7bcgp/70l4wJG0k borg-backup@luna"
 				];
 			};
+			"haless" = {
+				allowSubRepos = true;
+				path = "/home/backup-haless";
+				user = "backup-haless";
+				group = "backup-haless";
+				authorizedKeys = [
+					"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzV5dI01NhwuL6ayiO0STcSQiDf7lEtu63NuLZKQUdZVuVHIqyt3Gquks2OI1NZGrJdXA315yw89ZqyMo+z7gSGHEV6P0fAXKW6G78JOFWsA5lGpaLxTsZ6Q7r0Z9FMqDvA5Jlsyznyj9hhO1cz01WPLzB92ypd9ifldtrAQIYQItxGXOuRkBJiShuIRqtr4Q2chXiOoRZKb4v4Gyt/UPxTpvfM/zcOz0zi1d4ijSbLqgIUJhxvrWADfdgEQ77unepDoD+HT51QBX7dj8RuYivxLSA3vpfNeCgt2CYBf6FYnmWkWSnN1RCtQPJNxsMuLzC2ZBbIkz0tDgcIBPbHxGr sven@linux-rfa7.site"
+				];
+				authorizedKeysAppendOnly = [
+					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAOpXsDxE7SXeSw/kjgzdwEkNsL9REMabMqYVPM9rem root@machine-haless-03.cryto.net"
+				];
+			};
 		};
 	};
 
@@ -119,6 +136,26 @@ in {
 
 		networking.firewall.allowedTCPPorts = [ 80 443 ];
 
+		services.borgbackup.jobs.system = {
+			paths = "/";
+			exclude = [
+				"/nix"
+				"/boot"
+				"/sys"
+				"/run"
+				"/tmp"
+				"/dev"
+				"/proc"
+			];
+			repo = "backup-haless@machine-borg2-01.cryto.net:haless-03";
+			encryption = {
+				mode = "repokey-blake2";
+				passphrase = (import ../private/machine-haless-03.cryto.net/borg-passphrase.nix);
+			};
+			compression = "auto,zlib";
+			startAt = "daily";
+		};
+
 		services.nginx = {
 			enable = true;
 			virtualHosts = {