emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

update to new domain

Browse source
This commit is contained in:
Emelie Graven 2025-04-05 19:07:51 +02:00
parent 4ebfb82746
commit 1ad4f3a598
7 changed files with 47 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

0
config/common/data/pubkeys/despondos_host_ed25519_key.pub → config/common/data/pubkeys/backup_host_ed25519_key.pub
View file

6
config/common/services/ssh.nix
View file

@ -14,9 +14,9 @@
}; };
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
despondos = { backup = {
hostNames = [ "despondos.nao.sh" ]; hostNames = [ "backup.graven.dev" ];
publicKeyFile = ../data/pubkeys/despondos_host_ed25519_key.pub; publicKeyFile = ../data/pubkeys/backup_host_ed25519_key.pub;
}; };
}; };

4
config/hosts/grondahl/services/borg.nix
View file

@ -4,7 +4,7 @@
services.borgbackup.jobs = { services.borgbackup.jobs = {
postgres = { postgres = {
paths = "/var/lib/postgresql/backup"; paths = "/var/lib/postgresql/backup";
repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/grondahl/postgres"; repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/grondahl/postgres";
encryption.mode = "repokey"; encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}";
@ -14,7 +14,7 @@
}; };
synapse = { synapse = {
paths = "/var/lib/matrix-synapse"; paths = "/var/lib/matrix-synapse";
repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/grondahl/synapse"; repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/grondahl/synapse";
encryption.mode = "repokey"; encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}";

27
config/hosts/rudiger/services/borg.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.borgbackup.jobs = {
postgres = {
paths = "/var/lib/postgresql/backup";
repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/rudiger/postgres";
encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}";
compression = "auto,zstd";
startAt = "*-*-* 03:15:00";
user = "postgres";
};
synapse = {
paths = "/var/lib/nextcloud/data";
repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/rudiger/nextcloud";
encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}";
compression = "auto,zstd";
startAt = "*-*-* 03:45:00";
user = "nextcloud";
};
};
}

8
config/hosts/rudiger/services/restic.nix
View file

@ -3,21 +3,21 @@
services.restic.backups = { services.restic.backups = {
"postgres" = { "postgres" = {
paths = [ "/var/lib/postgresql/backup" ]; paths = [ "/var/lib/postgresql/backup" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/postgres"; repository = "sftp:restic@backup.graven.dev:/etheria/backup/rudiger/postgres";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "04:15"; }; timerConfig = { "OnCalendar" = "04:15"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "postgres"; user = "postgres";
}; };
"nextcloud" = { "nextcloud" = {
paths = [ "/var/lib/nextcloud/data" ]; paths = [ "/var/lib/nextcloud/data" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/rudiger/nextcloud"; repository = "sftp:restic@backup.graven.dev:/etheria/backup/rudiger/nextcloud";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "04:30"; }; timerConfig = { "OnCalendar" = "04:30"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "nextcloud"; user = "nextcloud";
}; };

6
config/hosts/wind/services/borg.nix
View file

@ -4,7 +4,7 @@
services.borgbackup.jobs = { services.borgbackup.jobs = {
gitea = { gitea = {
paths = "/var/lib/gitea"; paths = "/var/lib/gitea";
repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/gitea"; repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/wind/gitea";
encryption.mode = "repokey"; encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_gitea.file}"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_gitea.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_gitea.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_gitea.file}";
@ -14,7 +14,7 @@
}; };
postgres = { postgres = {
paths = "/var/lib/postgresql/backup"; paths = "/var/lib/postgresql/backup";
repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/postgres"; repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/wind/postgres";
encryption.mode = "repokey"; encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_postgres.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_postgres.file}";
@ -24,7 +24,7 @@
}; };
synapse = { synapse = {
paths = "/var/lib/matrix-synapse"; paths = "/var/lib/matrix-synapse";
repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/synapse"; repo = "ssh://borg@backup.graven.dev//mnt/slab/backup/wind/synapse";
encryption.mode = "repokey"; encryption.mode = "repokey";
encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}"; encryption.passCommand = "cat ${config.secrets.files.borg_pass_synapse.file}";
environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}"; environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_synapse.file}";

16
config/hosts/wind/services/restic.nix
View file

@ -5,41 +5,41 @@
services.restic.backups = { services.restic.backups = {
"gitea" = { "gitea" = {
paths = [ "/var/lib/gitea" ]; paths = [ "/var/lib/gitea" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/gitea"; repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/gitea";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "02:15"; }; timerConfig = { "OnCalendar" = "02:15"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "gitea"; user = "gitea";
}; };
"postgres" = { "postgres" = {
paths = [ "/var/lib/postgresql/backup" ]; paths = [ "/var/lib/postgresql/backup" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/postgres"; repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/postgres";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "03:00"; }; timerConfig = { "OnCalendar" = "03:00"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "postgres"; user = "postgres";
}; };
"synapse" = { "synapse" = {
paths = [ "/var/lib/matrix-synapse" ]; paths = [ "/var/lib/matrix-synapse" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/synapse"; repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/synapse";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "03:30"; }; timerConfig = { "OnCalendar" = "03:30"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "matrix-synapse"; user = "matrix-synapse";
}; };
"vaultwarden" = { "vaultwarden" = {
paths = [ "/var/lib/bitwarden_rs" ]; paths = [ "/var/lib/bitwarden_rs" ];
repository = "sftp:restic@despondos.nao.sh:/etheria/backup/wind/vaultwarden"; repository = "sftp:restic@backup.graven.dev:/etheria/backup/wind/vaultwarden";
initialize = true; initialize = true;
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ];
timerConfig = { "OnCalendar" = "23:45"; }; timerConfig = { "OnCalendar" = "23:45"; };
extraOptions = [ "sftp.command='ssh restic@despondos.nao.sh -i ${config.secrets.files.ssh_key.file} -s sftp'" ]; extraOptions = [ "sftp.command='ssh restic@backup.graven.dev -i ${config.secrets.files.ssh_key.file} -s sftp'" ];
passwordFile = builtins.toString config.secrets.files.restic_pass.file; passwordFile = builtins.toString config.secrets.files.restic_pass.file;
user = "vaultwarden"; user = "vaultwarden";
}; };