Skip to content

Commit

Permalink
Add module that simplifies backup setup
Browse files Browse the repository at this point in the history 
Add module that simplifies setting up Borg backup to Hetzner storage
box.
  • Loading branch information
@alapshin
alapshin committed Aug 27, 2024
1 parent 34b1bf7 commit eca0540
Show file tree
Hide file tree
Showing 7 changed files with 148 additions and 58 deletions.
1 change: 1 addition & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@
baseModules ? [
./configuration.nix

self.nixosModules.backup
disko.nixosModules.disko
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
Expand Down
18 changes: 12 additions & 6 deletions hosts/carbon/backup.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,18 @@
};
};

services.borgbackup.jobs = {
default = {
paths = [
"/home/alapshin/books"
"/home/alapshin/Documents"
];
services.backup = {
enable = true;

borg.jobs = {
home = {
paths = [
"/home/alapshin/books"
"/home/alapshin/Documents"
];
};
};

passphraseFile = config.sops.secrets."borg/passphrase".path;
};
}
49 changes: 7 additions & 42 deletions hosts/common/backup.nix
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,5 @@
{
lib,
pkgs,
config,
...
}:
let
user = "u399502";
host = "${user}.your-storagebox.de";
jobname = "default";
hostname = config.networking.hostName;
in
{ config, ... }:

{
sops.secrets = {
"borg/borg_ed25519" = {
Expand All @@ -24,36 +14,11 @@ in
};
};

services.borgbackup.jobs = {
${jobname} = {
repo = "ssh://${user}@${host}:23/./borgbackup/${hostname}";
paths = [ ];
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg/passphrase".path}";
};
compression = "auto,lzma";

prune.keep = {
daily = 7;
weekly = 4;
monthly = 1;
};
services.backup = {
user = "u399502";
host = "u399502.your-storagebox.de";
port = 23;

startAt = "*-*-* 21:00:00";
persistentTimer = true;

environment = {
BORG_RSH = "ssh -i ${config.sops.secrets."borg/borg_ed25519".path}";
};
};
};

systemd.timers."borgbackup-job-${jobname}".wants = [ "network-online.target" ];

programs.ssh.knownHosts = {
"${host}" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
sshKeyFile = config.sops.secrets."borg/borg_ed25519".path;
};
}
7 changes: 4 additions & 3 deletions hosts/common/openssh.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,18 +14,19 @@

programs.ssh.knownHosts = {
"github.com" = {
hostNames = [ "github.com" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};

"gitlab.com" = {
hostNames = [ "gitlab.com" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
};

"git.sr.ht" = {
hostNames = [ "git.sr.ht" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
};

"u399502.your-storagebox.de" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
};
}
20 changes: 13 additions & 7 deletions hosts/desktop/backup.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ lib, config, ... }:
{ config, ... }:

{
sops.secrets = {
Expand All @@ -7,12 +7,18 @@
};
};

services.borgbackup.jobs = {
default = {
paths = [
"/home/alapshin/books/"
"/home/alapshin/Documents/"
];
services.backup = {
enable = true;

borg.jobs = {
home = {
paths = [
"/home/alapshin/books/"
"/home/alapshin/Documents/"
];
};
};

passphraseFile = config.sops.secrets."borg/passphrase".path;
};
}
110 changes: 110 additions & 0 deletions modules/nixos/backup.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.services.backup;

inherit (lib)
types
attrsets
mkIf
mkOption
mkEnableOption
nameValuePair
;

hostname = config.networking.hostName;
mkBorgJob =
opts:
{
repo = "ssh://${cfg.user}@${cfg.host}:${cfg.port}/./borgbackup/${hostname}";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${cfg.passphraseFile}";
};
compression = "auto,lzma";

prune.keep = {
daily = 7;
weekly = 4;
monthly = 1;
};

startAt = "*-*-* 21:00:00";
persistentTimer = true;

extraInitArgs = "--verbose";
extraCreateArgs = "--verbose --stats";

environment = {
BORG_RSH = "ssh -i ${cfg.sshKeyFile}";
};
}
// opts;
in
{
options.services.backup = {
enable = mkEnableOption "backup";
user = mkOption {
type = types.str;
description = "Username for the SSH remote host.";
};

host = mkOption {
type = types.str;
description = "Hostname of the SSH remote host.";
};

port = mkOption {
type = types.port;
default = 22;
description = "Port of the SSH remote host.";
apply = toString;
};

sshKeyFile = mkOption {
type = types.path;
description = ''
Path to the ssh private key used to access repository.
'';
};

passphraseFile = mkOption {
type = types.path;
example = "/run/secrets/borg-passphrase";
description = ''
Path to the passphrase used to encrypt backups in the repository.
'';
};

borg = mkOption {
type = types.submodule {
options = {
jobs = mkOption {
type = types.attrsOf (
types.submodule {
options = {
paths = mkOption {
type = types.listOf types.path;
default = [ ];
description = "Paths to include in the backup.";
};
};
}
);
};
};
};
};

};

config = mkIf cfg.enable {
services.borgbackup = {
jobs = attrsets.mapAttrs (job: opts: mkBorgJob opts) cfg.borg.jobs;
};
};
}
1 change: 1 addition & 0 deletions modules/nixos/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{
backup = import ./backup.nix;
servarr = import ./services/misc/servarr;
nginx-ext = import ./nginx-ext.nix;
}

0 comments on commit eca0540

Please sign in to comment.