From 69f780a9f26ed04f484cedd79ea2a5231da96126 Mon Sep 17 00:00:00 2001 From: Amanda Graven Date: Sat, 17 Jun 2023 17:16:59 +0200 Subject: [PATCH] Configure borg backup for gitea --- .../pubkeys/despondos_host_ed25519_key.pub | 2 +- config/hosts/wind/configuration.nix | 1 + config/hosts/wind/data/secrets/borg_pass | Bin 0 -> 87 bytes config/hosts/wind/data/secrets/secrets.nix | Bin 977 -> 1206 bytes config/hosts/wind/data/secrets/ssh_key | Bin 421 -> 421 bytes config/hosts/wind/data/secrets/ssh_key.pub | Bin 115 -> 117 bytes config/hosts/wind/services/borg.nix | 16 ++++++++++++++++ config/hosts/wind/services/gitea.nix | 6 +++--- 8 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 config/hosts/wind/data/secrets/borg_pass create mode 100644 config/hosts/wind/services/borg.nix diff --git a/config/common/data/pubkeys/despondos_host_ed25519_key.pub b/config/common/data/pubkeys/despondos_host_ed25519_key.pub index 6367ffa..6c326b4 100644 --- a/config/common/data/pubkeys/despondos_host_ed25519_key.pub +++ b/config/common/data/pubkeys/despondos_host_ed25519_key.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+ZQk80BU/OdQfV990yrkFwvsLVbVZ2Itof/qwxjTn7 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4C5OgZpxoF42L5rPqwejs+Q1ViN9TM9o/fEbpnPFtA diff --git a/config/hosts/wind/configuration.nix b/config/hosts/wind/configuration.nix index 094c57d..bb597df 100644 --- a/config/hosts/wind/configuration.nix +++ b/config/hosts/wind/configuration.nix @@ -7,6 +7,7 @@ ../../common/services/tailscale.nix ../../common/users.nix ./services/acme.nix + ./services/borg.nix ./services/coturn.nix ./services/nginx.nix ./services/nitter.nix diff --git a/config/hosts/wind/data/secrets/borg_pass b/config/hosts/wind/data/secrets/borg_pass new file mode 100644 index 0000000000000000000000000000000000000000..1d656217681bda45a8bf9c1de4d7cab1ab594aa5 GIT binary patch literal 87 zcmV-d0I2@}M@dveQdv+`0DS1L)S8D|(R(GHdD+-zP$ixW0zxPRS!}ctEdrJ=(4^>J t6Dxtx(6Tks{DDS|$;-0LUdS!-{13&6ir}j|*>hXX7!JeOEDpYf25p$?D9-=@ literal 0 HcmV?d00001 diff --git a/config/hosts/wind/data/secrets/secrets.nix b/config/hosts/wind/data/secrets/secrets.nix index b00061f2e447a3f121aedda3a1f0048dad8d45e4..7b552e07db4096a1ff3c56167436a11d6d78fd00 100644 GIT binary patch literal 1206 zcmV;n1WEeFI*SSUmcEjb6@%rvp7>ed$Zk z*St*7B|HYOl3BMu8p*)vCDoHURsOd>mYm|iyo$jfac}M)55UA8qBjJuZ<;V*w8)rV z-)(~8ZGHC)@-7xrS?iBQ_8MsrZQiD#o4GnJM3DTN!w`LHWM@R8wrPVmBjSyeAhS<0 