Backups for gitea
This commit is contained in:
parent
e4255b7ddb
commit
a41c19ccc1
6 changed files with 47 additions and 5 deletions
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
{ pkgs
|
{ pkgs
|
||||||
, config
|
, config
|
||||||
, lib
|
, lib
|
||||||
|
|
37
machines/gitea/backup.nix
Normal file
37
machines/gitea/backup.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{ pkgs, config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
giteaCfg = config.services.gitea;
|
||||||
|
|
||||||
|
borgJob = name: {
|
||||||
|
environment = {
|
||||||
|
BORG_RSH = "ssh -i ${config.sops.secrets.gitea_backup_ssh_key.path}";
|
||||||
|
};
|
||||||
|
repo = "ssh://zh2088@zh2088.rsync.net:backups/gitea/${name}";
|
||||||
|
compression = "zstd,10";
|
||||||
|
startAt = "*-*-* 2,6,10,14,18,22:30:00";
|
||||||
|
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.sops.secrets.gitea_backup_pass.path}";
|
||||||
|
};
|
||||||
|
|
||||||
|
prune = {
|
||||||
|
keep = {
|
||||||
|
within = "1d";
|
||||||
|
daily = 7;
|
||||||
|
weekly = 4;
|
||||||
|
monthly = -1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.borgbackup.jobs = mkIf giteaCfg.enable {
|
||||||
|
repos = borgJob "gitea" // {
|
||||||
|
paths = [ "/var/lib" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.borgbackup ];
|
||||||
|
}
|
|
@ -3,6 +3,7 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../users/root
|
../../users/root
|
||||||
../../users/erwin
|
../../users/erwin
|
||||||
|
./backup.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
eboskma = {
|
eboskma = {
|
||||||
|
@ -51,6 +52,8 @@
|
||||||
gitea_db_password = {
|
gitea_db_password = {
|
||||||
owner = "git";
|
owner = "git";
|
||||||
};
|
};
|
||||||
|
gitea_backup_ssh_key = { };
|
||||||
|
gitea_backup_pass = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
1
machines/gitea/id_ed25519-gitea-backup.pub
Normal file
1
machines/gitea/id_ed25519-gitea-backup.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINW2iXu6SPhql2AxGlUEsvrE1v0T4wKsVqlbYaicZ9fp gitea-backup
|
|
@ -1,4 +1,6 @@
|
||||||
gitea_db_password: ENC[AES256_GCM,data:DhTDb2LuzEnkdSztIsSoICIz1qIpqNQYp2Z69NDNqPib3u/fzjnt6EyI5k9+0c2s0+AZBKPzItCm61WKquoIV80MsDgROANP2LP63j+id4KHMtIvvT7TBZelN8vaZnM422MutUzOFYB0+SA2LcSDtTHL9WKtqTnF4AjK3UpKjYk=,iv:zK65d01tXoSPYIu2JxRy2O8wURD73AqM7r+80H2nzAs=,tag:qc63u9c9/NaMT/OI5IsuLQ==,type:str]
|
