diff options
| author | sefidel <contact@sefidel.net> | 2023-08-01 21:49:57 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2023-08-01 22:17:14 +0900 |
| commit | b832ea4f294d378809c28b40b1913424c224530e (patch) | |
| tree | 3e8483fbf95f3a435d57cb6f7bd23eb6363f8e1b /nixos/alpha | |
| parent | 32ccbc1779e13bec63e75d998f8dc7947fda550c (diff) | |
| download | nixrc-b832ea4f294d378809c28b40b1913424c224530e.zip | |
feat(nixos/alpha): use borg backup
Diffstat (limited to 'nixos/alpha')
| -rw-r--r-- | nixos/alpha/configuration.nix | 24 | ||||
| -rw-r--r-- | nixos/alpha/secrets/secrets.yaml | 5 |
2 files changed, 27 insertions, 2 deletions
diff --git a/nixos/alpha/configuration.nix b/nixos/alpha/configuration.nix index 7e685d5..4c12ee9 100644 --- a/nixos/alpha/configuration.nix +++ b/nixos/alpha/configuration.nix @@ -105,6 +105,30 @@ } ]; + sops.secrets.borg-alpha-rolling-pass = { }; + services.borgbackup.jobs.alpha-rolling = { + paths = [ + "/persist" + "/home" + ]; + + exclude = [ + # Rust build files + "**/target" + ]; + repo = "20963@hk-s020.rsync.net:rolling/alpha"; + encryption.mode = "repokey-blake2"; + encryption.passCommand = "cat ${config.sops.secrets.borg-alpha-rolling-pass.path}"; + + environment.BORG_RSH = "ssh -i /persist/ssh/ssh_host_ed25519_key"; + # use borg 1.0+ on rsync.net + environment.BORG_REMOTE_PATH="/usr/local/bin/borg1/borg1"; + extraCreateArgs = "--verbose --stats --checkpoint-interval 600"; + compression = "auto,zstd"; + startAt = "daily"; + persistentTimer = true; + }; + sound.enable = false; services.pipewire = { diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml index 020c060..ed9ea5f 100644 --- a/nixos/alpha/secrets/secrets.yaml +++ b/nixos/alpha/secrets/secrets.yaml @@ -1,5 +1,6 @@ root-password: ENC[AES256_GCM,data:4EgEuEEL2BGj1wDRdK16WY72xKjwAqqWBZzKMn84WdkjRpGaTV+3BGgGhPimdUCl0LkdD74EzyW+ABAJ9TLp1Wt8b5ZFT3l89A==,iv:7iHixJi85lOQJU8svPEYe122K1jOyJVJovqgReJn428=,tag:BLTaHH7FSDTfVewW17kMBQ==,type:str] sefidel-password: ENC[AES256_GCM,data:RAlIJ31NPPvD5Pz4k1ren1fVdMWI86z9OFSAj7I4wCSeEBU4TZJ/EvJQr0cAyX6i8oIzSoJ8S6VvKmIdqZe5A+s1a4FU63/3UzgrDRKx1zUHTctrDRA7YNYxl9EDxAD0nOAd4kLArVRtTA==,iv:g6YgymUNjZ/dPZKrPesNalAuhXLbmhGZGbjlmlBg+VQ=,tag:e+hHJX1/+f5ye4EAZEkeCw==,type:str] +borg-alpha-rolling-pass: ENC[AES256_GCM,data:SNp7BINlzQ1oCAmdTBk3WThuhTlA/SB9SE5z,iv:N1E2dXteBwM9sWsC353B17cNrXLkiMSNbcrUv4tshfg=,tag:g7I32tsVf5eKB+t/4aDRSw==,type:str] sops: kms: [] gcp_kms: [] @@ -24,8 +25,8 @@ sops: Qkt1Y2RIWmcwMW91VTVxeEVrUDR4MHcKNzDtHEEa8McCXgADwXRNNnwllOB+MZvR oDMuo1zZnKT0DzTxumd8DSgHK28PKNFOsWtxdunWF7lm30gZsFxQFQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T07:25:46Z" - mac: ENC[AES256_GCM,data:bhzvZsSnOeXw56intd55UYhO57fzkPRlJPUj7clw7h4VovxT/NIi6iTKry27to3DflR2JVgQ8s2g5YNllippYPBXnnCKC190oEDeaCsw5lcH4HU//obgVHsmYaLmJIJZmvJ+dIAYIoonG2/ZezKYDvSC7bdsYZLGpaq4uCZGIWI=,iv:lrhejHDeOZIirsA28WnN2Kcfy26wuLHP+feTdzt+0PM=,tag:RMr5Vyg5MqF02UTwdez9Mw==,type:str] + lastmodified: "2023-08-01T09:56:18Z" + mac: ENC[AES256_GCM,data:Sbn9baDlX0qQWMDOrWJTjSeFzhIHN3DbLU6fpFqVQJ0zb3aeJJpQIfUqTMtC6OitD/0kr2pTqhbcq0JrqpdiK+Iza0qBJ2+6WUZJPc/p+/X+rH/yQnjLOScU8QABm+CjW29te/+QtD3G9BHlvFcSj9J5R+FXLRSRnRhc5a1lT7c=,iv:9N5gHtZu6sv6xR2FPbx6zjg0mT0S59gkTipz0lTgcC0=,tag:71/BqbHHkTrxh8GT1iKesA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 |