From 69f780a9f26ed04f484cedd79ea2a5231da96126 Mon Sep 17 00:00:00 2001
From: Amanda Graven <amanda@graven.dev>
Date: Sat, 17 Jun 2023 17:16:59 +0200
Subject: [PATCH] Configure borg backup for gitea

---
 .../pubkeys/despondos_host_ed25519_key.pub     |   2 +-
 config/hosts/wind/configuration.nix            |   1 +
 config/hosts/wind/data/secrets/borg_pass       | Bin 0 -> 87 bytes
 config/hosts/wind/data/secrets/secrets.nix     | Bin 977 -> 1206 bytes
 config/hosts/wind/data/secrets/ssh_key         | Bin 421 -> 421 bytes
 config/hosts/wind/data/secrets/ssh_key.pub     | Bin 115 -> 117 bytes
 config/hosts/wind/services/borg.nix            |  16 ++++++++++++++++
 config/hosts/wind/services/gitea.nix           |   6 +++---
 8 files changed, 21 insertions(+), 4 deletions(-)
 create mode 100644 config/hosts/wind/data/secrets/borg_pass
 create mode 100644 config/hosts/wind/services/borg.nix

diff --git a/config/common/data/pubkeys/despondos_host_ed25519_key.pub b/config/common/data/pubkeys/despondos_host_ed25519_key.pub
index 6367ffa..6c326b4 100644
--- a/config/common/data/pubkeys/despondos_host_ed25519_key.pub
+++ b/config/common/data/pubkeys/despondos_host_ed25519_key.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+ZQk80BU/OdQfV990yrkFwvsLVbVZ2Itof/qwxjTn7
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4C5OgZpxoF42L5rPqwejs+Q1ViN9TM9o/fEbpnPFtA
diff --git a/config/hosts/wind/configuration.nix b/config/hosts/wind/configuration.nix
index 094c57d..bb597df 100644
--- a/config/hosts/wind/configuration.nix
+++ b/config/hosts/wind/configuration.nix
@@ -7,6 +7,7 @@
 		../../common/services/tailscale.nix
 		../../common/users.nix
 		./services/acme.nix
+		./services/borg.nix
 		./services/coturn.nix
 		./services/nginx.nix
 		./services/nitter.nix
diff --git a/config/hosts/wind/data/secrets/borg_pass b/config/hosts/wind/data/secrets/borg_pass
new file mode 100644
index 0000000000000000000000000000000000000000..1d656217681bda45a8bf9c1de4d7cab1ab594aa5
GIT binary patch
literal 87
zcmZQ@_Y83kiVO&0sClve%B=S2i`A<0DsSFM3s9ZM!{nsF5}C6_NSA4v{)Htk;)S&v
uFI?DUdg)K2Tkpx!o6f|Y(Eap>|7d5|gVokIi=)p<@EyLP!?&-MEf)Zo>L||u