gitea_db_password: ENC[AES256_GCM,data:DhTDb2LuzEnkdSztIsSoICIz1qIpqNQYp2Z69NDNqPib3u/fzjnt6EyI5k9+0c2s0+AZBKPzItCm61WKquoIV80MsDgROANP2LP63j+id4KHMtIvvT7TBZelN8vaZnM422MutUzOFYB0+SA2LcSDtTHL9WKtqTnF4AjK3UpKjYk=,iv:zK65d01tXoSPYIu2JxRy2O8wURD73AqM7r+80H2nzAs=,tag:qc63u9c9/NaMT/OI5IsuLQ==,type:str]
|
||||||
|
gitea_backup_ssh_key: ENC[AES256_GCM,data:t+Pu22ziCtpOt5cSdQB9ubfeLRYn6k++dCrMpcuF69AX3yCeZGDAabGx7FHeTFQ0xiUrXo9LxwxJrFAnguOtis67SOT0AO0f6HhrrWTo7XxvuSRRNB3Tk0i8hEXj6KPQMHcqenHLX0T1wJ1ZL/DQCaTgtXBFE5/UlLiF9vWS/OKHNZcRZlpPHWjvBsSfyI6fblmbRUlfekVZKkojA7NQLKSOv5O9oo9v82jQJKk4l+/QBrhmuSpk+AsMob3tRX3EAz/E8ZXo/Zoh1qxUPPWn+jn2PT+dfKUp4DzuJlnJAShjG5H94BcW+7p6g469my5VohpPmZTSCkp6AxDQgSGuWczpksdKRM5aDuIEYdd0DdvbdnZWORZMZamCwsfwRec/hvBbT+h8zjnWqNhsHVdtjLePUQdzXxAksUM2DKGKRyZHhCkKmsx8WqrHzxnJYJVa+e/E3xY4JQ7+zhTrp/FtuiWQitr9kohZupmmBLdBeVQpde2XXdFc7FPAHeCdT2mtE+Z2BfbHjrv4pEEnicXt,iv:iWi4uKEVlAGSNvJj11rnBcCZtp9EJlAjUwxuosOZctQ=,tag:DRPAD/ojMS6BkPtfPWKTag==,type:str]
|
||||||
|
gitea_backup_pass: ENC[AES256_GCM,data:6UgfUOgLpCZrRNEcsrG7JKFp4isTSGcuedRnE2tDTe7sHe+8Ky+07VsEW+kUdIx8GnluajpatSeWLCeVT72pJazfz6aECblDLQPJLK9odpwmoqZKHz9wSntnofPWT0CAVYSRG1/NPoyzeIY4+Qu4u4ZmuWmRo/Wy2Sz1jhPapR8=,iv:q0+fbP8pE1uRVuEgN/nl0qV4ymNfhmKdHlZN0MU7QUw=,tag:aCD75vFgcgTkfdBHvbtetw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -23,8 +25,8 @@ sops:
|
||||||
RW1CWDlrZ1FYSStNYVJzZHpkNWVaTG8KUxGxfbma4OE7UPlv3lDtu9v/h0Jx1vYx
|
RW1CWDlrZ1FYSStNYVJzZHpkNWVaTG8KUxGxfbma4OE7UPlv3lDtu9v/h0Jx1vYx
|
||||||
7hfDVn+yOamCsqs77kmuTprQyAZbiPh2AzYxCkqy657XOdaq4gThWQ==
|
7hfDVn+yOamCsqs77kmuTprQyAZbiPh2AzYxCkqy657XOdaq4gThWQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2022-04-26T19:26:23Z"
|
lastmodified: "2022-10-26T18:26:01Z"
|
||||||
mac: ENC[AES256_GCM,data:8KcUH12RqxkuX7MQpm4Xtl0YNUnhj/ef55ix8mb59ncLfjWauM7KlYVJg+La0FrqvWOFNNsMTYiBNlt/1KU9tqJs7kjzQQvhkcUDA6jAnFKtLCV6X8fd+3mon2UUL6eh5FDWjy3lTp45VrWNwTjC+LP1RAGGG7ie4tuI69PM1h0=,iv:SoU3hXDCZwJk4BLgjFU00rQUdqxlD5j8LcdQ8RZvbGs=,tag:9uveuZWgDesins8lk5w9Dw==,type:str]
|
mac: ENC[AES256_GCM,data:byjcMu8J5cAeOoU0mAZbJL/bkX3utCXk7VuBhApz8F/6N0ekyLixUHVqBcShp7XgWs4MU3GewVaMZZNqPkEfj15PgEWxxfpsE4HiLN6eaI6Fx21X2CmllQQ5qjeRQVZwkJchrpCO4rp/Q+nFqyVYMgAr8yJm85zZ3FIvHPbErOY=,iv:RsXReft0DUnPr/huYQYZkPy/0iCeEiU3k881KqhcUiY=,tag:JqD3o2BLU8PrBYCeLtdZjg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.2
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in a new issue