first steps with backup
This commit is contained in:
parent
b4dee75932
commit
67af66939c
41
borgbackup.nix
Normal file
41
borgbackup.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{ pkgs, stdenv, ... }:
|
||||
|
||||
let
|
||||
borgPassCommand = pkgs.writeScript "borgPassCommand" ''
|
||||
#!${stdenv.shell}
|
||||
set -euo pipefail
|
||||
# Make sure everything but the password ends up on stderr
|
||||
exec 3>&1 >&2
|
||||
mkdir -p /var/lib/borgbackup
|
||||
chown root:root /var/lib/borgbackup
|
||||
chmod 700 /var/lib/borgbackup
|
||||
if [ ! -s /var/lib/borgbackup/sshkey ]; then
|
||||
${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -N "" -f /var/lib/borgbackup/sshkey
|
||||
fi
|
||||
if [ ! -s /var/lib/borgbackup/repokey ]; then
|
||||
head -c 1024 /dev/urandom | base64 > /var/lib/borgbackup/repokey
|
||||
chmod 400 /var/lib/borgbackup/repokey
|
||||
fi
|
||||
# Password needs to go into fd 3 as that is the real stdout
|
||||
cat /var/lib/borgbackup/repokey >&3
|
||||
'';
|
||||
in
|
||||
{
|
||||
services.borgbackup.jobs.postfixadmin = {
|
||||
readWritePaths = [ "/var/lib/borgbackup" ];
|
||||
paths = "/var/lib/postfixadmin";
|
||||
exclude = [ ];
|
||||
repo = "mail2@host01.hamburg.freifunk.net:backup/postfixadmin";
|
||||
prune.keep = {
|
||||
within = "2d";
|
||||
daily = 7;
|
||||
weekly = 2;
|
||||
};
|
||||
encryption = {
|
||||
mode = "repokey";
|
||||
passCommand = borgPassCommand;
|
||||
};
|
||||
compression = "auto,lz4";
|
||||
startAt = "hourly";
|
||||
};
|
||||
}
|
|
@ -11,6 +11,7 @@
|
|||
./sshusers.nix
|
||||
./variables.nix
|
||||
./mailserver.nix
|
||||
./borgbackup.nix
|
||||
];
|
||||
|
||||
# Configuration options for the mailserver
|
||||
|
|
Loading…
Reference in a new issue