first steps with backup

This commit is contained in:
Daniel Frank 2019-06-15 10:27:05 +02:00
parent b4dee75932
commit 67af66939c
Signed by: tokudan
GPG key ID: 063CCCAD04182D32
2 changed files with 42 additions and 0 deletions

41
borgbackup.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, stdenv, ... }:
let
borgPassCommand = pkgs.writeScript "borgPassCommand" ''
#!${stdenv.shell}
set -euo pipefail
# Make sure everything but the password ends up on stderr
exec 3>&1 >&2
mkdir -p /var/lib/borgbackup
chown root:root /var/lib/borgbackup
chmod 700 /var/lib/borgbackup
if [ ! -s /var/lib/borgbackup/sshkey ]; then
${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -N "" -f /var/lib/borgbackup/sshkey
fi
if [ ! -s /var/lib/borgbackup/repokey ]; then
head -c 1024 /dev/urandom | base64 > /var/lib/borgbackup/repokey
chmod 400 /var/lib/borgbackup/repokey
fi
# Password needs to go into fd 3 as that is the real stdout
cat /var/lib/borgbackup/repokey >&3
'';
in
{
services.borgbackup.jobs.postfixadmin = {
readWritePaths = [ "/var/lib/borgbackup" ];
paths = "/var/lib/postfixadmin";
exclude = [ ];
repo = "mail2@host01.hamburg.freifunk.net:backup/postfixadmin";
prune.keep = {
within = "2d";
daily = 7;
weekly = 2;
};
encryption = {
mode = "repokey";
passCommand = borgPassCommand;
};
compression = "auto,lz4";
startAt = "hourly";
};
}

View file

@ -11,6 +11,7 @@
./sshusers.nix ./sshusers.nix
./variables.nix ./variables.nix
./mailserver.nix ./mailserver.nix
./borgbackup.nix
]; ];
# Configuration options for the mailserver # Configuration options for the mailserver