Compare commits
2 Commits
fcb7057b9d
...
fd1d9a2252
Author | SHA1 | Date | |
---|---|---|---|
fd1d9a2252 | |||
5b6cadecbe |
@ -89,6 +89,23 @@
|
|||||||
compression = "auto,lzma";
|
compression = "auto,lzma";
|
||||||
startAt = "*-*-* 06:23:00";
|
startAt = "*-*-* 06:23:00";
|
||||||
};
|
};
|
||||||
|
backup-replication-external-drive = {
|
||||||
|
paths = [
|
||||||
|
"/mnt/clerie-backup"
|
||||||
|
];
|
||||||
|
doInit = true;
|
||||||
|
repo = "borg@palladium.net.clerie.de:." ;
|
||||||
|
encryption = {
|
||||||
|
mode = "none";
|
||||||
|
};
|
||||||
|
environment = {
|
||||||
|
BORG_RSH = "ssh -i /var/src/secrets/ssh/borg-backup-replication-external-drive";
|
||||||
|
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK = "yes";
|
||||||
|
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
|
||||||
|
};
|
||||||
|
compression = "auto,lzma";
|
||||||
|
startAt = "*-*-* 08:37:00";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.backup-replication = {
|
users.users.backup-replication = {
|
||||||
@ -96,7 +113,7 @@
|
|||||||
group = "backup-replication";
|
group = "backup-replication";
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8kCLiDfVFKgoNvEoMb34jp2n1lQG+k7wigzc4qGmrROlWkJ46/Ym4UrSeQJAd6hwHTcKTZkeOrqDAjZZ+jlidpncJHT5VMW5Ah965pxbBq6Qh1Yz5tKj7nLAQ/+bwEH4qqBFNd796876n3pY/FqhwAHWONqWhLKzMXpFursMSITUPmRXcaPwJrgS9DIYspZ9bBhhRSdQ5N1SiGtaszOQwdevLnNYqdtFOBG4rt9SO6IBIHtaiTIHrrMGS2Lt3NMwkq+O+N+TGaKLjbwqtfUPfPOCmY0XH12OawjxHP9hZ+WH3dPtcu5p+VORciSybPvyh9qzXUrDeO4HDuii2GEFU8JFELYXdT/qBwdIMp82tkgww0zKbTJuc0y/9eR7LCXop4OALhR8+8xWDI9c1ccxu3T7S7zUI1OmTlR9i8rx85D4sz2dtp1jirDoW2KVuIdwe6G3NLfTL95FZRmveEQM3MO8MPpfzZ4EvaMbiQQd/c4VAmGovtSLQhySTpT6qSv0= root@backup-4"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8kCLiDfVFKgoNvEoMb34jp2n1lQG+k7wigzc4qGmrROlWkJ46/Ym4UrSeQJAd6hwHTcKTZkeOrqDAjZZ+jlidpncJHT5VMW5Ah965pxbBq6Qh1Yz5tKj7nLAQ/+bwEH4qqBFNd796876n3pY/FqhwAHWONqWhLKzMXpFursMSITUPmRXcaPwJrgS9DIYspZ9bBhhRSdQ5N1SiGtaszOQwdevLnNYqdtFOBG4rt9SO6IBIHtaiTIHrrMGS2Lt3NMwkq+O+N+TGaKLjbwqtfUPfPOCmY0XH12OawjxHP9hZ+WH3dPtcu5p+VORciSybPvyh9qzXUrDeO4HDuii2GEFU8JFELYXdT/qBwdIMp82tkgww0zKbTJuc0y/9eR7LCXop4OALhR8+8xWDI9c1ccxu3T7S7zUI1OmTlR9i8rx85D4sz2dtp1jirDoW2KVuIdwe6G3NLfTL95FZRmveEQM3MO8MPpfzZ4EvaMbiQQd/c4VAmGovtSLQhySTpT6qSv0= root@backup-4"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRANmJ2LYUr0Mavz/JJ7j+7p1zkqvizf6ZLt5XOJ2fj0enDuK7Dc5fxiESLGYTsLRVWuY4hNXVIL7aeJUj1LPf6LEX87APP4hb95t+TFxcES87tFfnFO48eiBbSd25Av2jmHGb6/wY2viYBxfk/vrLjPR6RgICqFsWFcz20bsWmc48FdzXYJCGJfKjHiW+Ut95VL+M/AlGBQHo33FNDyPXV4zh+MeWVkOFicwfh0k+4NH7Psj5n93m9szAlz306t5YZ32HnhSlvObkMk1Ugy6AzPKXrgKBu11pmatf7sFRx1ikYGUiKiezGjatt/8lYZfE8rQKQjwH+6LPt3ZPv06ncfKpH2vbZfonM0KhSsm1OIhJTse+X7ZMxizO6QqYM+BRJJGMbhH1g+6kFRsdlwakHNPE9YvG4NxZ1NxWTUr6F0gPhUEy61LkTnznt3ct1hgQR02KDQ+9i8PvaYeIIzZzRKufv4tV7OZkDLbN97tvAMkgpLjF+8fCg3qjn2Lckzc= root@palladium"
|
#"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRANmJ2LYUr0Mavz/JJ7j+7p1zkqvizf6ZLt5XOJ2fj0enDuK7Dc5fxiESLGYTsLRVWuY4hNXVIL7aeJUj1LPf6LEX87APP4hb95t+TFxcES87tFfnFO48eiBbSd25Av2jmHGb6/wY2viYBxfk/vrLjPR6RgICqFsWFcz20bsWmc48FdzXYJCGJfKjHiW+Ut95VL+M/AlGBQHo33FNDyPXV4zh+MeWVkOFicwfh0k+4NH7Psj5n93m9szAlz306t5YZ32HnhSlvObkMk1Ugy6AzPKXrgKBu11pmatf7sFRx1ikYGUiKiezGjatt/8lYZfE8rQKQjwH+6LPt3ZPv06ncfKpH2vbZfonM0KhSsm1OIhJTse+X7ZMxizO6QqYM+BRJJGMbhH1g+6kFRsdlwakHNPE9YvG4NxZ1NxWTUr6F0gPhUEy61LkTnznt3ct1hgQR02KDQ+9i8PvaYeIIzZzRKufv4tV7OZkDLbN97tvAMkgpLjF+8fCg3qjn2Lckzc= root@palladium"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -6,39 +6,18 @@ let
|
|||||||
|
|
||||||
DEVICE=/dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
|
