From 1ad4f3a59871540e1198da4a7d60ec7a37236f22 Mon Sep 17 00:00:00 2001 From: Emelie Graven Date: Sat, 5 Apr 2025 19:07:51 +0200 Subject: [PATCH] update to new domain --- ...19_key.pub => backup_host_ed25519_key.pub} | 0 config/common/services/ssh.nix | 6 ++--- config/hosts/grondahl/services/borg.nix | 4 +-- config/hosts/rudiger/services/borg.nix | 27 +++++++++++++++++++ config/hosts/rudiger/services/restic.nix | 8 +++--- config/hosts/wind/services/borg.nix | 6 ++--- config/hosts/wind/services/restic.nix | 16 +++++------ 7 files changed, 47 insertions(+), 20 deletions(-) rename config/common/data/pubkeys/{despondos_host_ed25519_key.pub => backup_host_ed25519_key.pub} (100%) create mode 100644 config/hosts/rudiger/services/borg.nix diff --git a/config/common/data/pubkeys/despondos_host_ed25519_key.pub b/config/common/data/pubkeys/backup_host_ed25519_key.pub similarity index 100% rename from config/common/data/pubkeys/despondos_host_ed25519_key.pub rename to config/common/data/pubkeys/backup_host_ed25519_key.pub diff --git a/config/common/services/ssh.nix b/config/common/services/ssh.nix index 6beb49c..c7d5528 100644 --- a/config/common/services/ssh.nix +++ b/config/common/services/ssh.nix @@ -14,9 +14,9 @@ }; programs.ssh.knownHosts = { - despondos = { - hostNames = [ "despondos.nao.sh" ]; - publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub; + backup = { + hostNames = [ "backup.graven.dev" ]; + publicKeyFile = ../data/pubkeys/backup_host_ed25519_key.pub; }; }; diff --git a/config/hosts/grondahl/services/borg.nix b/config/hosts/grondahl/services/borg.nix index 6134c7f..bb86d9d 100644 --- a/config/hosts/grondahl/services/borg.nix +++ b/config/hosts/grondahl/services/borg.nix @@ -4,7 +4,7 @@ services.borgbackup.jobs = { postgres = { paths = "/var/lib/postgresql/backup"; - repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/grondahl/postgres"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/grondahl/postgres"; encryption.mode = "repokey"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}"; @@ -14,7 +14,7 @@ }; synapse = { paths = "/var/lib/matrix-synapse"; - repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/grondahl/synapse"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/grondahl/synapse"; encryption.mode = "repokey"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}"; diff --git a/config/hosts/rudiger/services/borg.nix b/config/hosts/rudiger/services/borg.nix new file mode 100644 index 0000000..28f5790 --- /dev/null +++ b/config/hosts/rudiger/services/borg.nix @@ -0,0 +1,27 @@ + +{ config, ... }: + +{ + services.borgbackup.jobs = { + postgres = { + paths = "/var/lib/postgresql/backup"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/rudiger/postgres"; + encryption.mode = "repokey"; + encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}"; + environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}"; + compression = "auto,zstd"; + startAt = "*-*-* 03:15:00"; + user = "postgres"; + }; + synapse = { + paths = "/var/lib/nextcloud/data"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/rudiger/nextcloud"; + encryption.mode = "repokey"; + encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}"; + environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}"; + compression = "auto,zstd"; + startAt = "*-*-* 03:45:00"; + user = "nextcloud"; + }; + }; +} diff --git a/config/hosts/rudiger/services/restic.nix b/config/hosts/rudiger/services/restic.nix index dc6ad4d..a639bd2 100644 --- a/config/hosts/rudiger/services/restic.nix +++ b/config/hosts/rudiger/services/restic.nix @@ -3,21 +3,21 @@ services.restic.backups = { "postgres" = { paths = [ "/var/lib/postgresql/backup" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/postgres"; + repository = "sftp:restic@backup.graven.dev:/etheria/backup/rudiger/postgres"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "04:15"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; user = "postgres"; }; "nextcloud" = { paths = [ "/var/lib/nextcloud/data" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/nextcloud"; + repository = "sftp:restic@backup.graven.dev:/etheria/backup/rudiger/nextcloud"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "04:30"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; user = "nextcloud"; }; diff --git a/config/hosts/wind/services/borg.nix b/config/hosts/wind/services/borg.nix index 7b8822e..776f91d 100644 --- a/config/hosts/wind/services/borg.nix +++ b/config/hosts/wind/services/borg.nix @@ -4,7 +4,7 @@ services.borgbackup.jobs = { gitea = { paths = "/var/lib/gitea"; - repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/gitea"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/wind/gitea"; encryption.mode = "repokey"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_gitea.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_gitea.file}"; @@ -14,7 +14,7 @@ }; postgres = { paths = "/var/lib/postgresql/backup"; - repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/postgres"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/wind/postgres"; encryption.mode = "repokey"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}"; @@ -24,7 +24,7 @@ }; synapse = { paths = "/var/lib/matrix-synapse"; - repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/synapse"; + repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/wind/synapse"; encryption.mode = "repokey"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}"; diff --git a/config/hosts/wind/services/restic.nix b/config/hosts/wind/services/restic.nix index 083e4cc..7f06514 100644 --- a/config/hosts/wind/services/restic.nix +++ b/config/hosts/wind/services/restic.nix @@ -5,41 +5,41 @@ services.restic.backups = { "gitea" = { paths = [ "/var/lib/gitea" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/gitea"; + repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/gitea"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "02:15"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; user = "gitea"; }; "postgres" = { paths = [ "/var/lib/postgresql/backup" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/postgres"; + repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/postgres"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "03:00"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; user = "postgres"; }; "synapse" = { paths = [ "/var/lib/matrix-synapse" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/synapse"; + repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/synapse"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "03:30"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; user = "matrix-synapse"; }; "vaultwarden" = { paths = [ "/var/lib/bitwarden_rs" ]; - repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/vaultwarden"; + repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/vaultwarden"; initialize = true; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; timerConfig = { "OnCalendar" = "23:45"; }; - extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; + extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; passwordFile = builtins.toString config.secrets.files.restic_pass.file; user = "vaultwarden"; };