forked from Fachschaft/nixConfig
Backup des Fachschaftsaccounts
This commit is contained in:
parent
150ae96381
commit
03cc2ec27f
1 changed files with 38 additions and 0 deletions
|
@ -1,6 +1,7 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
inherit
|
inherit
|
||||||
|
@ -56,6 +57,13 @@ in {
|
||||||
path = "/var/lib/backups/eihort";
|
path = "/var/lib/backups/eihort";
|
||||||
allowSubRepos = true;
|
allowSubRepos = true;
|
||||||
};
|
};
|
||||||
|
fsaccount = {
|
||||||
|
authorizedKeysAppendOnly = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+Y7fQTYdIWHehrKdk92CaJ0AisEux4OrS4nIyMstU4 FS Account Backup"
|
||||||
|
];
|
||||||
|
path = "/var/lib/backups/fsaccount";
|
||||||
|
allowSubRepos = true;
|
||||||
|
};
|
||||||
hastur = {
|
hastur = {
|
||||||
authorizedKeysAppendOnly = [
|
authorizedKeysAppendOnly = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeDvTyOUdIPARatX0PPhHgrV1gjERWLt2Twa8E2GETb Hastur Backupsystem"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeDvTyOUdIPARatX0PPhHgrV1gjERWLt2Twa8E2GETb Hastur Backupsystem"
|
||||||
|
@ -99,6 +107,36 @@ in {
|
||||||
allowSubRepos = true;
|
allowSubRepos = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# Configure backup of files on the department's fs account
|
||||||
|
jobs.fsaccount = {
|
||||||
|
preHook = ''
|
||||||
|
mkdir -p /home/fsaccount/sicherung # Create if it does not exist
|
||||||
|
${pkgs.rsync}/bin/rsync -e 'ssh -i /home/fsaccount/.ssh/fsaccount' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
|
||||||
|
'';
|
||||||
|
paths = "/home/fsaccount/sicherung";
|
||||||
|
encryption.mode = "none";
|
||||||
|
environment.BORG_RSH = "ssh -i /home/fsaccount/.ssh/fsaccount";
|
||||||
|
repo = "ssh://borg@localhost/~/fsaccount";
|
||||||
|
startAt = "daily";
|
||||||
|
user = "fsaccount";
|
||||||
|
group = "users";
|
||||||
|
readWritePaths = ["/home/fsaccount"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environment.persistence.${config.impermanence.name} = {
|
||||||
|
users.fsaccount.directories = [
|
||||||
|
{
|
||||||
|
directory = ".ssh"; # SSH Key with access to FS Account and Borg repo and known_hosts
|
||||||
|
mode = "u=rwx,g=,o=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# Extra user for FS account backup
|
||||||
|
users.users = {
|
||||||
|
fsaccount = {
|
||||||
|
description = "FS Account backup";
|
||||||
|
isNormalUser = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue