Add backups for minio data
This commit is contained in:
parent
bbe1c395c6
commit
b62e559630
SSH key fingerprint:
SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
4 changed files with 47 additions and 40 deletions
|
|
@ -26,25 +26,6 @@
|
|||
|
||||
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||
|
||||
# networking = {
|
||||
# hostName = "gitea";
|
||||
# useDHCP = false;
|
||||
|
||||
# interfaces = {
|
||||
# eth0 = {
|
||||
# ipv4.addresses = [
|
||||
# {
|
||||
# address = "10.0.0.201";
|
||||
# prefixLength = 24;
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# defaultGateway = "10.0.0.1";
|
||||
# nameservers = [ "10.0.0.254" ];
|
||||
# };
|
||||
|
||||
proxmoxLXC = {
|
||||
privileged = true;
|
||||
};
|
||||
|
|
|
|||
39
machines/minio/backup.nix
Normal file
39
machines/minio/backup.nix
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
minioCfg = config.services.minio;
|
||||
|
||||
borgJob = name: {
|
||||
environment = {
|
||||
BORG_RSH = "ssh -i ${config.sops.secrets.minio_backup_ssh_key.path}";
|
||||
};
|
||||
repo = "ssh://zh2088@zh2088.rsync.net/./backups/minio/${name}";
|
||||
compression = "zstd,10";
|
||||
startAt = "*-*-* 02:30:00";
|
||||
extraInitArgs = "--make-parent-dirs";
|
||||
archiveBaseName = name;
|
||||
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passCommand = "cat ${config.sops.secrets.minio_backup_pass.path}";
|
||||
};
|
||||
|
||||
prune = {
|
||||
keep = {
|
||||
within = "1d";
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = -1;
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
services.borgbackup.jobs = mkIf minioCfg.enable {
|
||||
data = borgJob "data" // {
|
||||
paths = minioCfg.dataDir;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.borgbackup ];
|
||||
}
|
||||
|
|
@ -2,6 +2,8 @@
|
|||
{ modulesPath, ... }: {
|
||||
imports = [
|
||||
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
||||
|
||||
./backup.nix
|
||||
../../users/root
|
||||
../../users/erwin
|
||||
];
|
||||
|
|
@ -24,25 +26,6 @@
|
|||
|
||||
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||
|
||||
# networking = {
|
||||
# hostName = "gitea";
|
||||
# useDHCP = false;
|
||||
|
||||
# interfaces = {
|
||||
# eth0 = {
|
||||
# ipv4.addresses = [
|
||||
# {
|
||||
# address = "10.0.0.204";
|
||||
# prefixLength = 24;
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# defaultGateway = "10.0.0.1";
|
||||
# nameservers = [ "10.0.0.254" ];
|
||||
# };
|
||||
|
||||
proxmoxLXC = {
|
||||
privileged = true;
|
||||
};
|
||||
|
|
@ -54,6 +37,8 @@
|
|||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
minio-root-credentials = { };
|
||||
minio_backup_ssh_key = { };
|
||||
minio_backup_pass = { };
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
minio-root-credentials: ENC[AES256_GCM,data:IR2xlQ/pXHUA0baJTe9J+iH4qsw3dHeCP+oSQ3yZohQSm1mrXil7HR1NlsI2sbQVQM1GAJcmPytrn7z3YocrainnDv3WZ0AeRqwyEtItC2cXfw3mfh+SIeq2sX2jkYDycuW0J7jRdCBV+Bs=,iv:A7cgR9ykXY4qkixDp699wzNLs4AEVEJRJ8PxzOAnCqU=,tag:++C4ejM5h8wM95G2N6PZmg==,type:str]
|
||||
minio_backup_ssh_key: ENC[AES256_GCM,data:pVyhIAa+7GEgOouwgSYgN6rFjm9nZEesYJvrUIA0SZ9hXW4tnuc01DMLoGLTqYLqtlhpEtTtfMd0no55sHesCqru+5z3I4b5YlYEMoPR3ce0sDTV3lxnRSJGK+O5YRxnza1fG4RUAaOt0neiRma7F8+jFFJJPHksy8qrzYd3bQFiLEaRTJdyv9M5b2ETsi4A9ZVDPcwk34TEcrldEQIVIQU8rl0LPyN7WhaaHwjospb0Fav8U0w4PYCuqsBVmX3ssD7OZw1vJjz6eVB3CeUe91VbDfx6O3ahrUb4E9LWgWh4VlsGYtz7/ThNRR8n5DdYxUnA5aLDSkaEv64WBcUmA5VA6IZ7/jeMr4bGBf5f0rxlBMXqOdauBNeO/o5UwdHN8EV5Hafpn5XuLQ7sTSknTzxi0bo9mR63SWulW/64I6iN9kSEPs6OtKMNsaoYt9fyaGcPEEOAXLPauXMk/ddXK5l3D/GNLShwuH2nKWaoDCIvDjBx7rwW5wZynPxlTYlB7Pj1rkXK2J9nbRObTYps,iv:F82onSArHBV7z2BZ83yZUWPTf+Nj/yGwPckhj1JC3A4=,tag:e/QwEifl96Vtuf1jeItVhQ==,type:str]
|
||||
minio_backup_pass: ENC[AES256_GCM,data:t6mh1Fuj+CNbRCi6zgM/IDUc7IaHnsWcqsWKtTSzfO0gmAkfpGcvqe1KhDrgQiYqwVSlzYfIa5bsYrrgrePejmkt2hcTBeCM51dBIPJSqx6b47MAii/nEvdksxUENAZiUxP6ZSfrLOs2dkuEbxOTXfBC4z/bISKvst3VILH7ZqM=,iv:Pn0PUCCvqZQmV3Hkjd5CbSRR3sHGZsBcZdhUCgSZb0U=,tag:3Vru8OLVa72e677DEy6LvQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -32,8 +34,8 @@ sops:
|
|||
S2VBY05lVXZIZ1dTaDNvSGNQaVVmS1kKirfOAiMzO6dz5VYHb0RpUtNojg7Zd6I4
|
||||
1QZR3oJykIUybeNScW7Qhb2AtRObUefXMx3kA814d62yDJkwbApkDw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-01-04T22:17:52Z"
|
||||
mac: ENC[AES256_GCM,data:aK5XNUiQYVHpSRuztLO7WXQnBQwScvtF3rABMjsJBbJ2aep74MhVUYEq9FwQOaC3puB2J0jdfKd0i6Mxdn0iScZ1JndGizEqBOeyxVZuAIfg5jL2sL/FjKGIU6BgbNquExiCnllikVyEKfjfX9sxkaB7vfjuYNauQ7hPW68GCwI=,iv:HYx9SaTBDICgWcU9B+a7h9pWA5+fVjZ0Y9pfrv4iAJM=,tag:fJXCQdCXd7IddyRP9Scueg==,type:str]
|
||||
lastmodified: "2023-09-11T14:19:07Z"
|
||||
mac: ENC[AES256_GCM,data:G/hYRqQxQxdij3hNsZcaQvx/SA95FeEA9q2DlC/Bkx1x0ApM7qG7eVNeVtqlYHkUd7IsylKyq1lf4Z4GQMj0Cq2sMZRn0Z6InUq67FSHqTd0JInZPQGDY5DDSD0WNuDSIHPJLWd1cC+onSpvBtx2xqxGb9HGNAJo+sGM4mlUBvU=,iv:E5pzAv+WRx8lPofUGZcH39lEPZa0MIn/m/ldX4I9PdU=,tag:a7pnkayI+U04G1KBrBEpOg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
|||
Loading…
Reference in a new issue