literal 0
HcmV?d00001

diff --git a/config/hosts/wind/data/secrets/secrets.nix b/config/hosts/wind/data/secrets/secrets.nix
index b00061f2e447a3f121aedda3a1f0048dad8d45e4..7b552e07db4096a1ff3c56167436a11d6d78fd00 100644
GIT binary patch
literal 1206
zcmZQ@_Y83kiVO&0SZOlh<0b{^u3sAu-rcYEJ&@Pfm(j{2{|n2l&-{5k(ZAiEgoKJd
zYP#)q?ty%!j8WuWo2u6EtQV1=ll!#poM!L)TPO7LWz*3Jn_qRkap&5WGutNDzVyCu
zeUHxtRU5VqlOng<OPxIMQuXR&tI&Vj?WfIobYM@{L50Hnck=uPj>s)CXIY;=%OGLP
zi5YSCbDJLJ)_&*tq$d^}`MTfrn^dMi?!9FTXYaJqbD8jG)?tC#tdw+@McXo)&6OYZ
zPEpwGZ)Ee*zw`KBC7q5XZ?rgFIy4@BRQY|xIoUqGL@_>*=iwxWZPKp<4|`;&CTvwu
zFDtyd<iq~+7yNX-P2b#aA-ubd@qYT}#SCY*=$ZU&|Nj1=FzewhaUl~st;6P5*ggr@
zkzRgeU-61UEtiefMzhwc_%l55&3CK4?<M%xhMSq?d-m)J77CF;zvUihUi!S|x|+V^
zi)Wu+Y%QPbT9>_Hsnv~u7dA&GhrZH!^yXX3B$2}Bhf5BfR64J7@DJay19x(Nd**0)
z&kI(2<aAfMZ?ej~H(_~dyy9!zFZ~VAI(PHfGY{c+_FRu+v|6(BQX6OFz282ux$4=R
z>30<RCF1?ITkiVUzw>zXo2S!%yowFBa7bS%Hf_RW_bS$BfsX@O1iJ2q{ACJBoDr>d
z<tnQb>y5y}4=)^XI&&o8W6=KmR~CnV8Mg<sRcy8rK0iNCdH&8Xubbn)3)Qn_^ozYX
zYII9VzTwHy^ItUU<ISd=WPf?0d*kexno61f+;ksGX?Sg52@lz>z0zu{#g69nlM7bN
zUoP?X<ZthMrH&Iz(u;a-Nm*%ZcFVfhvg4WI?vwXh8f0H6Or3YcuU#tTfzq?ZOea`w
zhwnJyAfLnh{mhl`H<sPXWn|l){%Mc>qAxG~S8Yg5+0o`b<-cm;l8=X`I_>PUUi&s;
zYdRm#H_y}ey_cL(X`B9q`+UluUd?F-&i_%JxXo>igu?A0t)Fqt7gmMWH)dSRaJs+G
zs>4OqcTF3kh~ND9jLxau-HZ3uuf26<#SC7bAB-0_mWVcbo=yyzR=hzc{M%iT+Swe3
zzMPb}Hr?xm)2%Hw+h$a1x!-^M^6k;tO>^G7f1O;{WFE}??2hx2qe1_#On+H_#BdAC
zMYa4rzjjqEXrDQcA?;_LUuQ#qf!=TN{f74fHcc)+omH_U{`BF4m6vALa7=3bTH;uK
z&(<*NT_o@S`h|{m0Zr%Zx1=aa3;iy(C<wMpEB~LDU8*ua`)zk`lb8Ri>zPZHS;R%M
zFGOy<xAC0k_V3CZ`!0G0Rj9P@esy?XP$kQWs)AEhk_l%Dm^PT6=c%%Gb?(3G`-bIM
z)0~~wzlx4+%PfzX@KZl6aQD^Mx0nxTl$x(_ef?x*qkrD%sE!TSw7#9$w==GXb4T>1
zHyamP-WI)ez4=elRqlkcl=#D!ePUkje`z_tg}rWFs?7Pr2iIL)th4l4m&c>J`=<nT
zAAQp}Be_m{pM^%>y|`IZUTl2-`P-5_!3i5}w*663u>H4C@x;|W%fsIVL!U4o=sCT0
zUh0Kq{`YdaScJAelGM3rF?CIAQ1Qa`<?$(1b=L~S*EAizePOd>TEd2PZpGcR{W}?!
h&A9XN)9L7oUbP;=#q+oK^_r{Po;pEX!`(vv768rjY`y>h

