Backups for gitea

This commit is contained in:
Erwin Boskma 2022-10-30 21:06:18 +01:00
parent e4255b7ddb
commit a41c19ccc1
Signed by: erwin
SSH key fingerprint: SHA256:CyeNoWXd3kjX2Nwu6pDxxdS7OqmPVOy0NavA/KU/ntU
6 changed files with 47 additions and 5 deletions

View file

@ -1,4 +1,3 @@
{ pkgs { pkgs
, config , config
, lib , lib

37
machines/gitea/backup.nix Normal file
View file

@ -0,0 +1,37 @@
{ pkgs, config, lib, ... }:
with lib;
let
giteaCfg = config.services.gitea;
borgJob = name: {
environment = {
BORG_RSH = "ssh -i ${config.sops.secrets.gitea_backup_ssh_key.path}";
};
repo = "ssh://zh2088@zh2088.rsync.net:backups/gitea/${name}";
compression = "zstd,10";
startAt = "*-*-* 2,6,10,14,18,22:30:00";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.gitea_backup_pass.path}";
};
prune = {
keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
in
{
services.borgbackup.jobs = mkIf giteaCfg.enable {
repos = borgJob "gitea" // {
paths = [ "/var/lib" ];
};
};
environment.systemPackages = [ pkgs.borgbackup ];
}

View file

@ -3,6 +3,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../users/root ../../users/root
../../users/erwin ../../users/erwin
./backup.nix
]; ];
eboskma = { eboskma = {
@ -51,6 +52,8 @@
gitea_db_password = { gitea_db_password = {
owner = "git"; owner = "git";
}; };
gitea_backup_ssh_key = { };
gitea_backup_pass = { };
}; };
system.stateVersion = "22.05"; system.stateVersion = "22.05";

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINW2iXu6SPhql2AxGlUEsvrE1v0T4wKsVqlbYaicZ9fp gitea-backup

View file

@ -1,4 +1,6 @@
gitea_db_password: ENC[AES256_GCM,data:DhTDb2LuzEnkdSztIsSoICIz1qIpqNQYp2Z69NDNqPib3u/fzjnt6EyI5k9+0c2s0+AZBKPzItCm61WKquoIV80MsDgROANP2LP63j+id4KHMtIvvT7TBZelN8vaZnM422MutUzOFYB0+SA2LcSDtTHL9WKtqTnF4AjK3UpKjYk=,iv:zK65d01tXoSPYIu2JxRy2O8wURD73AqM7r+80H2nzAs=,tag:qc63u9c9/NaMT/OI5IsuLQ==,type:str] gitea_db_password: ENC[AES256_GCM,data:DhTDb2LuzEnkdSztIsSoICIz1qIpqNQYp2Z69NDNqPib3u/fzjnt6EyI5k9+0c2s0+AZBKPzItCm61WKquoIV80MsDgROANP2LP63j+id4KHMtIvvT7TBZelN8vaZnM422MutUzOFYB0+SA2LcSDtTHL9WKtqTnF4AjK3UpKjYk=,iv:zK65d01tXoSPYIu2JxRy2O8wURD73AqM7r+80H2nzAs=,tag:qc63u9c9/NaMT/OI5IsuLQ==,type:str]
gitea_backup_ssh_key: ENC[AES256_GCM,data:t+Pu22ziCtpOt5cSdQB9ubfeLRYn6k++dCrMpcuF69AX3yCeZGDAabGx7FHeTFQ0xiUrXo9LxwxJrFAnguOtis67SOT0AO0f6HhrrWTo7XxvuSRRNB3Tk0i8hEXj6KPQMHcqenHLX0T1wJ1ZL/DQCaTgtXBFE5/UlLiF9vWS/OKHNZcRZlpPHWjvBsSfyI6fblmbRUlfekVZKkojA7NQLKSOv5O9oo9v82jQJKk4l+/QBrhmuSpk+AsMob3tRX3EAz/E8ZXo/Zoh1qxUPPWn+jn2PT+dfKUp4DzuJlnJAShjG5H94BcW+7p6g469my5VohpPmZTSCkp6AxDQgSGuWczpksdKRM5aDuIEYdd0DdvbdnZWORZMZamCwsfwRec/hvBbT+h8zjnWqNhsHVdtjLePUQdzXxAksUM2DKGKRyZHhCkKmsx8WqrHzxnJYJVa+e/E3xY4JQ7+zhTrp/FtuiWQitr9kohZupmmBLdBeVQpde2XXdFc7FPAHeCdT2mtE+Z2BfbHjrv4pEEnicXt,iv:iWi4uKEVlAGSNvJj11rnBcCZtp9EJlAjUwxuosOZctQ=,tag:DRPAD/ojMS6BkPtfPWKTag==,type:str]
gitea_backup_pass: ENC[AES256_GCM,data:6UgfUOgLpCZrRNEcsrG7JKFp4isTSGcuedRnE2tDTe7sHe+8Ky+07VsEW+kUdIx8GnluajpatSeWLCeVT72pJazfz6aECblDLQPJLK9odpwmoqZKHz9wSntnofPWT0CAVYSRG1/NPoyzeIY4+Qu4u4ZmuWmRo/Wy2Sz1jhPapR8=,iv:q0+fbP8pE1uRVuEgN/nl0qV4ymNfhmKdHlZN0MU7QUw=,tag:aCD75vFgcgTkfdBHvbtetw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -23,8 +25,8 @@ sops:
RW1CWDlrZ1FYSStNYVJzZHpkNWVaTG8KUxGxfbma4OE7UPlv3lDtu9v/h0Jx1vYx RW1CWDlrZ1FYSStNYVJzZHpkNWVaTG8KUxGxfbma4OE7UPlv3lDtu9v/h0Jx1vYx
7hfDVn+yOamCsqs77kmuTprQyAZbiPh2AzYxCkqy657XOdaq4gThWQ== 7hfDVn+yOamCsqs77kmuTprQyAZbiPh2AzYxCkqy657XOdaq4gThWQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2022-04-26T19:26:23Z" lastmodified: "2022-10-26T18:26:01Z"
mac: ENC[AES256_GCM,data:8KcUH12RqxkuX7MQpm4Xtl0YNUnhj/ef55ix8mb59ncLfjWauM7KlYVJg+La0FrqvWOFNNsMTYiBNlt/1KU9tqJs7kjzQQvhkcUDA6jAnFKtLCV6X8fd+3mon2UUL6eh5FDWjy3lTp45VrWNwTjC+LP1RAGGG7ie4tuI69PM1h0=,iv:SoU3hXDCZwJk4BLgjFU00rQUdqxlD5j8LcdQ8RZvbGs=,tag:9uveuZWgDesins8lk5w9Dw==,type:str] mac: ENC[AES256_GCM,data:byjcMu8J5cAeOoU0mAZbJL/bkX3utCXk7VuBhApz8F/6N0ekyLixUHVqBcShp7XgWs4MU3GewVaMZZNqPkEfj15PgEWxxfpsE4HiLN6eaI6Fx21X2CmllQQ5qjeRQVZwkJchrpCO4rp/Q+nFqyVYMgAr8yJm85zZ3FIvHPbErOY=,iv:RsXReft0DUnPr/huYQYZkPy/0iCeEiU3k881KqhcUiY=,tag:JqD3o2BLU8PrBYCeLtdZjg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.2 version: 3.7.3