feat(nixos/alpha): use borg backup

author: sefidel <contact@sefidel.net> 2023-08-01 21:49:57 +0900
committer: sefidel <contact@sefidel.net> 2023-08-01 22:17:14 +0900
commit: b832ea4f294d378809c28b40b1913424c224530e (patch)
tree: 3e8483fbf95f3a435d57cb6f7bd23eb6363f8e1b /nixos/alpha/configuration.nix
parent: 32ccbc1779e13bec63e75d998f8dc7947fda550c (diff)
download: nixrc-b832ea4f294d378809c28b40b1913424c224530e.tar.gz
nixrc-b832ea4f294d378809c28b40b1913424c224530e.zip
1 files changed, 24 insertions, 0 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix
index 7e685d5..4c12ee9 100644
--- a/nixos/alpha/configuration.nix
+++ b/nixos/alpha/configuration.nix
@@ -105,6 +105,30 @@
     }
   ];
 
+  sops.secrets.borg-alpha-rolling-pass = { };
+  services.borgbackup.jobs.alpha-rolling = {
+    paths = [
+      "/persist"
+      "/home"
+    ];
+
+    exclude = [
+      # Rust build files
+      "**/target"
+    ];
+    repo = "20963@hk-s020.rsync.net:rolling/alpha";
+    encryption.mode = "repokey-blake2";
+    encryption.passCommand = "cat ${config.sops.secrets.borg-alpha-rolling-pass.path}";
+
+    environment.BORG_RSH = "ssh -i /persist/ssh/ssh_host_ed25519_key";
+    # use borg 1.0+ on rsync.net
+    environment.BORG_REMOTE_PATH="/usr/local/bin/borg1/borg1";
+    extraCreateArgs = "--verbose --stats --checkpoint-interval 600";
+    compression = "auto,zstd";
+    startAt = "daily";
+    persistentTimer = true;
+  };
+
   sound.enable = false;
 
   services.pipewire = {
author	sefidel <contact@sefidel.net>	2023-08-01 21:49:57 +0900
committer	sefidel <contact@sefidel.net>	2023-08-01 22:17:14 +0900
commit	b832ea4f294d378809c28b40b1913424c224530e (patch)
tree	3e8483fbf95f3a435d57cb6f7bd23eb6363f8e1b /nixos/alpha/configuration.nix
parent	32ccbc1779e13bec63e75d998f8dc7947fda550c (diff)
download	nixrc-b832ea4f294d378809c28b40b1913424c224530e.tar.gz nixrc-b832ea4f294d378809c28b40b1913424c224530e.zip