literal 977
zcmZQ@_Y83kiVO&0DAE?V-18x*!Ryz|;-Hl5H@f#kf0ngwa9Vk&!SLOx_qWXb7zA#$
z%zM8-e{WSfcfQ5G*IW|{3J)gSI6Y&oTUih1#swZt7k}o5*ydLA&RUpz<oB0zY_|XF
zzFdC#@A`AOhV*ULk3^pHi?5r@WGr=g*4p!lky+xLho;&b%X2*@YIs_AY0Q5$tJ4_?
zvzjg>26ApLmwfxHRdkV4Xt<)DU=)9s<f4-y{gGK;o_}3&BmRDJpTdNvkrJgAQze;Z
z>oZlkUR3R>6lHv5@RcX9!QztH^>dRsp0{>t39Z&X+o<s)eaG4t`l~uuo=y2|`n0p+
zLeJ*Cp35DYjv3v1>bZp{GyT=VlM;^$DmfO{+}-}|NcHOJwhKMB8QeZMDcWP%mB%{;
z{UldhV}Gx>bhY13-V4Q+DLLDB@4CN=tKI7_SAf+G{tsfWoHrzu>*r1_uYRz>FGb7h
z7wdev$5U6zwBNm+c}DuPLXG17Er(uAes%n3!+Il*?S8i}m;7EBrR}M~k^lSJ=1&iW
zEw~I9x!6zA68dx^>E!#Q#XroiuAZWy@$l!IoT(>Uy5xo4EUK7#W3~A2G|lN@XZ&RZ
zcD8x8RCQPyzuCdP=>5S-WgG7~=tu>3y-8a>Rh8whaK{{p8m3V0TmP0-PTneQ-!`Lg
z%>{Xf)NWNS$?e-0Sn)4Rkng_p$$R;dZ@0hxSheKyOV3%Kv$;6Fn19?;9Li#9{Yf}c
zU)}A2LUgKC`ld%$#5ONB%RMg1yzfwkBJ0s==PgW}Z)BIx@vojVS$wa-+r}?R+Ui?2
zxLWkFBuw-?X2q=YTE<J`jn-G$1%JMkFk2nBJjHd#ZeLPB-@lW(-%FoNlGDC?Jj(d-
zww-?4KP0yOW?khX(9tcPALh2`*GdL8L$xDi-pb1ym@lZvncS@w{AV(6|F$=MZm&d=
zu6{`Rc{Av?h~;Th_bcr)?a%fFKd=4yX7c~#MymUm|1l-oi(lEbWbNs^ob)T-S1oid
zJig~)*H2TAACnl5ZjQZLoM@9{_tWv9VeH8hTh_C`R^PznR;1n6d9N_qb?PgIqj?T4
z9ip190`vE2&FVTJ5<Q6}roQt<hR}wGNAi#T-&#`DBT(4;d8Jv6?x{m;?bWYCQuwaB
z?zz;svyHR(bN<X7w`-JZ-({>@a%FGH@+s0+8E;L`&}Lu1bMMtd4pIANWJ>m@d^mDW
zaBDATiu$kn23J1|vwU6lYq_}0w}%PglfL*o{l90WJA-15#0`f}tM^{{QgP-@4x{<i
yjaN=<h__v0`;c;(;kGraaNBdqz6G2W((AqFu2Mc`{OD&zskG?l=F|35gIWOJ0_rIM

diff --git a/config/hosts/wind/data/secrets/ssh_key b/config/hosts/wind/data/secrets/ssh_key
index 6dd0719e0a2e01d535cfb2b09f4283ff2e5be8b2..eb6c6ce820f06bfcb86e35ac2be652bba1afba14 100644
GIT binary patch
literal 421
zcmZQ@_Y83kiVO&0`1>fIW9ieT-8KhH)@S_s<hrOaf@!wEBSVQEpGN6~XND2|M&F~>
zGTbWOx#o+=tIh1GmVL(3P4brNH`m22IKSj|d8SuJyll}%^Y0g4OiDX+wz1U4d;646
zFJ|u5Hn;q*Gf$`g-1CH{g$?W$(Lbz<Zi!j#+MXaSnQ{8CO6ZXz$=wo(t8F6LY^~q_
zIFxqw%aVPQL{C@t9};jnF8x#T=J8OO4N;*?`@S9W(b#aNT3??-foX9pXYYKsm!+QT
zr`+r6WXrMH^0`iom*qo$!TSG;#CR%N7W9-(e$tk?bGhLZ?>=EpiJG^6=LAnP*ci0+
z&~e3?YO8<Gu6Gi@=k-W{^-Y7fr|zc{8yJKu7OgoyEp+?zuQQlt$Z*^;s(#0Ietk`8
zK(N39@yA?!H4{yoma5zch;VwWfA+%B64R;O!jWAJsjT@7f6dQY_nr>U*lM2>l5^#)
zY%*VUK`iH8@2iSSV`si7@LqCy{-!?Xn=(tXyDrz|K3%uyB!k{{;ctp_q!t(FZJU~Q
i^6h=Qpi3%04b^8%z1=&hV@ZsrPTJnjZ|5a-{R99Pn9M)`

