This repository has been archived by the owner on Jun 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathborgbackup.nix
88 lines (87 loc) · 2.42 KB
/
borgbackup.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{ pkgs, ... }:
let
borgPassCommand = pkgs.writeScript "borgPassCommand" ''
#!${pkgs.stdenv.shell}
set -euo pipefail
# Make sure everything but the password ends up on stderr
exec 3>&1 >&2
mkdir -p /var/lib/borgbackup
chown root:root /var/lib/borgbackup
chmod 700 /var/lib/borgbackup
if [ ! -s /var/lib/borgbackup/sshkey ]; then
${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -N "" -f /var/lib/borgbackup/sshkey
fi
if [ ! -s /var/lib/borgbackup/repokey ]; then
head -c 1024 /dev/urandom | base64 > /var/lib/borgbackup/repokey
chmod 400 /var/lib/borgbackup/repokey
fi
# Password needs to go into fd 3 as that is the real stdout
cat /var/lib/borgbackup/repokey >&3
'';
in
{
services.borgbackup.jobs.postfixadmin = {
readWritePaths = [ "/var/lib/borgbackup" ];
paths = "/var/lib/postfixadmin";
exclude = [ ];
repo = "[email protected]:postfixadmin";
prune.keep = {
within = "2d";
daily = 7;
weekly = 2;
};
encryption = {
mode = "repokey";
passCommand = "${borgPassCommand}";
};
environment = {
BORG_RSH = "${pkgs.openssh}/bin/ssh -i /var/lib/borgbackup/sshkey";
};
compression = "auto,lz4";
startAt = "hourly";
extraArgs = "--info";
extraCreateArgs = "--stats";
};
services.borgbackup.jobs.maildata = {
readWritePaths = [ "/var/lib/borgbackup" ];
paths = "/var/vmail";
exclude = [ ];
repo = "[email protected]:maildata";
prune.keep = {
daily = 7;
weekly = 2;
};
encryption = {
mode = "repokey";
passCommand = "${borgPassCommand}";
};
environment = {
BORG_RSH = "${pkgs.openssh}/bin/ssh -i /var/lib/borgbackup/sshkey";
};
compression = "auto,lz4";
startAt = "daily";
extraArgs = "--info";
extraCreateArgs = "--stats";
};
services.borgbackup.jobs.gitolite = {
readWritePaths = [ "/var/lib/borgbackup" ];
paths = "/srv/gitolite";
exclude = [ ];
repo = "[email protected]:gitolite";
prune.keep = {
daily = 7;
weekly = 2;
};
encryption = {
mode = "repokey";
passCommand = "${borgPassCommand}";
};
environment = {
BORG_RSH = "${pkgs.openssh}/bin/ssh -i /var/lib/borgbackup/sshkey";
};
compression = "auto,lz4";
startAt = "daily";
extraArgs = "--info";
extraCreateArgs = "--stats";
};
}