From 1366799fa7c35bdce89a0fa5ce662fd8fdefbe7e Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Wed, 2 Aug 2023 01:30:19 +0900
Subject: feat(systems/cobalt): enable backup

---
 systems/cobalt/default.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'systems/cobalt/default.nix')

diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index 5cb4eb5..fa1cd8b 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -151,6 +151,7 @@ in
     bsd-finger
   ];
 
+  sops.secrets.borg-cobalt-rolling-pass = {};
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.acme-envs = {
     owner = "acme";
@@ -171,6 +172,24 @@ in
   modules = {
     sops.enable = true;
 
+    services.backup = {
+      enable = true;
+
+      paths = [
+        "/persist"
+        "/home"
+      ];
+      exclude = [
+        # Rust build files
+        "/home/**/target"
+      ];
+
+      repo = "20963@hk-s020.rsync.net:rolling/exotic/cobalt";
+      repoKeyPath = config.sops.secrets.borg-cobalt-rolling-pass.path;
+      sshKeyPath = "/persist/ssh/ssh_host_ed25519_key";
+      rsyncNet = true;
+    };
+
     services.metrics = {
       enable = true;
       domain = "status.exotic.sh";
-- 
cgit 1.4.1