pim/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Backup authentik

Browse source
This commit is contained in:
Pim Kunis 2025-05-28 23:39:50 +02:00
parent 7359e37793
commit 017483b17d
2 changed files with 27 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

5
machines/atlas/configuration.nix
View file

@ -23,6 +23,11 @@
deploymentName = "database"; deploymentName = "database";
deploymentNamespace = "nextcloud"; deploymentNamespace = "nextcloud";
}; };
authentik = {
paths = ["/mnt/longhorn/persistent/volumes/authentik-db" "/mnt/longhorn/persistent/volumes/authentik-redis"];
scaleDeployments = false;
};
}; };
deployment = { deployment = {

37
nixos/backups-ng.nix
View file

@ -9,6 +9,10 @@
paths = lib.mkOption { paths = lib.mkOption {
type = with lib.types; listOf str; type = with lib.types; listOf str;
}; };
scaleDeployments = lib.mkOption {
type = lib.types.bool;
default = true;
};
deploymentName = lib.mkOption { deploymentName = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
@ -32,21 +36,7 @@ in {
# TODO: should have some timeout and alerting? # TODO: should have some timeout and alerting?
config = { config = {
services.borgbackup.jobs = services.borgbackup.jobs =
lib.mapAttrs (name: c: { lib.mapAttrs (name: c: let
inherit (c) paths;
repo = "ssh://w553a7cb@w553a7cb.repo.borgbase.com/./repo";
startAt = "*-*-* 00:00:00";
# TODO: low benefit, but we could set borgbase's host keys here as they are published online.
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
postHook = "${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=${toString c.replicaCount}";
archiveBaseName = name;
prune.keep = {
within = "7d";
weekly = 4;
monthly = 6;
};
preHook = '' preHook = ''
${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=0 ${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=0
@ -55,6 +45,23 @@ in {
sleep 2 sleep 2
done done
''; '';
postHook = "${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=${toString c.replicaCount}";
in {
inherit (c) paths;
repo = "ssh://w553a7cb@w553a7cb.repo.borgbase.com/./repo";
startAt = "*-*-* 00:00:00";
# TODO: low benefit, but we could set borgbase's host keys here as they are published online.
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
postHook = lib.mkIf c.scaleDeployments postHook;
archiveBaseName = name;
prune.keep = {
within = "7d";
weekly = 4;
monthly = 6;
};
preHook = lib.mkIf c.scaleDeployments preHook;
encryption = { encryption = {
passCommand = "cat ${config.sops.secrets."borg/borgPassphrase".path}"; passCommand = "cat ${config.sops.secrets."borg/borgPassphrase".path}";