erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

loki: Initial setup of barman

Browse source
This commit is contained in:
Erwin Boskma 2024-10-03 08:34:20 +02:00
parent 594e9524e6
commit bc89904efa
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
4 changed files with 155 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
machines/loki/barman.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, config, ... }:
{
services.barman = {
enable = true;
package = (
pkgs.barman.overrideAttrs (prevAttrs: {
propagatedBuildInputs = prevAttrs.propagatedBuildInputs ++ [ pkgs.python3Packages.distutils ];
})
);
settings = {
barman = {
# log_file = "/var/log/barman/barman.log";
configuration_files_directory = "/etc/barman.d";
create_slot = "auto";
};
};
servers = {
ha = {
description = "Home Assistant database";
conninfo = "host=10.0.0.254 user=postgres dbname=homeassistant passfile=${config.sops.secrets.barman-passwords.path}";
wal_streaming_conninfo = "host=10.0.0.254 user=postgres dbname=homeassistant passfile=${config.sops.secrets.barman-passwords.path}";
streaming_archiver = true;
backup_method = "postgres";
slot_name = "barman";
retention_policy = "RECOVERY WINDOW OF 4 WEEKS";
};
};
# passwordsFile = config.sops.secrets.barman-passwords.path;
};
}

5
machines/loki/configuration.nix
View file

@ -8,6 +8,7 @@
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
# ./vm.nix # ./vm.nix
./barman.nix
../../users/erwin ../../users/erwin
../../users/root ../../users/root
@ -543,6 +544,10 @@
owner = "systemd-network"; owner = "systemd-network";
}; };
k3s-token = { }; k3s-token = { };
barman-passwords = {
owner = "barman";
};
}; };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default

7
machines/loki/secrets.yaml
View file

@ -5,6 +5,7 @@ livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str] renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str] wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str] k3s-token: ENC[AES256_GCM,data:agr9ihvrufHJ+zsWUTT7tT6oXwhQfp1VjlzvL/YrjhfsQsWdA2wqQOBG8Fgi6gDlqz+3DwWr3wdy/jclEEwrnA==,iv:zgYrN9CSraugO+LMIpJ2jDvxjCnQ9a3GHj6ffO/K0uY=,tag:6en6lNNvNMyOVf1Rfow6ew==,type:str]
barman-passwords: ENC[AES256_GCM,data:M7HCuXsq8kSqoEfbn94/Hdl1tvb93i5oDYOr+QeuDVD33aF/xxuOwDVZM7wz7OcuozV7f6URtMGDy26KaHqekWhn2hFoRi5WHOxjE7M6oYLP6V4F+IGQBeMOHjjzqjQ9ti/BfhGpi3oHf0RK4RxLCmoNzAfWuP6zZnCyKgwyxBVu6lCHG2I08CJ8w2novts8,iv:EMLqvGIb1WK71Aw+LWr7JrQydA89CTTOavsFUZ6M3G8=,tag:PXu0JVzHjbH9wQfijf9V7A==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -38,8 +39,8 @@ sops:
c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7 c0dlMkVlRG9LYU00M2M3UGJpUkxDOWsKiwc5oM63ezv1TVng0zQOqILOxuRMU+j7
hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ== hHl6AWg0iorXJ1IWmGxLINDAK/RQVEFLK6gRjfN7qB+6wdmrKl8seQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-07T22:49:34Z" lastmodified: "2024-10-01T18:48:17Z"
mac: ENC[AES256_GCM,data:e3HW2LmCFwxXt2QkKf7pGKrpBQLFETVzz6w4/EEtxSzcuFn7p/S0AYk/4/FPXO+Gke1ccklXINFb/Qk0KlaWeToNg3Pp19xt5b9apvJQsoXQOuzjxqHDRkwZjGIFsYUvVgt/YNXs3AsTJzeMq0RjaI96xbwCitKvZl+sJP1nUBY=,iv:vA8xjOljqXwHwG+aJuCORgcHcNGgNf4L9RRV+dZv4+w=,tag:1Ukh7LQ/yTurdANzygxvXQ==,type:str] mac: ENC[AES256_GCM,data:TjNyX17d3PaScsPidp1wTc4DVK2Jl5/QRmlfH3WN/Hs+lsPn9BvFHmuy50Fs9TLfDjTBQ4WdreWw3Tz2SSBw12WO9tt7vt2b8MudLr1EqHP2rGN6u6cxz9xKYSm0v8j+mJFuL3VJvGAKdSvHS0lxo3SooEhONGkrhDwPidhhcks=,iv:9DhtXHJo6JTGJY/nPCAt11x8ZZwv/1B37dSaqFVAOiE=,tag:xfnRBecHFKOY09VTMBh9dw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.0

114
modules/barman/default.nix Normal file
View file

@ -0,0 +1,114 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.services.barman;
iniFormat = pkgs.formats.ini { };
defaultUser = "barman";
defaultHome = "/var/lib/barman";
in
{
options.services.barman = {
enable = lib.mkEnableOption "barman";
package = lib.mkPackageOption pkgs "barman" { };
settings = lib.mkOption {
description = "Global barman configuration that goes in the `[barman]` section of `barman.conf`";
type = lib.types.submodule { freeformType = iniFormat.type; };
example = {
barman_user = defaultUser;
barman_home = defaultHome;
log_file = "/var/log/barman/barman.log";
};
};
servers = lib.mkOption {
description = "Server configurations";
type = lib.types.submodule { freeformType = iniFormat.type; };
default = { };
};
# passwordsFile = lib.mkOption {
# description = "Path to the PostgreSQL password file. See [the documentation](https://www.postgresql.org/docs/current/libpq-pgpass.html) for the format.";
# type = lib.types.path;
# default = null;
# };
};
config = lib.mkIf cfg.enable {
services.barman.settings = {
barman = {
barman_user = lib.mkDefault defaultUser;
barman_home = lib.mkDefault defaultHome;
compression = lib.mkDefault "pigz";
backup_compression = lib.mkDefault "zstd";
};
};
users.users."${cfg.settings.barman.barman_user}" = {
isSystemUser = true;
home = cfg.settings.barman.barman_home;
createHome = true;
group = cfg.settings.barman.barman_user;
};
users.groups."${cfg.settings.barman.barman_user}" = { };
environment = {
etc =
{
"barman.conf" = {
user = cfg.settings.barman.barman_user;
source = iniFormat.generate "barman.conf" cfg.settings;
};
}
// (lib.mapAttrs' (name: serverConfig: {
name = "barman.d/${name}.conf";
value = {
user = cfg.settings.barman.barman_user;
source = iniFormat.generate "${name}.conf" { "${name}" = serverConfig; };
};
}) cfg.servers);
systemPackages = [ cfg.package ];
};
systemd = {
timers.barman = {
description = "Update timer for barman";
partOf = [ "barman.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:*:0";
};
};
services.barman = {
description = "Run barman maintenance tasks";
path = with pkgs; [
cfg.package
bash
bzip2
gzip
lz4
pigz
postgresql
zstd
];
# environment = {
# PGPASSFILE = lib.mkIf (cfg.passwordsFile != null) cfg.passwordsFile;
# };
serviceConfig = {
Type = "oneshot";
User = cfg.settings.barman.barman_user;
ExecStart = "${cfg.package}/bin/barman cron";
WorkingDirectory = cfg.settings.barman.barman_home;
};
};
};
};
}