DEVICE=/dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
|
||||||
|
|
||||||
cryptsetup luksOpen ''${DEVICE} external-drive
|
${pkgs.cryptsetup}/bin/cryptsetup luksOpen ''${DEVICE} external-drive
|
||||||
mkdir -p /mnt/external-drive
|
mkdir -p /mnt/external-drive
|
||||||
mount /dev/mapper/external-drive /mnt/external-drive
|
mount /dev/mapper/external-drive /mnt/external-drive
|
||||||
'';
|
'';
|
||||||
|
|
||||||
cb-sync = pkgs.writeScriptBin "cb-sync" ''
|
|
||||||
#!${pkgs.bash}/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Check, if the something is mounted in our sycdir
|
|
||||||
if grep -qs '/mnt/external-drive' /proc/mounts
|
|
||||||
then
|
|
||||||
echo "fine"
|
|
||||||
else
|
|
||||||
echo "Please plug in a backup drive and mount it using cb-mount"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
SNAPSHOT_NAME=$(${pkgs.borgbackup}/bin/borg list --last 1 --short /mnt/palladium/clerie-backup)
|
|
||||||
${pkgs.borgbackup}/bin/borg mount /mnt/palladium/clerie-backup::$SNAPSHOT_NAME /mnt/clerie-backup-mount
|
|
||||||
${pkgs.bindfs}/bin/bindfs /mnt/clerie-backup-mount/mnt/clerie-backup /mnt/clerie-backup
|
|
||||||
${pkgs.borgbackup}/bin/borg create /mnt/external-drive/clerie-backup::$SNAPSHOT_NAME /mnt/clerie-backup
|
|
||||||
umount /mnt/clerie-backup
|
|
||||||
${pkgs.borgbackup}/bin/borg unmoumt /mnt/clerie-backup-mount
|
|
||||||
'';
|
|
||||||
|
|
||||||
cb-unmount = pkgs.writeScriptBin "cb-unmount" ''
|
cb-unmount = pkgs.writeScriptBin "cb-unmount" ''
|
||||||
#!${pkgs.bash}/bin/bash
|
#!${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
umount /mnt/external-drive
|
umount /mnt/external-drive
|
||||||
cryptsetup luksClose external-drive
|
${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in {
|
in {
|
||||||
environment.systemPackages = with pkgs; [ pkgs.cryptsetup cb-mount cb-sync cb-unmount ];
|
environment.systemPackages = [ cb-mount cb-unmount ];
|
||||||
}
|
}
|
||||||
|
@ -27,11 +27,19 @@
|
|||||||
KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k"
|
KERNEL=="sd?[0-9]", ENV{ID_MODEL}=="ST1000DM003-1SB102", ACTION=="add", RUN+="${pkgs.hdparm}/sbin/hdparm -S 24 /dev/%k"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.borgbackup.repos.clerie-backup = {
|
services.borgbackup.repos = {
|
||||||
path = "/mnt/palladium/clerie-backup";
|
clerie-backup = {
|
||||||
authorizedKeysAppendOnly = [
|
path = "/mnt/palladium/clerie-backup";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyk716RnbenPMkhLolyIkU8ywUSg8x7hjsXFFQoJx4I root@clerie-backup"
|
authorizedKeysAppendOnly = [
|
||||||
];
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyk716RnbenPMkhLolyIkU8ywUSg8x7hjsXFFQoJx4I root@clerie-backup"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
external-drive = {
|
||||||
|
path = "/mnt/external-drive/clerie-backup";
|
||||||
|
authorizedKeysAppendOnly = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuh74Esdp8JPgIZzM372DaCwtAl2QNtRratnIFG0NRB root@clerie-backup"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
clerie.monitoring = {
|
clerie.monitoring = {
|
||||||
|
@ -16,7 +16,7 @@
|
|||||||
root = fetchGit {
|
root = fetchGit {
|
||||||
url = "https://git.clerie.de/clerie/clerie.de.git";
|
url = "https://git.clerie.de/clerie/clerie.de.git";
|
||||||
ref = "main";
|
ref = "main";
|
||||||
rev = "23e7b06dc15a8dcc320b2db9508e2192d33236cb";
|
rev = "67738c06cff85e2cefbea87d45c277bd01a3778a";
|
||||||
};
|
};
|
||||||
locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
|
locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
Loading…
Reference in New Issue
Block a user