dp/nixcfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Add backups for bigding

Browse Source
This commit is contained in:
Daniel Patterson
2023-07-05 14:03:50 +01:00
parent 9dfac1e83f
commit acbe732614
7 changed files with 96 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
modules/backups/bigding/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
pkgs,
config,
...
}: {
age.secrets = {
bigding_backup_s3_creds.file = ../../../secrets/bigding_backup_s3_creds.age;
bigding_backup_repo_password.file = ../../../secrets/bigding_backup_repo_password.age;
};
services.restic.backups = {
"system" = {
initialize = true;
passwordFile = config.age.secrets.bigding_backup_repo_password.path;
timerConfig = {
OnCalendar = "02:00";
};
repository = "s3:s3.eu-central-003.backblazeb2.com/bigding-backup";
s3CredentialsFile = config.age.secrets.bigding_backup_s3_creds.path;
paths = [
"/etc/group"
"/etc/machine-id"
"/etc/NetworkManager/system-connections"
"/etc/passwd"
"/etc/subgid"
"/home"
"/root"
"/var/lib/prometheus2"
"/var/lib/jellyfin"
"/var/lib/fail2ban"
"/var/lib/matrix-synapse"
"/var/lib/golink"
"/var/lib/tailscale"
"/var/lib/caddy"
"/var/backup"
];
backupPrepareCommand = ''
${pkgs.postgresql_13}/bin/pg_dumpall --clean -U postgres | ${pkgs.zstd}/bin/zstd --rsyncable > /var/backup/pgdump.sql.zst
'';
};
};
}

1
modules/default.nix
View File

@@ -1,6 +1,7 @@
{ {
bigding = { bigding = {
imports = [ imports = [
./backups/bigding
./caddy ./caddy
./dungflix ./dungflix
./fail2ban ./fail2ban

8
modules/gitea/default.nix
View File

@@ -9,6 +9,13 @@
database = { database = {
type = "sqlite3"; type = "sqlite3";
}; };
dump = {
enable = true;
type = "tar.zst";
file = "gitea.zip";
backupDir = "/var/backup";
interval = "01:30";
};
settings = { settings = {
server = { server = {
ROOT_URL = "https://git.broccoli.town/"; ROOT_URL = "https://git.broccoli.town/";
@@ -21,6 +28,7 @@
repository = { repository = {
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
}; };
};
}; };
}; };
} }

3
modules/synapse/default.nix
View File

@@ -16,6 +16,9 @@ in {
}; };
} }
]; ];
authentication = ''
local all all trust
'';
ensureDatabases = [ ensureDatabases = [
"synapse" "synapse"
]; ];

18
secrets/bigding_backup_repo_password.age Normal file
View File

@@ -0,0 +1,18 @@
age-encryption.org/v1
-> ssh-ed25519 eYYv1Q p2lKm8m7/Kqkcv2OAa1QJ30SmpMRcPE2JIVVMMAapyI
rxFk8qX5U2tFVMOnC5bwPbkn67DbZ+rrx4577/2YN3o
-> ssh-ed25519 Bp5IaA B4MihkBHyFOLAoTCrma189xstle91PIP1llXfcXw/xA
EtOgYylN6wGcOzeXGd+t4rMAtwuzAJPsXU2EorBGKMw
-> ssh-ed25519 T/DpgA B7QEsjY0SXgZLD9Tlzy1JcZXVLX6OOnXosgTOtsisRw
yzanbQl1c1gBXToGO3trFiAYjj4XJPg/X2U5RdxRXrU
-> ssh-ed25519 qMgRFg WsKoCC0piMrxNzlcYRFDqpSDOULXCSY9ymBhHjfwyj0
f4+/oTEqO2Fx8/O1rKy+1aGw2uatIJNpZFCwz8f9WAw
-> ssh-ed25519 dMZXNw 1jYYtlUP/8no2KjB5No9aIPQwm1u+6ySv+tYdIn0W2I
mvDqK645jo7zPjRLuhCyy9nz7GAK+LVa/6Er5yfuPKQ
-> ssh-ed25519 70Nt2Q ux4w1776iy3VxBmjGQKA+3Y14FJ8ByGhaGpezPMdrlk
iWTL1amQzDBzKRM4mKY2wOgdDwi1OhwNAY7raSesFx8
-> \7].}^Ee-grease lKlBD]z~ @ pzb#Y
KUqMwST0vaSIY314aYy2zXzCHzMOzbJT4v3yQltQ1UgmmgfFgbYUKTBfqKICcfFx
Y3zNnJGXadK8fP2z8phy
--- +s2dxNBUCXWaM/gHSDOnaOTDnC0IXTdz79lIdmuDE68
&<26>d<EFBFBD>>ϼ*\ZA<5A><41><EFBFBD><EFBFBD>1=<3D><><EFBFBD><EFBFBD><EFBFBD>w<>?Y<><16>n

