miniflux: Enable backups

This commit is contained in:
Erwin Boskma 2024-08-20 11:44:39 +02:00
parent bc117d8bfb
commit b1cafa2440
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
3 changed files with 59 additions and 2 deletions

52
machines/read/backup.nix Normal file
View file

@ -0,0 +1,52 @@
{ pkgs, config, ... }:
let
borgJob = name: {
environment = {
BORG_RSH = "ssh -i ${config.sops.secrets.miniflux-backup-ssh-key.path}";
};
repo = "ssh://zh2088@zh2088.rsync.net/./backups/read/${name}";
compression = "zstd,10";
startAt = "*-*-* 2:30:00";
extraInitArgs = "--make-parent-dirs";
archiveBaseName = name;
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.miniflux-backup-pass.path}";
};
prune = {
keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
in
{
services = {
borgbackup.jobs = {
postgresql = borgJob "postgresql" // {
paths = [ "/var/backup/postgresql" ];
};
miniflux = borgJob "miniflux" // {
paths = [ "/var/lib/miniflux" ];
};
};
postgresqlBackup = {
enable = true;
backupAll = true;
# borg will do compression and deduplication
compression = "none";
startAt = "*-*-* 02:00:00";
};
};
environment.systemPackages = [ pkgs.borgbackup ];
}

View file

@ -11,6 +11,7 @@
../../users/root
../../users/erwin
./backup.nix
./miniflux
];
@ -97,6 +98,8 @@
sops.secrets = {
caddy-env = { };
miniflux-env = { };
miniflux-backup-ssh-key = { };
miniflux-backup-pass = { };
};
system.stateVersion = "24.11";

View file

@ -1,5 +1,7 @@
caddy-env: ENC[AES256_GCM,data:gw+QSN+c2Lp2F4wNzhTXklq9sUrDT389KLAh2YRpZbqxWpodx4LPJ1uIUsMC1TdeYmq+lkI+,iv:iXjLwOfQo9wEa9bBlE5HYUKDNriJgcm7hxPsBys62hk=,tag:DbutFgWz5ZqHE1/aP4+7Ag==,type:str]
miniflux-env: ENC[AES256_GCM,data:5H+/yRuPW6BodnHaq3E7bcqD7xSRLHwle6BdSpsyFPUY9lw7JT4445lnQlV/uliGJJTu0H9N3G5KhsDQbvvU8vw+5yQvX4EgYQnJfYMyEn8LmQE+ErGz5Lpx3A6sjFuy0KHCqbFJwf5jjfZwuxvNdTKv34gnR2u9+4Vyg5qjwAP4jw==,iv:HfLie5OUOkEKjSmm7rBfOtVhkIq9GA3NRfwDg5AD7MQ=,tag:1ysgjaklV6twaLPe5na+hw==,type:str]
miniflux-backup-ssh-key: ENC[AES256_GCM,data:dr6ftji0Z8DXHY2fizf04/mjmE+KSDs3o8gqm/hfx+zfJenm6OzRItrfHrF4XkwsuACOsFNAx8U8kJMiAf/08FTIV3bz7gTo8faiVxl3ONUiqnVbA1SwooWgXrXBclmCLNq8c8XLzwigER6oO9BrR6vNxcUaMiDHgYKTeYCl6cl1f4aBB83aCMX/hFRvKVsPqCZgwU5V9CMWk2fomRccJ1AiRs/LuVjGsYTvTChr3itOVcwkhy4jlys2iifHdUumRtaAdVRlJOgux/NxKKwH6wXY+d6NFebUKz1zdKLPeO0hLMo6ynvnpdQs74Ph80VwtDslYtm1VTVl0uvDWSQrccSWdZH8CS4iGwCFBjoALlTz51QVf9DAttOqx7f3G8UsUHtwgVJ5AC/0ghv1mSt0L5CY6HjWw3KdNt9NM1kQejFUx57hWlggiJ7TDvtbhHkwZj1r90SiI3G9xbh65wwvAOyMEfg6ZrAFBNu+brt4MOFkvutzgDXTr04DivfkDJiQjZLNJWJyonLpsWTNwuJ7ql9cbBhtkB21MnKW,iv:Td3K5w/lPJcfZkmBgzeHY/H6U1VOIntjq00Hd7igAQ8=,tag:0jvn0eymOTDXeRNQVpE3zg==,type:str]
miniflux-backup-pass: ENC[AES256_GCM,data:Ce2WmfTiS1/AMryheEjtfB6GBaNqDt6fUGUQdcGF8YFl/+sguiHxHtw5aK2INwlOkHcpSWoPicsc2MvMiZpbV5OFY9y+PEWaqSFECZ/SzNsq8xtLCUo+0BfiptcsRBS7GuAaajsMlcRDUVBJ5Fhf37/+vQKCFZcndwO1ODqtsXU=,iv:hRCI0gWVIzGaFm4jZjW0ydXjusmNlBDp29vvXV+uBaQ=,tag:/DRnc5ZTAaOoUXzKWls50g==,type:str]
sops:
kms: []
gcp_kms: []
@ -33,8 +35,8 @@ sops:
alprbldiMEtZQ29DaUJzaEZlWmxXTmMKPYHIg4fMR5fbCoCAyHHuL/WGfn4D6mXJ
yulfOqthMxvvWr+9sOBeAWIWSCcc0DBmDjvUTaDqVA7pnhZE+hQ2mw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-15T22:03:26Z"
mac: ENC[AES256_GCM,data:T4BUMEd6lxXtndOH52M2SGqMm08kW6tG4VDcpaBv5De+DmSaXX2cojM2MIOVBnQjNxCT6534RZAvnG4cQkUiIgaqP+PDyb1w0cYnv+zfgE/yHQ/AkBXlnr4jblJLYtU/04HpFm5OGvjYxqXDrrcWu/tZD6lZgiDcqLO5R+V0Azg=,iv:/WNzbV8YJpdVD7nF+AFQz/why5QFKGYidIgh1V8VLGA=,tag:RyyZRIsF7kyg+ZgDD+7DhQ==,type:str]
lastmodified: "2024-08-20T09:39:02Z"
mac: ENC[AES256_GCM,data:jEngkwYqZc8vUS1y6pXYz+e5Wgo50+K5hILCzEbV12xNEquZrTwOix8jSqIO0jkZeApGBwi9YNeaIFVcDfcXB+NUvYQUG2Xycbi6s40Srq1Ddk4RAeSXprpB2fDOdiGRJcVcDbM2JBcR2BumIw5Jj0U87y69ib5wq5btzCNO8f8=,iv:VyKBOahM0J94EecJBEzmu44OEXDGNQaJ0jaPbB498c8=,tag:vn2ghrAHyGHFqQOnjHfKqw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0