From b43a55bb9f6b1ee45eb5274cf588384de51ad5fc Mon Sep 17 00:00:00 2001
From: Amanda Graven <amanda@graven.dev>
Date: Thu, 26 Oct 2023 16:56:34 +0200
Subject: [PATCH] Configure borg for grondahl

---
 config/hosts/grondahl/configuration.nix       |   2 +-
 config/hosts/grondahl/data/secrets/borg_pass  | Bin 0 -> 87 bytes
 .../hosts/grondahl/data/secrets/secrets.nix   | Bin 957 -> 1259 bytes
 config/hosts/grondahl/services/borg.nix       |  26 ++++++++++++++++++
 config/hosts/grondahl/services/restic.nix     |  26 ------------------
 5 files changed, 27 insertions(+), 27 deletions(-)
 create mode 100644 config/hosts/grondahl/data/secrets/borg_pass
 create mode 100644 config/hosts/grondahl/services/borg.nix
 delete mode 100644 config/hosts/grondahl/services/restic.nix

diff --git a/config/hosts/grondahl/configuration.nix b/config/hosts/grondahl/configuration.nix
index 1545408..a79f9c8 100644
--- a/config/hosts/grondahl/configuration.nix
+++ b/config/hosts/grondahl/configuration.nix
@@ -10,9 +10,9 @@
     ../../common/services/tailscale.nix
     ../../common/users.nix
     ./services/acme.nix
+    ./services/borg.nix
     ./services/coturn.nix
     ./services/nginx.nix
-    ./services/restic.nix
     ./services/synapse.nix
     ./services/postgres.nix
 		#./services/mail.nix
diff --git a/config/hosts/grondahl/data/secrets/borg_pass b/config/hosts/grondahl/data/secrets/borg_pass
new file mode 100644
index 0000000000000000000000000000000000000000..1d656217681bda45a8bf9c1de4d7cab1ab594aa5
GIT binary patch
literal 87
zcmZQ@_Y83kiVO&0sClve%B=S2i`A<0DsSFM3s9ZM!{nsF5}C6_NSA4v{)Htk;)S&v
uFI?DUdg)K2Tkpx!o6f|Y(Eap>|7d5|gVokIi=)p<@EyLP!?&-MEf)Zo>L||u