19
secrets/bigding_backup_s3_creds.age Normal file
View File

@@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 eYYv1Q wDo9ZqcS199Yro1WHDNgJdMdHkxtBqOWdE63fPe8RTI
akdPFIdAnv+nz9Zbm4PWv3tsC2/2yn4RB9Mv7Wm+nlY
-> ssh-ed25519 Bp5IaA +KlqTrICIkPaFx4OsOz3x0av0uIoeDkA0UWV7UkkfG4
lIk4Nb7e/xzj3z22IrUZluqWrrLklKg/dqx2XXOMHjQ
-> ssh-ed25519 T/DpgA 9AsUq5oLyqgknwgE307UGu7qCGA+Pkk5oLofw5+WbBM
GFVIAOIaLyRWx4s/ayCktgJzlVtIQ42wrGLkc+A36Cw
-> ssh-ed25519 qMgRFg 85vDW4bZKq94dcvCYT+ICAu6M9MkTd7AhXwWzKCBQTc
2fks5tUlKzbDNQHUUeCIbPq/q/Yxv1OdNhdSzaxsmHA
-> ssh-ed25519 dMZXNw J7LL3rnlitOYWy/YB/UYqC7Hcwo+c7bk5jFcloOz8U0
xAlzpaRrdHHUUipCnepdaipybG+K/plPgwpk2vh9MLs
-> ssh-ed25519 70Nt2Q UpCw1D3qQliTTTjn2CjEbaQi8oYvqFTQsHu4Bip7fj4
dnGDTeIIg8chPyWwqRxyvW6xcdveLDkQEhQvPofO96I
-> z2Nh'{-grease O ;_a
TP3riu9VIpcrd34vsqK2DIhGb2sG+554+hwfSww
--- qm5o64795oKWg6cl/HrcdFOW6n1l8FEJDPZW76Yyl94
2w<EFBFBD><EFBFBD>F<EFBFBD><EFBFBD>OLacL<EFBFBD>i<EFBFBD><EFBFBD>P<03>N<EFBFBD>YNg
6g&<26><>&#<23>: 1,<2C>X<EFBFBD><58><EFBFBD>)<29><>H<EFBFBD>%<12><><EFBFBD>8<><38>s<><73><EFBFBD>w<EFBFBD>U<EFBFBD>fW<66><57>DMA<0E>!Uk<1C><>h<03><><EFBFBD><EFBFBD>ܔ<EFBFBD><11>p<EFBFBD><03>G;p<0F><>BB<42>3<EFBFBD>1<EFBFBD>n<EFBFBD>̪<EFBFBD>p<EFBFBD>V<EFBFBD>.q<>
x#pX

2
secrets/secrets.nix
View File

@@ -24,4 +24,6 @@ in {
"dungflix_crypt_remote_pass.age".publicKeys = users ++ [system2 system4]; "dungflix_crypt_remote_pass.age".publicKeys = users ++ [system2 system4];
"age_identity.age".publicKeys = users ++ [system1 system3]; "age_identity.age".publicKeys = users ++ [system1 system3];
"minisign_private_key.age".publicKeys = users ++ [system1 system3]; "minisign_private_key.age".publicKeys = users ++ [system1 system3];
"bigding_backup_s3_creds.age".publicKeys = users ++ [system4];
"bigding_backup_repo_password.age".publicKeys = users ++ [system4];
} }