pim/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Migrate Lewis to this repo

Browse source
This commit is contained in:
Pim Kunis 2024-12-01 16:30:28 +01:00
parent 9d96798518
commit 52a4563192
13 changed files with 5873 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

94
nixos/backups.nix Normal file
View file

@ -0,0 +1,94 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.backups;
borgmaticConfig = pkgs.writeTextFile {
name = "borgmatic-config.yaml";
text = lib.generators.toYAML {} {
source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
repositories = [
{
path = cfg.repoLocation;
label = "nfs";
}
{
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
label = "borgbase";
}
];
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 12;
keep_yearly = -1;
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
};
};
in {
options.pim.backups = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to enable backups of persistent data on this machine.
'';
};
repoLocation = lib.mkOption {
default = "/mnt/longhorn/persistent/nfs.borg";
type = lib.types.str;
description = ''
Location of the Borg repository to back up to.
'';
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [borgbackup];
# Converted from:
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
systemd.services.borgmatic = {
description = "borgmatic backup";
wants = ["network-online.target"];
after = ["network-online.target"];
unitConfig.ConditionACPower = true;
preStart = "${pkgs.coreutils}/bin/sleep 10s";
serviceConfig = {
Type = "oneshot";
Nice = 19;
CPUSchedulingPolicy = "batch";
IOSchedulingClass = "best-effort";
IOSchedulingPriority = 7;
IOWeight = 100;
Restart = "no";
LogRateLimitIntervalSec = 0;
Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
};
script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
};
systemd.timers.borgmatic = {
description = "Run borgmatic backup";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 3:00:00";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
sops.secrets = {
"borg/borgPassphrase" = {};
"borg/borgbasePrivateKey" = {};
};
};
}

47
nixos/data-sharing.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
config,
...
}: let
cfg = config.pim.data-sharing;
nfsShares = [
"/mnt/longhorn/persistent/media"
"/mnt/longhorn/persistent/media/books"
"/mnt/longhorn/persistent/media/movies"
"/mnt/longhorn/persistent/media/music"
"/mnt/longhorn/persistent/media/shows"
"/mnt/longhorn/persistent/longhorn-backup"
];
nfsExports = lib.strings.concatLines (
builtins.map
(
share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
)
nfsShares
);
in {
options.pim.data-sharing = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Configure this server to serve our data using NFS.
'';
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
2049 # NFS
111 # NFS
20048 # NFS
];
services.nfs.server = {
enable = true;
exports = nfsExports;
};
};
}

2
nixos/default.nix
View file

@ -25,6 +25,8 @@
./server.nix
./prometheus.nix
./kubernetes
./data-sharing.nix
./backups.nix
];
options = {