Remove old Longhorn and backup code

2025-05-31 19:15:46 +02:00 · 2025-05-31 19:15:46 +02:00 · 74b049e56a
commit 74b049e56a
parent 435bd7592e
5 changed files with 2 additions and 154 deletions
--- a/machines/lewis/configuration.nix
+++ b/machines/lewis/configuration.nix
@ -20,8 +20,6 @@
    pim = {
      k3s.serverAddr = "https://jefke.dmz:6443";
      data-sharing.enable = true;
      backups.enable = true;
      backups.borgBackups = {
        bazarr = {
--- a/nixos/backups.nix
+++ b/nixos/backups.nix
@ -1,93 +0,0 @@
 {
  pkgs,
  lib,
  config,
  ...
 }: let
  cfg = config.pim.backups;
  borgmaticConfig = pkgs.writeTextFile {
    name = "borgmatic-config.yaml";
    text = lib.generators.toYAML {} {
      source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
      repositories = [
        {
          path = cfg.repoLocation;
          label = "nfs";
        }
        {
          path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
          label = "borgbase";
        }
      ];
      ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
      keep_daily = 7;
      keep_weekly = 4;
      keep_monthly = 6;
      encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
    };
  };
 in {
  options.pim.backups = {
    enable = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Whether to enable backups of persistent data on this machine.
      '';
    };
    repoLocation = lib.mkOption {
      default = "/mnt/longhorn/persistent/nfs.borg";
      type = lib.types.str;
      description = ''
        Location of the Borg repository to back up to.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [borgbackup];
    # Converted from:
    # https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
    systemd.services.borgmatic = {
      description = "borgmatic backup";
      wants = ["network-online.target"];
      after = ["network-online.target"];
      unitConfig.ConditionACPower = true;
      preStart = "${pkgs.coreutils}/bin/sleep 10s";
      serviceConfig = {
        Type = "oneshot";
        Nice = 19;
        CPUSchedulingPolicy = "batch";
        IOSchedulingClass = "best-effort";
        IOSchedulingPriority = 7;
        IOWeight = 100;
        Restart = "no";
        LogRateLimitIntervalSec = 0;
        Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
      };
      script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
    };
    systemd.timers.borgmatic = {
      description = "Run borgmatic backup";
      wantedBy = ["timers.target"];
      timerConfig = {
        OnCalendar = "*-*-* 3:00:00";
        Persistent = true;
        RandomizedDelaySec = "1h";
      };
    };
    sops.secrets = {
      "borg/borgPassphrase" = {};
      "borg/borgbasePrivateKey" = {};
    };
  };
 }
--- a/nixos/data-sharing.nix
+++ b/nixos/data-sharing.nix
@ -1,39 +0,0 @@
 {
  lib,
  config,
  ...
 }: let
  cfg = config.pim.data-sharing;
  nfsShares = ["/mnt/longhorn/persistent/longhorn-backup"];
  nfsExports = lib.strings.concatLines (
    builtins.map
    (
      share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
    )
    nfsShares
  );
 in {
  options.pim.data-sharing = {
    enable = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Configure this server to serve our data using NFS.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [
      2049 # NFS
      111 # NFS
      20048 # NFS
    ];
    services.nfs.server = {
      enable = true;
      exports = nfsExports;
    };
  };
 }
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -24,8 +24,6 @@
    ./server.nix
    ./prometheus.nix
    ./kubernetes
    ./data-sharing.nix
    ./backups.nix
    ./backups-ng.nix
  ];
@ -190,7 +188,7 @@
      overlays = [
        inputs.nur.overlays.default
        (_final: _prev: {
-          containerd = inputs.nixpkgs-oldstable.legacyPackages.x86_64-linux.containerd;
+          inherit (inputs.nixpkgs-oldstable.legacyPackages.x86_64-linux) containerd;
          unstable = import inputs.nixpkgs-unstable {
            inherit (pkgs) system;
            config.allowUnfree = true;
--- a/nixos/kubernetes/k3s/default.nix
+++ b/nixos/kubernetes/k3s/default.nix
@ -46,8 +46,6 @@ in {
  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      k3s
      openiscsi # Required for Longhorn
      nfs-utils # Required for Longhorn
    ];
    # TODO!!!!!
@ -121,27 +119,13 @@ in {
        serverFlags = builtins.concatStringsSep " " serverFlagList;
      in {
        enable = true;
-        role = cfg.role;
+        inherit (cfg) role clusterInit;
        tokenFile = config.sops.secrets."k3s/serverToken".path;
        extraFlags = lib.mkIf (cfg.role == "server") (lib.mkForce serverFlags);
        clusterInit = cfg.clusterInit;
        serverAddr = lib.mkIf (! (cfg.serverAddr == null)) cfg.serverAddr;
      };
      # Required for Longhorn
      openiscsi = {
        enable = true;
        name = "iqn.2016-04.com.open-iscsi:${config.networking.fqdn}";
      };
    };
    # HACK: Symlink binaries to /usr/local/bin such that Longhorn can find them
    # when they use nsenter.
    # https://github.com/longhorn/longhorn/issues/2166#issuecomment-1740179416
    systemd.tmpfiles.rules = [
      "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
    ];
    system.activationScripts = {
      k3s-bootstrap = lib.mkIf (cfg.role == "server") {
        text = (