feat(systems/cobalt): enable backup

author: sefidel <contact@sefidel.net> 2023-08-02 01:30:19 +0900
committer: sefidel <contact@sefidel.net> 2023-08-02 02:02:03 +0900
commit: 1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e (patch)
tree: 80c4ce0c4f6338bf1c4aaa5be011838644ef17e0 /systems/cobalt/default.nix
parent: 7e98f50950d4296d9d662b53135af882f5c24ed0 (diff)
download: infra-1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e.tar.gz
infra-1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index 5cb4eb5..fa1cd8b 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -151,6 +151,7 @@ in
     bsd-finger
   ];
 
+  sops.secrets.borg-cobalt-rolling-pass = {};
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.acme-envs = {
     owner = "acme";
@@ -171,6 +172,24 @@ in
   modules = {
     sops.enable = true;
 
+    services.backup = {
+      enable = true;
+
+      paths = [
+        "/persist"
+        "/home"
+      ];
+      exclude = [
+        # Rust build files
+        "/home/**/target"
+      ];
+
+      repo = "20963@hk-s020.rsync.net:rolling/exotic/cobalt";
+      repoKeyPath = config.sops.secrets.borg-cobalt-rolling-pass.path;
+      sshKeyPath = "/persist/ssh/ssh_host_ed25519_key";
+      rsyncNet = true;
+    };
+
     services.metrics = {
       enable = true;
       domain = "status.exotic.sh";
author	sefidel <contact@sefidel.net>	2023-08-02 01:30:19 +0900
committer	sefidel <contact@sefidel.net>	2023-08-02 02:02:03 +0900
commit	1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e (patch)
tree	80c4ce0c4f6338bf1c4aaa5be011838644ef17e0 /systems/cobalt/default.nix
parent	7e98f50950d4296d9d662b53135af882f5c24ed0 (diff)
download	infra-1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e.tar.gz infra-1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e.zip