Gonne/nixConfig
1
0
Fork 0
forked from Fachschaft/nixConfig
Code Pull requests Activity

Feedback: more comments

Browse source
This commit is contained in:
Gonne 2024-03-30 19:52:11 +01:00
parent 1bf59168fb
commit 326cc52c2e
1 changed files with 20 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
nixos/modules/borgbackup.nix
View file

@ -112,16 +112,24 @@ in {
allowSubRepos = true; allowSubRepos = true;
}; };
}; };
# Configure backup of files on the department's fs account # Configure backup of files on the department's fs account:
# This job first copies the files to the local account 'fsaccount' in tmpfs
# and then takes a regular backup of the mirrored folder.
# See also https://borgbackup.readthedocs.io/en/stable/deployment/pull-backup.html
# which does not work due to missing permissions.
jobs.fsaccount = { jobs.fsaccount = {
preHook = '' preHook = ''
mkdir -p /home/fsaccount/sicherung # Create if it does not exist mkdir -p /home/fsaccount/sicherung # Create if it does not exist
${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung ${pkgs.rsync}/bin/rsync -e 'ssh -i /run/secrets/backupKey' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
''; '';
paths = "/home/fsaccount/sicherung"; paths = "/home/fsaccount/sicherung";
encryption.mode = "none"; encryption.mode = "none"; # Otherwise the key is next to the backup or we have human interaction.
environment = { environment = {
BORG_RSH = "ssh -i /run/secrets/backupKey"; BORG_RSH = "ssh -i /run/secrets/backupKey";
# “Borg ensures that backups are not created on random drives that just happen to contain a Borg repository.”
# https://borgbackup.readthedocs.io/en/stable/deployment/automated-local.html
# We don't want this in order to not need to persist borg cache and simplify new deployments.
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes"; BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
}; };
repo = "borg@localhost:fsaccount"; repo = "borg@localhost:fsaccount";
@ -131,6 +139,16 @@ in {
readWritePaths = ["/home/fsaccount"]; readWritePaths = ["/home/fsaccount"];
}; };
}; };
# Extra user for FS account backup
users.users = {
fsaccount = {
description = "FS Account backup";
isSystemUser = true;
home = "/home/fsaccount";
createHome = true;
group = "users";
};
};
environment.persistence.${config.impermanence.name} = { environment.persistence.${config.impermanence.name} = {
users.fsaccount.files = [ users.fsaccount.files = [
{ {
@ -149,15 +167,5 @@ in {
inherit (config.users.users.fsaccount) group; inherit (config.users.users.fsaccount) group;
mode = "0400"; mode = "0400";
}; };
# Extra user for FS account backup
users.users = {
fsaccount = {
description = "FS Account backup";
isSystemUser = true;
home = "/home/fsaccount";
createHome = true;
group = "users";
};
};
}; };
} }