home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Keep a yearly Borg archive and for the past 12 months

Browse source 
Adjust backup timings
Convert borgmatic config from Nix
This commit is contained in:
Pim Kunis 2024-05-25 14:26:59 +02:00
parent afa0bd023e
commit 0fe9bf287f
4 changed files with 57 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
configuration.nix
View file

@ -79,6 +79,7 @@
rsync
fio
libva-utils
jq
];
boot = lib.mkIf (! machine.isRaspberryPi) {

12
kubenix-modules/custom/longhorn-volume.nix
View file

@ -23,6 +23,8 @@ in
spec = {
accessModes = [ "ReadWriteOnce" ];
capacity.storage = longhornVolume.storage;
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
claimRef = {
inherit name;
@ -32,24 +34,22 @@ in
csi = {
driver = "driver.longhorn.io";
fsType = "ext4";
volumeHandle = name;
volumeAttributes = {
dataLocality = "disabled";
fromBackup = "";
fsType = "ext4";
numberOfReplicas = "2";
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
name = "backup-nfs";
isGroup = false;
}];
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
};
volumeHandle = name;
};
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
};
})
config.lab.longhornVolumes;

86
nixos-modules/backups.nix
View file

@ -10,41 +10,55 @@ let
'';
borgmaticConfig = pkgs.writeTextFile {
name = "borgmatic-config";
text = ''
source_directories:
- ${cfg.snapshotLocation}
repositories:
- path: ${cfg.repoLocation}
label: nfs
- path: ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo
label: borgbase
exclude_patterns:
- ${cfg.snapshotLocation}/media
ssh_command: "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."borgbase.pem".path} -o StrictHostKeychecking=no"
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
encryption_passcommand: "${pkgs.coreutils}/bin/cat ''${BORG_PASSPHRASE_FILE}"
before_everything:
- ${beforeEverything}/bin/beforeEverything
postgresql_databases:
- name: nextcloud
hostname: lewis.dmz
username: nextcloud
password: ''${NEXTCLOUD_DATABASE_PASSWORD}
format: tar
- name: hedgedoc
hostname: lewis.dmz
username: hedgedoc
password: ''${HEDGEDOC_DATABASE_PASSWORD}
format: tar
- name: paperless
hostname: lewis.dmz
username: paperless
password: ''${PAPERLESS_DATABASE_PASSWORD}
format: tar
'';
name = "borgmatic-config.yaml";
text = lib.generators.toYAML { } {
source_directories = [ cfg.snapshotLocation ];
repositories = [
{
path = cfg.repoLocation;
label = "nfs";
}
{
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
label = "borgbase";
}
];
exclude_patterns = [ "${cfg.snapshotLocation}/media" ];
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."borgbase.pem".path} -o StrictHostKeychecking=no";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 12;
keep_yearly = -1;
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg_passphrase".path}";
before_everything = [ "${beforeEverything}/bin/beforeEverything" ];
postgresql_databases = [
{
name = "nextcloud";
hostname = "lewis.dmz";
username = "nextcloud";
password = "\${NEXTCLOUD_DATABASE_PASSWORD}";
format = "tar";
}
{
name = "hedgedoc";
hostname = "lewis.dmz";
username = "hedgedoc";
password = "\${HEDGEDOC_DATABASE_PASSWORD}";
format = "tar";
}
{
name = "paperless";
hostname = "lewis.dmz";
username = "paperless";
password = "\${PAPERLESS_DATABASE_PASSWORD}";
format = "tar";
}
];
};
};
in
{
@ -116,7 +130,7 @@ in
timerConfig = {
OnCalendar = "*-*-* 3:00:00";
Persistent = true;
RandomizedDelaySec = "3h";
RandomizedDelaySec = "1h";
};
};

1
nixos-modules/k3s/default.nix
View file

@ -41,7 +41,6 @@ in {
k3s
openiscsi # Required for Longhorn
nfs-utils # Required for Longhorn
jq # Required for Longhorn
];
networking = {