literal 0
HcmV?d00001

diff --git a/config/hosts/grondahl/data/secrets/secrets.nix b/config/hosts/grondahl/data/secrets/secrets.nix
index b79d57c072b44ce1ff1701aea03cdf0e5201cd67..1c37a019a94c1abab2e91d4a5b12b3aaee580246 100644
GIT binary patch
literal 1259
zcmZQ@_Y83kiVO&0I9{;$ng4>odv<j%wuvo$kY^s(GQq9)=GEj`N5%5I_a3}|dsg1f
zNnYXnvA=f-^dC#!cjrNE^v<m(Zxr9Z-V^(HlN3X;)UmpQ2GNbJr`8<ZBm154*b?De
zZxW7t<m&QSWLACiWcU4^ZC;ASVt3{oW6ZC-^E<IrH+@yHlyVsJHeu)BnBNz-lub;(
z_?IWjqs}md|NO>nd(;ZNvwwv>Z})zj{f{l*Wy%aT_NV8pg0^y8mDF)oeZ9QoUfA_6
zosv`aWpatf8YfkzGwn&%+HZKEbBez1)6H87in>1NN$@vqn3B^!OV>m5H?#EOCdt`%
ze=Td1^N&mVFiRp!u=B@mNB{I4d{<a!%ADlbX|7gSzUrm0)V&*7#lONW%2f>1C$WFN
z#@5jL^7~^0mL<n#7fgKqg1x}a?;nTMg@omD?<QTHw&V5&&wKCMHWj}UO!Qso>-FV*
z$W?{hjt{dv?)jwJmqxW*deI=vdDqfL{fOM}h~+QY4)hyL=DzUyXPUWCR_jY9!!J^&
z@A!5t6qixhkh8wv+g1fJ%gPOHyl;dj6{+2GQIu!pJ<d3DVtt7340D4^**DG|shsB}
zYT~|s%PJ4fT}yR>-F<JhY8?++w_A0=Jp<WBSyA2Zf3}@ln;oHNE0J=acdOI-wnuR<
zG&lWK(Y;@Px9-}!C*Kc!t6|lVvH73-XM$5zK~v+q&xh>`d!%@$^%!my{T*~<a)dX_
zYpFT*ccyyDJ0(uCTJYtF<MwkObc|#6EakBKd83l2vX!sL?K+$AQXR>T-TSq9`6f(R
zZnwDddM)$5?Tp=ll|tN;rzcM1OkhdelD&9l=Ff)wS-aLYerwwB_FJ(7&$;&JTWVz*
z?kcR1)~<>&Os+J^&zjfvi1pd81;66BxUaT{_xE3YS=L!_Wb(EZCyVkkPoI44eRk8K
zr4rUwZ(e`+>&N!m{+XX9cd%3R>J3S1t~E;{F79S#<p}#dq5LxIW%m=!n|w6PZMW4H
z+HL>y=<{>t#=Qkkq9=&Xba|aP>nE?S=btUFk3HvPC~iM?acSz?o~L_w<P;aVzn;n`
z7`&^FdBWvXjtzo#T3&}8_>50i>$>wAW}W_c(fZww9kMH=)(a)^y$xEh<bhD@64tI2
z@%@FfLvmmLDDAVk#nxEwpZ)gKN3ZMRdkfZwoMzZ$5Pq^Ey}eoM=$olp)d!c=Z!bvC
zKcAoTE0trrv&kFdhxh$9p4sitcTP1{`KX=99{+`c(>?Z_s(8P7QRC@2x9Kxf3t1|@
zv~Im|bwch!^`}KXckh_&)~f$@WuA~s&zJ3|6OSx57ZP#2aW+))=3TKq=9+zu?r%Eh
z=RK%P^>w`x|94wJ5sOJ=xBepTQW>|4slI|*t5@!uQr$9n`mWRYyqDHaFTE{TaJ=f0
z`JHqop5uxq=h&zye}1tushrQrOVQ?1smaWo$uk^MJZ?@d7CxfMx}adgi927;@7!VV
z!SVg-zz?r%4~8i6HZ(fNIozLnEdNAv;1#1pRjaEaewt@wPE5C1an4W4w`)ydh_qT%
z{<MVero6q%2bIm<Pn<b>vA|sWXX{#@T1%|%W$V51hEdtTmm^Zs{f}%x#qKMMcdM{Z
zkNxrg=pT)mx=E3fkIuN}+8ed{x@)rLkvB)(&tzY|p5P=HvR3pHdxG%McQf|v-nRR)
i<?277GMCrP-Zrc2Z{l9_rJ;K*atco8I=6fGNdf>Y(rw59