literal 421
zcmZQ@_Y83kiVO&0_+pv7JbUJ*S*-7?t0vA~_U<Wb=%!S+2`h@P<P=IuoY?#JzJ+_*
z+up0iO8ejbJ$tsc=+>M6l{^PliwlZ`idah3-0zz*rRnymmhHX2CW*yIEPTY>xrkeE
znbQippm%FsI_Eu`c5=Qx&*PRLACa&(oX&!wH})7#+i_X%L)(lek@~k^MAiIp@{x{u
zp(t>0w(`+*G2Qd&qIUw%?62er+*jCL68%Gp`Ep&ywP(xMUv80`GQaOoZo1c+%l-$~
zm%UsVAl&=<tc=Xw+3fl&GM7g4ulbtr=aJyyoLwh8)YnX#bLYd>eSZtS`?bs4#C%;H
zIwv>v$EQE{mb+?b#j)iWdgN_sQkt~WYx&+ip8q}g?{@Uab#;D9%QZEU5&bjulBk5<
zm+X^|rW*b_#PcPWbNQwBVnOG;F0$_wxqM03g<VrPX>H!^pMr%}o9Awp|9MR2r)rPU
zgRX-%tbga47ThfJ*^(!DSnPIQ#-<O?YIP%SUfsSs_fFTF4c>Cx^+LN%6<Uul`u&(S
kOR#EZaxwd5<=OY0o}4UTVsE_ezjb<C&6!NQb@P`203b}%xc~qF

diff --git a/config/hosts/wind/data/secrets/ssh_key.pub b/config/hosts/wind/data/secrets/ssh_key.pub
index 54b1d0ba842c0031de57ecff3ecabfdbedde5899..de5e67137b4b162f5f71220a0df95f5823c9e78c 100644
GIT binary patch
literal 117
zcmZQ@_Y83kiVO&0c#tM|mg(e$L(ID~6<2Lki1(0X_hUY_*Qv>*Gecw1UMY`z(<MF`
zH1Y4gabW3X7X4e=qF=*S{oQqX+2RSOZ*wK}3g7ZSzvaizQ*(|n+b|gL@jA(L%ij@~
aUSfXhnXu3Fzp0;67$@mGy=am!^C|$d$2GG6

literal 115
zcmZQ@_Y83kiVO&0SbI@0OZfD(ouBW$`55`X<Yv`A#{WOf>*ReD7u}qxa{0gkp5=AL
zaj8={gerWEIuyFUPJcCdN$T}Q%{sjAQf&8haW*|mxF?`vccO<cO;<qX;0DEzyY?Xm
X>w|7?mMHKES6h2_ySlkURL>j$U!OIo

diff --git a/config/hosts/wind/services/borg.nix b/config/hosts/wind/services/borg.nix
new file mode 100644
index 0000000..9c22666
--- /dev/null
+++ b/config/hosts/wind/services/borg.nix
@@ -0,0 +1,16 @@
+{ config, ... }:
+
+{
+	services.borgbackup.jobs = {
+		gitea = {
+			paths = "/var/lib/gitea";
+			repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/gitea";
+			encryption.mode = "repokey";
+			encryption.passCommand = "cat ${config.secrets.files.borg_pass_gitea.file}";
+			environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_gitea.file}";
+			compression = "auto,zstd";
+			startAt = "*-*-* 02:15:00";
+			user = "gitea";
+		};
+	};
+}
diff --git a/config/hosts/wind/services/gitea.nix b/config/hosts/wind/services/gitea.nix
index b9a86a2..ec0d191 100644
--- a/config/hosts/wind/services/gitea.nix
+++ b/config/hosts/wind/services/gitea.nix
@@ -3,9 +3,6 @@
 {
   services.gitea = {
     enable = true;
-    domain = "git.graven.dev";
-    rootUrl = "https://git.graven.dev";
-    enableUnixSocket = true;
     appName = "Graven Gitea";
     settings = { "ui" = { "DEFAULT_THEME" = "arc-green"; }; };
     database = {
@@ -13,5 +10,8 @@
     };
     settings.service.DISABLE_REGISTRATION = true;
     settings.session.COOKIE_SECURE = true;
+    settings.server.DOMAIN = "git.graven.dev";
+    settings.server.ROOT_URL = "https://git.graven.dev";
+    settings.server.PROTOCOL = "http+unix";
   };
 }