zJn2t~$Gsvfh@|W)2}Fn};qfH<#6x30Uvwc~VGQAtK(-s|5yMDmC1AB6Cw6hwr0~Db z&`vD&m$Q#J6T5~1-)Hlq0L-*5H2sJ7@8J^#!?a#hk%>E2pLjjwS1cQ+#J+Q=aVkWy zJ2INBBu@b3O>ahh-%1hvJPQK^_iLMwI3QV4`yS(I((|m>CNCN2=JM#Zcb!FkYp|s{ z*ih&^#FJI(D&p++gpw3-=fiZu$s*4z!Tb)!z}#*7No*=ho>L~`LfspVlO&$(R&FK@ z7pzCp{a0$v*~aEb6Yf6><6J6)Yi?zMm~QX4k%M~XoR{1nj~HK0w>i4;kGaQN?B$pE z>RnSfKxe5ImXMQ2dIjcD<52_w{nS5`PA0j~3{~GTIs+faJx`^eKN|Hk8Q+>Bx(*o0%yh zY5qnn;TkAPumo3Bw=1bSwK%wguaj`7pQjk@$@@!hB8bSOXL5|%8agPmMrzT7xaKjt z$=`&49q1sHp2SXv8f4%i=A#101lw1*$Uq-#1NY3-_t>V|Z2<GQL!`x0 z|J0Z1f5b7g1komMy!yI&pof{B0A~4aPKkhza4!27zcJoWvXghqYIvky%frEW(wTe+ zl7;njL3iFgFep$d zBLo)|YtUJ--m%U}xA!9mzR^iicqE6r>chTLc?8IMaLRfaV9am=ur<#NdOJl!kKIk| z1jd4#xjXuD#LG<>)HdrD0MfeMeF3LflqGBT8OaLD)!92xn7J3xLdO9 zv7tHJ724N>{9@G$V0L6*!_!P$>A&eYpM(c~u4Nq0!@;iAqb#N7ib&#q-^vj!;`S)a z8Llh7I4F+ZUYeBXvG4Qtq;3(Au{^f?A|O5fp&`iCjyc2k5mn>^z>Leao@LOcPu^^b z1QNI687$d2m8^wQbD^(yUu1fI)^HcBg2UU;vq5HHu&zdPi@D6E`F4e{LaD-lG487G+BZ%B z5ZZ*E@4s)odS?r7IKJx&kZ^IqVA#u;okn(y39+C^g3HJ7~^nx2%~)6xAw$)tCu~YNVYKB&XQY5rqtuP5l$JX)(7t)rK?W4 z4bXErWNf#)y5Fh_hf4hlP&(KT@D}Pruwr*FZIyR>;IK|)DmwZFpC03tsT_yh*J;cf z^B{a7zqG>Wlj_I$fUhzLw@%yBbo-%ND@iB_Z~NA>^5GLW3NfNYKawgE^2lPz?_#6) zH`S|@C@A6ioNSfJgo+;$?4o#;*sB-&W+|6e%ugH;xrRxEdWbnQ?6?b}@4=FGvED!| z8dHkwW~Y@U1pO0;oEUrpRSVkwrg@XK8$X7aajeiEKxK<13K_SzpgIqsU>}Rz@=K?r z_S^ONs-*MjNt*L(3JCN!@w{_Y1T{PI6JakWM&KY@WjbfF;?x$iqc&~F83Vq;Xdwl~ zdqcDW3G5xGoKJg_lNY@(?Sb@SD<`zDML3QGV3A42Is+{097-tcD)k+p{PuJMI>$N6 z3fw-vVo;9$$u0MFg@xA0+x`vs~*5QvKxZ&pU4`l$dWF($-zOCzR0 z1JEQMG~Ig<{xqJyw(O2Z>J(zt@M8JdQri?c%QZ*ThnYXkj#KA-`RtSbr!pnJ1O5VI zKNr-xq^-+tY-iN>s-Z)1$GqW+`87!Rk^#lDUDb18JZwJsLBTOy$;h;?2kR%W0!DHx zj)~rJTSb-X0L5-VM2HnBMG&99Dw>MG6kC!6Tz`q^XcDmD#Bav`wRC!n5OIz3sWyBq z%EAVRd+StW4%bDz(t){#33KyrnYi10BYo~@uB6nxbf=UX)dAX diff --git a/config/hosts/wind/data/secrets/ssh_key b/config/hosts/wind/data/secrets/ssh_key index 6dd0719e0a2e01d535cfb2b09f4283ff2e5be8b2..eb6c6ce820f06bfcb86e35ac2be652bba1afba14 100644 GIT binary patch literal 421 zcmV;W0b2e5M@dveQdv+`0R7@`2&LtMyF9^kuW0)6MWTUN0-F%xF&K z_gbw0+H<+A^c3o|2W2^qGaG^*IVah!UZBsU>vw5NXkQ(2u{Zb7=#pl_&4G11OShEr z=$XAMH#z?-o-B{f=U{@NfCo5R_&aji7CO4OU>g}|%flp9#KdEZ7-6eCSq42j@A$%I z&Ge+ck`>E&kHQc_#~b+>*~e8Juv%3DzV^aQD6q_XFE0on0;63Cjh{y8bxE(3-inC^ zY&^8{eijV`@Q-k>|DqNQc!Z#gb(7?VX}PB{luM2i2^f6s{hU*lFtJj#!p9+*Cae3K ze?k}DO5zX&?0`#2E%L~)026qktk0HJx0m&p0+<{K+A@3Y2G6g2bx>0fpcmr`j(m|c zLZu|wP*_6aFU`=!bTyTW6IqG?Wd&~l{Wr}!jmuMLwLffBY}D-?V-9<8T?ySw)gh%_ zndop!q|2YOjzifTq-%=Per@HhqR9X**Aw<3oEoEZZnl+X$?e}hQqm;(F(;Un+l`Wl Pq+BU1X1(+6o??pm7nsaI literal 421 zcmV;W0b2e5M@dveQdv+`0Q5Oyr)!zAng#EBdXbx^?