diff --git a/flake.nix b/flake.nix
index 3777ffb..d78cfd6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -158,6 +158,7 @@
};
flake.nixosModules = {
+ backup = ./modules/nixos/backup.nix;
buildbot = ./modules/nixos/buildbot.nix;
builder = ./modules/nixos/builder.nix;
community-builder = ./modules/nixos/community-builder;
diff --git a/hosts/build02/nixpkgs-update-backup.nix b/hosts/build02/nixpkgs-update-backup.nix
index 6d93360..2cb2115 100644
--- a/hosts/build02/nixpkgs-update-backup.nix
+++ b/hosts/build02/nixpkgs-update-backup.nix
@@ -2,37 +2,15 @@
{
# 100GB storagebox is attached to the build02 server
- age.secrets.hetzner-borgbackup-ssh = {
- file = "${inputs.self}/secrets/hetzner-borgbackup-ssh.age";
- };
+ imports = [
+ inputs.self.nixosModules.backup
+ ];
- systemd.services.borgbackup-job-nixpkgs-update = {
- after = [ "nixpkgs-update-delete-old-logs.service" ];
- serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
- };
-
- services.borgbackup.jobs.nixpkgs-update = {
- paths = [ "/var/log/nixpkgs-update" ];
- repo = "u416406@u416406.your-storagebox.de:/./nixpkgs-update";
- encryption.mode = "none";
- compression = "auto,zstd";
- startAt = "daily";
- environment.BORG_RSH = "ssh -oPort=23 -i ${config.age.secrets.hetzner-borgbackup-ssh.path}";
- preHook = ''
- set -x
- '';
-
- postHook = ''
- cat > /var/log/telegraf/borgbackup-job-nixpkgs-update.service <<EOF
- task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
- EOF
- '';
-
- prune.keep = {
- within = "1d"; # Keep all archives from the last day
- daily = 7;
- weekly = 4;
- monthly = 0;
- };
- };
+ nixCommunity.backup = [
+ {
+ name = "nixpkgs-update";
+ after = [ config.systemd.services.nixpkgs-update-delete-old-logs.name ];
+ paths = [ "/var/log/nixpkgs-update" ];
+ }
+ ];
}
diff --git a/modules/nixos/backup.nix b/modules/nixos/backup.nix
new file mode 100644
index 0000000..e9b816c
--- /dev/null
+++ b/modules/nixos/backup.nix
@@ -0,0 +1,74 @@
+{
+ config,
+ lib,
+ inputs,
+ ...
+}:
+{
+ options.nixCommunity.backup = lib.mkOption {
+ type = lib.types.listOf (
+ lib.types.submodule {
+ options = {
+ name = lib.mkOption {
+ type = lib.types.str;
+ };
+ after = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ };
+ paths = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ };
+ };
+ }
+ );
+
+ };
+ config = {
+ # 100GB storagebox is attached to the build02 server
+
+ age.secrets.hetzner-borgbackup-ssh = {
+ file = "${inputs.self}/secrets/hetzner-borgbackup-ssh.age";
+ };
+
+ programs.ssh.knownHosts.hetzner-storage-box = {
+ hostNames = [ "[u416406.your-storagebox.de]:23" ];
+ publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
+ };
+
+ services.borgbackup.jobs = builtins.listToAttrs (
+ builtins.map (backup: {
+ inherit (backup) name;
+ value = {
+ inherit (backup) paths;
+ repo = "u416406@u416406.your-storagebox.de:/./${config.networking.hostName}-${backup.name}";
+ encryption.mode = "none";
+ compression = "auto,zstd";
+ startAt = "daily";
+ environment.BORG_RSH = "ssh -oPort=23 -i ${config.age.secrets.hetzner-borgbackup-ssh.path}";
+ preHook = "set -x";
+ postHook = ''
+ cat > /var/log/telegraf/borgbackup-job-${backup.name}.service <<EOF
+ task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
+ EOF
+ '';
+ prune.keep = {
+ within = "1d"; # Keep all archives from the last day
+ daily = 7;
+ weekly = 4;
+ monthly = 0;
+ };
+ };
+ }) config.nixCommunity.backup
+ );
+
+ systemd.services = builtins.listToAttrs (
+ builtins.map (backup: {
+ name = "borgbackup-job-${backup.name}";
+ value = {
+ inherit (backup) after;
+ serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
+ };
+ }) config.nixCommunity.backup
+ );
+ };
+}
diff --git a/modules/nixos/github-org-backup.nix b/modules/nixos/github-org-backup.nix
index 469868e..2267f68 100644
--- a/modules/nixos/github-org-backup.nix
+++ b/modules/nixos/github-org-backup.nix
@@ -7,6 +7,10 @@
{
# 100GB storagebox is attached to the build02 server
+ imports = [
+ inputs.self.nixosModules.backup
+ ];
+
# upstream docs show how to restore these backups
# https://github.com/gabrie30/ghorg/blob/92965c8b25ca423223888e1138d175bfc2f4b39b/README.md#creating-backups
systemd.services.github-org-backup = {
@@ -31,37 +35,11 @@
serviceConfig.Type = "oneshot";
};
- age.secrets.hetzner-borgbackup-ssh = {
- file = "${inputs.self}/secrets/hetzner-borgbackup-ssh.age";
- };
-
- systemd.services.borgbackup-job-github-org = {
- after = [ "github-org-backup.service" ];
- serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
- };
-
- services.borgbackup.jobs.github-org = {
- paths = [ "/var/lib/github-org-backup" ];
- repo = "u416406@u416406.your-storagebox.de:/./github-org";
- encryption.mode = "none";
- compression = "auto,zstd";
- startAt = "daily";
- environment.BORG_RSH = "ssh -oPort=23 -i ${config.age.secrets.hetzner-borgbackup-ssh.path}";
- preHook = ''
- set -x
- '';
-
- postHook = ''
- cat > /var/log/telegraf/borgbackup-job-github-org.service <<EOF
- task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
- EOF
- '';
-
- prune.keep = {
- within = "1d"; # Keep all archives from the last day
- daily = 7;
- weekly = 4;
- monthly = 0;
- };
- };
+ nixCommunity.backup = [
+ {
+ name = "github-org";
+ after = [ config.systemd.services.github-org-backup.name ];
+ paths = [ "/var/lib/github-org-backup" ];
+ }
+ ];
}
diff --git a/modules/shared/known-hosts.nix b/modules/shared/known-hosts.nix
index d479bb1..aad1ce8 100644
--- a/modules/shared/known-hosts.nix
+++ b/modules/shared/known-hosts.nix
@@ -24,10 +24,6 @@
hostNames = [ "darwin02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIcqYTe10t/jJitpfr0lr55lKVltAQkWiMp4tNY7mZQ";
};
- hetzner-storage-box = {
- hostNames = [ "[u416406.your-storagebox.de]:23" ];
- publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
- };
web02 = {
hostNames = [ "web02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAkBZMRNgsJ/IbLtjMHqBw/9+4tyn9nT+5B5RFiV0vJ";