Backup des Fachschaftsaccounts

nixos/modules/borgbackup.nix

@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }: let
   inherit
@@ -56,6 +57,13 @@ in {
           path = "/var/lib/backups/eihort";
           allowSubRepos = true;
         };
+        fsaccount = {
+          authorizedKeysAppendOnly = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+Y7fQTYdIWHehrKdk92CaJ0AisEux4OrS4nIyMstU4 FS Account Backup"
+          ];
+          path = "/var/lib/backups/fsaccount";
+          allowSubRepos = true;
+        };
         hastur = {
           authorizedKeysAppendOnly = [
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeDvTyOUdIPARatX0PPhHgrV1gjERWLt2Twa8E2GETb Hastur Backupsystem"
@@ -99,6 +107,39 @@ in {
           allowSubRepos = true;
         };
       };
+      # Configure backup of files on the department's fs account
+      jobs.fsaccount = {
+        preHook = ''
+          mkdir -p /home/fsaccount/sicherung # Create if it does not exist
+          ${pkgs.rsync}/bin/rsync -e 'ssh -i /home/fsaccount/.ssh/fsaccount' -r fachschaft@gw1.mathematik.tu-darmstadt.de:/home/fachschaft/* /home/fsaccount/sicherung
+        '';
+        paths = "/home/fsaccount/sicherung";
+        encryption.mode = "none";
+        environment = {
+          BORG_RSH = "ssh -i /home/fsaccount/.ssh/fsaccount";
+          BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
+        };
+        repo = "borg@localhost:fsaccount";
+        startAt = "daily";
+        user = "fsaccount";
+        group = "users";
+        readWritePaths = ["/home/fsaccount"];
+      };
+    };
+    environment.persistence.${config.impermanence.name} = {
+      users.fsaccount.directories = [
+        {
+          directory = ".ssh"; # SSH Key with access to FS Account and known_hosts
+          mode = "u=rwx,g=,o=";
+        }
+      ];
+    };
+    # Extra user for FS account backup
+    users.users = {
+      fsaccount = {
+        description = "FS Account backup";
+        isNormalUser = true;
+      };
     };
   };
 }