Introduce new stage 2 backup strategy

2022-01-11 21:31:25 +01:00
parent 9f1d07c119
commit ebd1aeb05a
2 changed files with 21 additions and 15 deletions
--- a/hosts/clerie-backup/configuration.nix
+++ b/hosts/clerie-backup/configuration.nix
@@ -75,6 +75,22 @@
  # fix borgbackup primary grouping
  users.users.borg.group = "borg";
  services.borgbackup.jobs = {
    backup-replication-palladium = {
      paths = [
        "/mnt/clerie-backup"
      ];
      doInit = true;
      repo =  "borg@palladium.net.clerie.de:." ;
      encryption = {
        mode = "none";
      };
      environment = { BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-palladium"; };
      compression = "auto,lzma";
      startAt = "weekly";
    };
  };
  users.users.backup-replication = {
    isNormalUser = true;
    group = "backup-replication";
--- a/hosts/palladium/configuration.nix
+++ b/hosts/palladium/configuration.nix
@@ -24,21 +24,11 @@
    KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k"
  '';
-  services.rsnapshot = {
+  services.borgbackup.repos.clerie-backup = {
-    enable = true;
+    path = "/mnt/palladium/clerie-backup";
-    extraConfig = ''
+    authorizedKeysAppendOnly = [
-      snapshot_root	/mnt/palladium/
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyk716RnbenPMkhLolyIkU8ywUSg8x7hjsXFFQoJx4I root@clerie-backup"
-      rsync_short_args	-rltD
+    ];
      retain	alpha	14
      ssh_args	-o BatchMode=yes -o IdentityFile=/var/src/secrets/rsnapshot/id_rsa
      backup	backup-replication@clerie-backup.net.clerie.de:/clerie-backup-replication/*	clerie-backup/
    '';
    # rsync_short_args
    # -a -> -rlptgoD
    # -rltD ist wie -a nur das alle Dateiberechtigungen und Besitzangabe ignoriert werden
    cronIntervals = {
      alpha = "0 9 * * * ";
    };
  };
  clerie.monitoring = {