diff --git a/hosts/clerie-backup/configuration.nix b/hosts/clerie-backup/configuration.nix index 00c9e7a..740c807 100644 --- a/hosts/clerie-backup/configuration.nix +++ b/hosts/clerie-backup/configuration.nix @@ -5,6 +5,7 @@ [ ./hardware-configuration.nix + ./replication.nix ./restic-server.nix ]; @@ -36,30 +37,6 @@ }; }; - # fix borgbackup primary grouping - users.users.borg.group = "borg"; - - services.borgbackup.jobs = { - backup-replication-hetzner = { - paths = [ - "/mnt/clerie-backup" - ]; - doInit = true; - repo = "u275370-sub2@u275370.your-storagebox.de:./clerie-backup/"; - encryption = { - mode = "none"; - }; - environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; }; - compression = "auto,lzma"; - startAt = "*-*-* 04:07:00"; - - readWritePaths = [ "/var/lib/prometheus-node-exporter/textfiles" ]; - postPrune = '' - echo "backup_replication_hetzner_last_successful_run_time $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/backup-replication-hetzner.prom - ''; - }; - }; - clerie.monitoring = { enable = true; id = "204"; diff --git a/hosts/clerie-backup/replication.nix b/hosts/clerie-backup/replication.nix new file mode 100644 index 0000000..37d38e6 --- /dev/null +++ b/hosts/clerie-backup/replication.nix @@ -0,0 +1,23 @@ +{ lib, ... }: + +with lib; + +{ + clerie.backup = { + enable = true; + targets = mkForce { + hetzner-storage-box = { + serverUrl = "sftp://u275370-sub2@u275370.your-storagebox.de:23"; + sshKeyFile = "/var/src/secrets/ssh/borg-backup-replication-hetzner"; + }; + }; + jobs.replication = { + paths = [ + "/mnt/clerie-backup/cyan" + ]; + exclude = [ + "/mnt/clerie-backup/cyan/.htpasswd" + ]; + }; + }; +} diff --git a/hosts/clerie-backup/secrets.json b/hosts/clerie-backup/secrets.json index 291dc8c..8224db5 100644 --- a/hosts/clerie-backup/secrets.json +++ b/hosts/clerie-backup/secrets.json @@ -1,19 +1,16 @@ { + "clerie-backup-job-replication": "ENC[AES256_GCM,data:J9zWkW1xGUiK73M=,iv:0PCJW1qrOMlX0Twy2HXGmqFzyXknE4dVdpJnnEbW36U=,tag:yxIdsqMHZgHLUIN+JCcZ6A==,type:str]", "restic-server-cyan-htpasswd": "ENC[AES256_GCM,data:Fe6lcXXy0Hu27Y2LtwQRbk+78+unSGkII144jtstOgK0pyjlJqG2mo8ZG7L+3mmthuu+leZ6XXadEcRGpby3eCwyVEYd3lDr930pPC8hChWYMC5mGkkRUAobYED63iVxcsc36PVFQYMCDbYvtcPk8uQTXfQmhs9kSzCrONrL1Id0L9D+sGoU0snpE+eCNXyiLwuyc1qocchhuHIwkGi4dyVJWgMsKGummF5Pf9zK4KzHmT6RuPouEUAfwHkdPwtOSJ8OqZof/C/CuPYmJQyfOFAqtw8xD9OXUpvyxjC1Kta89sL5cRAE0R15oPvNUmYGaXputm9iMycPjMacpouycx1TXMTEDB0caryX9uEFAyTfPm7keHT86qA1UfImWqEE9QqJ3uCeiwW698SbTZVeKLDBqDCPP+nP/L+N412d+HHyGugPOnTj1gXY50xeOay8Wryw87iDZ9rnJxcn0u5D4+JjOIbjWvydqBXacMD/o0NG2CcQu6LVRAHRiDKoSQWEwx25tzVwn2dsgFV8c3oQ0xQI7050R11Z3M9QWOvPmOZCvYV5VSoxu7r1jMu5asrcPbbhXKatbrabEHCAbDGsBpDkqts3BVUfUaHwboXVR0DxqOC6CHVE34J99SVTGI0kIHXyNqpeUJ36tCXFg7eNPNsu8cra9whjyUUHtw==,iv:Gfg3t3YPw2hz0LJ5hovPftMYOADN2Xjc93VmT2fFVQI=,tag:k6KH4qDPrFYIU2PGgW3F9Q==,type:str]", "wg-monitoring": "ENC[AES256_GCM,data:rOpBlDt9K//zlgWo1Bw9IX5jmpLbnit5zi60Ulz8f6tHwqVsKJv5NkxYc9A=,iv:Jlo0QZP6R1CEE20iLa7M/LV/ZX2/33oMv/FzBBo6nvY=,tag:Ttqo7BKd6RuUiMksW6rZnw==,type:str]", "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, "age": [ { "recipient": "age1px682xeu0xfkr49qdqe95er040p2vv3ugekk04e36jj2wqs7tyfs8mhclh", "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UCtUZ3NZQWxOK1FUNDhL\nbWhaanN2OEJIVmpMOURzWU1vcGhuODdtcDJnCm9Nb01NaVVpWDJ6Q3JCbXRkRUJP\nUVdFaGVScUdxRnlpSnRNOG1RalNRaFUKLS0tICs0cW1WR0JMUmdaVWVzdTh2bjFm\nenBzaERpb1hCS1E3TUo3cmxpZFUxWmcKcLL5/YTGyZEVLwHSpbEI5XfWGklkI7h+\n0uhCww8Wh23EpUYFslZ0Nnbf5HX5/Z34qBwf20cvN8eLToTAQvTdeg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-02-16T18:13:34Z", - "mac": "ENC[AES256_GCM,data:io2WVxTxHSlxrk7JaN6/fUI7YotvPfgbXTD1lEf1tN7QhuGRH/iZrji/VQlhJ8tk2dAS1Pe0rsTuxCMXcXcxRIh4EYbQky5IZj5jpfPcslQOquTcXzmPYdijPUWSqu6leGc0GG/7KccjSFD8TfwAgeuVrc2Br57yfqKoPf+M0fY=,iv:iYp73PrFnLZoI9014mbqQQERhFtfhb5YmzV6HiUi+YM=,tag:2AZEzhVVdEos5FLkg8cr5w==,type:str]", + "lastmodified": "2025-11-16T16:13:47Z", + "mac": "ENC[AES256_GCM,data:ksW2wq/EWTi9dKppGhEheVQ74G6riy1asiDmdsC78bfeAJHTbXqlni5u11DIbo67sdpZE+xXJiB1woLEcG0B4wS92r5MIWhQrul+ot95UnwVFceYLkO4KLxgOjlJzgHKuWq/ccOoKnucd/vmagQ5E/4ubBXMOHvHVLL4dNYOsDo=,iv:unLO6F/b1mAIefWfvD0PW840pTWUULgwJSl6mh637q4=,tag:0dlOFTAmLZc7oXJ25SeH1A==,type:str]", "pgp": [ { "created_at": "2024-05-05T12:12:27Z", @@ -22,6 +19,6 @@ } ], "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" + "version": "3.11.0" } -} \ No newline at end of file +}