&SqlvSmh)sB_e8aTyrMz3tyP zM`rDf)pH`h?fuQoeRA6D|9K3+s}~UzRTMcIeBX|gl!DvJgtv|Qk``ZBq2ddPq6-nG zLa07c?yW?Lp5~UxpDzsKgi=ftR_qBw5mnf{F_yT~F7Sq!2tcO03gQ!LN4dp->Zz z>&+Y-y_*LwsA;8J53KcI{NfSAY`VxuC#;s7-0-!&{c!hAhaWs#^{Z8!ZDsiK{NATU zC@NkCY%xe~w1Og%xk{(Kyh;B^58a529*T+bW^FYx92NYP(iIpk^lQoDl`;Cl4D@XY zr_%2hQqD@z2e}l}(i21nDHCF?Zrk}0aXPb|vmg1!9Qh@TGT@5AJO%xoHE`K>Otfwp z!xr0aXtMC;eJxno)wjEC+=}e5OCAe<61z1Zg~S0)_?ns#dbwkB2h$^)-$LZcZ~_N` P*H5*VUVO}HKCYjpAWYP` diff --git a/config/hosts/wind/data/secrets/ssh_key.pub b/config/hosts/wind/data/secrets/ssh_key.pub index 54b1d0ba842c0031de57ecff3ecabfdbedde5899..de5e67137b4b162f5f71220a0df95f5823c9e78c 100644 GIT binary patch literal 117 zcmV-*0E+(rM@dveQdv+`0N`d3%>v2L!UMZ$A*!(;Uq~GXP6NulLV`4jXegq+8c5!k z81gWJ54+gFrPBm2+A9_HR;vBF%ci4{%i9WKjT72W&$RgY%ACdnJOD5b4MH4?AKVuk Xq&M2;6HJ%=W%6VJk}T!XG+>$4v&S{F literal 115 zcmV-(0F3_tM@dveQdv+`0IksxY7@(rx%1xa@mc?L*?PVK|M@q5A50;l*_kBMz`zWr zesf-Bln4@dO)`iei}jc4lcZ(WqJu0A?qof@iV1?|VBQccKFEv?W-SmL!LT7z-9J>p Ve^S}A7;sEiCaul4CpSP^jGSMeHK+gp diff --git a/config/hosts/wind/services/borg.nix b/config/hosts/wind/services/borg.nix new file mode 100644 index 0000000..9c22666 --- /dev/null +++ b/config/hosts/wind/services/borg.nix @@ -0,0 +1,16 @@ +{ config, ... }: + +{ + services.borgbackup.jobs = { + gitea = { + paths = "/var/lib/gitea"; + repo = "ssh://borg@despondos.nao.sh//mnt/slab/backup/wind/gitea"; + encryption.mode = "repokey"; + encryption.passCommand = "cat ${config.secrets.files.borg_pass_gitea.file}"; + environment.BORG_RSH = "ssh -i ${config.secrets.files.ssh_key_gitea.file}"; + compression = "auto,zstd"; + startAt = "*-*-* 02:15:00"; + user = "gitea"; + }; + }; +} diff --git a/config/hosts/wind/services/gitea.nix b/config/hosts/wind/services/gitea.nix index b9a86a2..ec0d191 100644 --- a/config/hosts/wind/services/gitea.nix +++ b/config/hosts/wind/services/gitea.nix @@ -3,9 +3,6 @@ { services.gitea = { enable = true; - domain = "git.graven.dev"; - rootUrl = "https://git.graven.dev"; - enableUnixSocket = true; appName = "Graven Gitea"; settings = { "ui" = { "DEFAULT_THEME" = "arc-green"; }; }; database = { @@ -13,5 +10,8 @@ }; settings.service.DISABLE_REGISTRATION = true; settings.session.COOKIE_SECURE = true; + settings.server.DOMAIN = "git.graven.dev"; + settings.server.ROOT_URL = "https://git.graven.dev"; + settings.server.PROTOCOL = "http+unix"; }; }