literal 957
zcmZQ@_Y83kiVO&0$iHQ`McZnB%QWTI;v<hUOkZoVeV_SPbm{8b+Cf`#RNE6oo=y0_
zZ^FC#u|M<ApRZKa-Q?GD{;s{;t0`J{tbD{hZ6f&RN~vkQWqF*tXrICg-;(_cuWhX1
z<GKIcK=1r3laD@6Y8`iRMxF7nd8l?|>ACzlG9QnYi=|xnxA@Vk_=Vf2E1X`vqBu}@
zOHqv6gY^t$Q<}Z6O78g?HE;LPe*dtIY#dQv)ZKg*njilnwK##Z=gxL6q3|n7^W9I0
z>#fLjG@2!_Zw}L%v`^dW7dmGZ#pxe7lH+~z=9jt3lYcJU<@o001oa&;oO|W&+URPY
zew4c7u*x4JuWd15%kRIAy!hzcHSgF@b4^6q>?bUED(&-zInS`#Kws$p#-%$sHdk4_
zn6L6$a!q}k+|h(5?tWfhGAzFu=g<Fq_4@&z1&Y7-EckuW&cfCD?6x_krJ~#W5^_F7
z=(K!sc-FYscG`Q>2^Aq7ThwbF><Q4&VT`>Ru3ZvyK(s6L*^}p=;-AE5zcpLL*}eT-
z%CC^lV<ou>HZyrQ&l2P96Ro~ES9jH}!Yl5cZqhQ%>b8}$SR#K;VV?SFbIKJjjThyq
ziHX0;vRX9aZ^u7Lxz4f6#Uiow$b}^;M+1_oVjWjZx@kQ(exqP0f8?}Ple#)wKb0-I
z7N$P6(qTs8KQUj${`k3n?lS6pVRKbA;z{)k)-2t9Yehh|_;K0ip?=$r2t}1dr`}?_
zT_LY5ef90Dl!a_PH3w}n)lOxrZZ-dR_I>`1Eh47np*!}lM}6P?DZASzuYAW_bycy|
zj4ku#aHLEYdZ>0r!BOt}v79-Nvc*1Gwj1Y4SZ!N(MebL&S4H>78DeLSwycz`uq`$|
z&-MD(l76q0V=Aqkm(C?T+Mh2`R^_=S_QM_Po&~lJ&koG`n0D!7(zO<zcR?~rmz8%K
zByF!>`@Q~kf7sots(bF95O4L0E}QVq{@ohuO^YVy-{BICIebBWEm!7_lgl^9$;2#V
ze51EPSbfi#DW&K99I~(Mk#acMpv6!){h~$ZmXa4oQY|)~G>H1S%(F@0jn4JfInjHT
ztyeteWEfTZ@{MDZbxyUyA*UKHN40)+(Tu(QOEY-0%tgv&<eE~wIK<!0-8nC5k<|wq
zl}C%2mmGAgj(hGeSj;h9cwx!bJ&fAx=jEuS9e%mE>-heyzN!=a)*nB1_q1l9iQAnQ
z+3&AQ`J}x#nw`G%^lXQJ?wfwC*{=3#f&8n&3ug}hne;}yS@UdwVoKQRvs1Urn4afK
cP?~VGhS|(wb###L>-4hd)Hw$uI9t~P0DrpI>i_@%

diff --git a/config/hosts/grondahl/services/borg.nix b/config/hosts/grondahl/services/borg.nix
new file mode 100644
index 0000000..6134c7f
--- /dev/null
+++ b/config/hosts/grondahl/services/borg.nix
@@ -0,0 +1,26 @@
+{ config, ... }:
+
+{
+	services.borgbackup.jobs = {
+		postgres = {
+			paths = "/var/lib/postgresql/backup";
+			repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/grondahl/postgres";
+			encryption.mode = "repokey";
+			encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}";
+			environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}";
+			compression = "auto,zstd";
+			startAt = "*-*-* 03:15:00";
+			user = "postgres";
+		};
+		synapse = {
+			paths = "/var/lib/matrix-synapse";
+			repo =  "ssh://borg@despondos.nao.sh//mnt/slab/backup/grondahl/synapse";
+			encryption.mode = "repokey";
+			encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}";
+			environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}";
+			compression = "auto,zstd";
+			startAt = "*-*-* 03:45:00";
+			user = "matrix-synapse";
+		};
+	};
+}
diff --git a/config/hosts/grondahl/services/restic.nix b/config/hosts/grondahl/services/restic.nix
deleted file mode 100644
index f92203e..0000000
--- a/config/hosts/grondahl/services/restic.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ config, ... }:
-{
-  services.restic.backups = {
-    "postgres" = {
-      paths = [ "/var/lib/postgresql/backup" ];
-      repository = "sftp:restic@despondos.nao.sh:/etheria/backup/grondahl/postgres";
-      initialize = true;
-      pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
-      timerConfig = { "OnCalendar" = "03:15"; };
-      extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
-      passwordFile = builtins.toString config.secrets.files.restic_pass.file;
-      user = "postgres";
-    };
-    "synapse" = {
-      paths = [ "/var/lib/matrix-synapse" ];
-      repository = "sftp:restic@despondos.nao.sh:/etheria/backup/grondahl/synapse";
-      initialize = true;
-      pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
-      timerConfig = { "OnCalendar" = "03:45"; };
-      extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
-      passwordFile = builtins.toString config.secrets.files.restic_pass.file;
-      user = "matrix-synapse";
-    };
-  };
-}
-