erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Add backups for minio data

Browse source
This commit is contained in:
Erwin Boskma 2023-09-11 20:12:52 +02:00
parent bbe1c395c6
commit b62e559630
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
4 changed files with 47 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
machines/gitea/configuration.nix
View file

@ -26,25 +26,6 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
# networking = {
# hostName = "gitea";
# useDHCP = false;
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.201";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = { proxmoxLXC = {
privileged = true; privileged = true;
}; };

39
machines/minio/backup.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, config, lib, ... }:
with lib;
let
minioCfg = config.services.minio;
borgJob = name: {
environment = {
BORG_RSH = "ssh -i ${config.sops.secrets.minio_backup_ssh_key.path}";
};
repo = "ssh://zh2088@zh2088.rsync.net/./backups/minio/${name}";
compression = "zstd,10";
startAt = "*-*-* 02:30:00";
extraInitArgs = "--make-parent-dirs";
archiveBaseName = name;
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.minio_backup_pass.path}";
};
prune = {
keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
in
{
services.borgbackup.jobs = mkIf minioCfg.enable {
data = borgJob "data" // {
paths = minioCfg.dataDir;
};
};
environment.systemPackages = [ pkgs.borgbackup ];
}

23
machines/minio/configuration.nix
View file

@ -2,6 +2,8 @@
{ modulesPath, ... }: { { modulesPath, ... }: {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./backup.nix
../../users/root ../../users/root
../../users/erwin ../../users/erwin
]; ];
@ -24,25 +26,6 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
# networking = {
# hostName = "gitea";
# useDHCP = false;
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.204";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = { proxmoxLXC = {
privileged = true; privileged = true;
}; };
@ -54,6 +37,8 @@
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {
minio-root-credentials = { }; minio-root-credentials = { };
minio_backup_ssh_key = { };
minio_backup_pass = { };
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

6
machines/minio/secrets.yaml
View file

@ -1,4 +1,6 @@
minio-root-credentials: ENC[AES256_GCM,data:IR2xlQ/pXHUA0baJTe9J+iH4qsw3dHeCP+oSQ3yZohQSm1mrXil7HR1NlsI2sbQVQM1GAJcmPytrn7z3YocrainnDv3WZ0AeRqwyEtItC2cXfw3mfh+SIeq2sX2jkYDycuW0J7jRdCBV+Bs=,iv:A7cgR9ykXY4qkixDp699wzNLs4AEVEJRJ8PxzOAnCqU=,tag:++C4ejM5h8wM95G2N6PZmg==,type:str] minio-root-credentials: ENC[AES256_GCM,data:IR2xlQ/pXHUA0baJTe9J+iH4qsw3dHeCP+oSQ3yZohQSm1mrXil7HR1NlsI2sbQVQM1GAJcmPytrn7z3YocrainnDv3WZ0AeRqwyEtItC2cXfw3mfh+SIeq2sX2jkYDycuW0J7jRdCBV+Bs=,iv:A7cgR9ykXY4qkixDp699wzNLs4AEVEJRJ8PxzOAnCqU=,tag:++C4ejM5h8wM95G2N6PZmg==,type:str]
minio_backup_ssh_key: ENC[AES256_GCM,data:pVyhIAa+7GEgOouwgSYgN6rFjm9nZEesYJvrUIA0SZ9hXW4tnuc01DMLoGLTqYLqtlhpEtTtfMd0no55sHesCqru+5z3I4b5YlYEMoPR3ce0sDTV3lxnRSJGK+O5YRxnza1fG4RUAaOt0neiRma7F8+jFFJJPHksy8qrzYd3bQFiLEaRTJdyv9M5b2ETsi4A9ZVDPcwk34TEcrldEQIVIQU8rl0LPyN7WhaaHwjospb0Fav8U0w4PYCuqsBVmX3ssD7OZw1vJjz6eVB3CeUe91VbDfx6O3ahrUb4E9LWgWh4VlsGYtz7/ThNRR8n5DdYxUnA5aLDSkaEv64WBcUmA5VA6IZ7/jeMr4bGBf5f0rxlBMXqOdauBNeO/o5UwdHN8EV5Hafpn5XuLQ7sTSknTzxi0bo9mR63SWulW/64I6iN9kSEPs6OtKMNsaoYt9fyaGcPEEOAXLPauXMk/ddXK5l3D/GNLShwuH2nKWaoDCIvDjBx7rwW5wZynPxlTYlB7Pj1rkXK2J9nbRObTYps,iv:F82onSArHBV7z2BZ83yZUWPTf+Nj/yGwPckhj1JC3A4=,tag:e/QwEifl96Vtuf1jeItVhQ==,type:str]
minio_backup_pass: ENC[AES256_GCM,data:t6mh1Fuj+CNbRCi6zgM/IDUc7IaHnsWcqsWKtTSzfO0gmAkfpGcvqe1KhDrgQiYqwVSlzYfIa5bsYrrgrePejmkt2hcTBeCM51dBIPJSqx6b47MAii/nEvdksxUENAZiUxP6ZSfrLOs2dkuEbxOTXfBC4z/bISKvst3VILH7ZqM=,iv:Pn0PUCCvqZQmV3Hkjd5CbSRR3sHGZsBcZdhUCgSZb0U=,tag:3Vru8OLVa72e677DEy6LvQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -32,8 +34,8 @@ sops:
S2VBY05lVXZIZ1dTaDNvSGNQaVVmS1kKirfOAiMzO6dz5VYHb0RpUtNojg7Zd6I4 S2VBY05lVXZIZ1dTaDNvSGNQaVVmS1kKirfOAiMzO6dz5VYHb0RpUtNojg7Zd6I4
1QZR3oJykIUybeNScW7Qhb2AtRObUefXMx3kA814d62yDJkwbApkDw== 1QZR3oJykIUybeNScW7Qhb2AtRObUefXMx3kA814d62yDJkwbApkDw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-04T22:17:52Z" lastmodified: "2023-09-11T14:19:07Z"
mac: ENC[AES256_GCM,data:aK5XNUiQYVHpSRuztLO7WXQnBQwScvtF3rABMjsJBbJ2aep74MhVUYEq9FwQOaC3puB2J0jdfKd0i6Mxdn0iScZ1JndGizEqBOeyxVZuAIfg5jL2sL/FjKGIU6BgbNquExiCnllikVyEKfjfX9sxkaB7vfjuYNauQ7hPW68GCwI=,iv:HYx9SaTBDICgWcU9B+a7h9pWA5+fVjZ0Y9pfrv4iAJM=,tag:fJXCQdCXd7IddyRP9Scueg==,type:str] mac: ENC[AES256_GCM,data:G/hYRqQxQxdij3hNsZcaQvx/SA95FeEA9q2DlC/Bkx1x0ApM7qG7eVNeVtqlYHkUd7IsylKyq1lf4Z4GQMj0Cq2sMZRn0Z6InUq67FSHqTd0JInZPQGDY5DDSD0WNuDSIHPJLWd1cC+onSpvBtx2xqxGb9HGNAJo+sGM4mlUBvU=,iv:E5pzAv+WRx8lPofUGZcH39lEPZa0MIn/m/ldX4I9PdU=,tag:a7pnkayI+U04G1KBrBEpOg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3