mirror of
https://git.gay/xqtc/nixos-config
synced 2024-11-22 21:00:32 +01:00
Add borg and enable adb on lilith
This commit is contained in:
parent
1f6e899e52
commit
8a415ad129
89
hosts/x86_64-linux/beleth/borg.nix
Normal file
89
hosts/x86_64-linux/beleth/borg.nix
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
|
||||||
|
#
|
||||||
|
# BACKUP
|
||||||
|
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups"
|
||||||
|
# 0. Add subaccount on storagebox
|
||||||
|
# 1. ssh-keygen -t ed25519 -f ~/.ssh/storagebox_nextcloud_data
|
||||||
|
# 2. pwgen 128
|
||||||
|
# 3. Add private key as secret
|
||||||
|
# 4. add passphrase as secret
|
||||||
|
# 5. add ssh public key to subaccount on storagebox!
|
||||||
|
# ssh -p 23 u409248-sub1@u409248-sub1.your-storagebox.de
|
||||||
|
# 6. set permissions
|
||||||
|
# .ssh 0700
|
||||||
|
# .ssh/authorized_keys 0600
|
||||||
|
#
|
||||||
|
|
||||||
|
# Retrieve via 'ssh-keyscan -p 23 u409248-sub1.your-storagebox.de'
|
||||||
|
programs.ssh.knownHosts = {
|
||||||
|
"storagebox" = {
|
||||||
|
hostNames = [
|
||||||
|
"[u409248-sub1.your-storagebox.de]:23"
|
||||||
|
"[u409248-sub2.your-storagebox.de]:23"
|
||||||
|
];
|
||||||
|
publicKey = ''
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==
|
||||||
|
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw==
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.borgbackup.jobs = {
|
||||||
|
nextcloud_data = {
|
||||||
|
user = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
paths = [ "${config.services.nextcloud.datadir}" ];
|
||||||
|
preHook = ''
|
||||||
|
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --on
|
||||||
|
'';
|
||||||
|
postHook = ''
|
||||||
|
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
|
||||||
|
'';
|
||||||
|
repo = "u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.age.secrets.backup_nextcloud_data_passphrase.path}";
|
||||||
|
};
|
||||||
|
environment = {
|
||||||
|
BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_data_ssh.path}";
|
||||||
|
};
|
||||||
|
compression = "auto,lzma";
|
||||||
|
startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
|
||||||
|
};
|
||||||
|
nextcloud_database = {
|
||||||
|
user = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
dumpCommand = pkgs.writeShellScript "builder.sh" ''
|
||||||
|
${config.services.postgresql.package}/bin/pg_dump nextcloud -U nextcloud --no-password
|
||||||
|
'';
|
||||||
|
preHook = ''
|
||||||
|
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --on
|
||||||
|
'';
|
||||||
|
postHook = ''
|
||||||
|
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
|
||||||
|
'';
|
||||||
|
repo = "u409248-sub2@u409248-sub2.your-storagebox.de:nextcloud_database_backups";
|
||||||
|
encryption = {
|
||||||
|
mode = "repokey-blake2";
|
||||||
|
passCommand = "cat ${config.age.secrets.backup_nextcloud_database_passphrase.path}";
|
||||||
|
};
|
||||||
|
environment = {
|
||||||
|
BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_database_ssh.path}";
|
||||||
|
};
|
||||||
|
compression = "auto,lzma";
|
||||||
|
startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."borgbackup-job-nextcloud_data" = {
|
||||||
|
onFailure = [ "notify-email@%i.service" ];
|
||||||
|
onSuccess = [ "notify-email@%i.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."borgbackup-job-nextcloud_database" = {
|
||||||
|
onFailure = [ "notify-email@%i.service" ];
|
||||||
|
onSuccess = [ "notify-email@%i.service" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -123,10 +123,11 @@
|
||||||
# Enable touchpad support (enabled default in most desktopManager).
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
services.xserver.libinput.enable = true;
|
services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
|
programs.adb.enable = true;
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
users.users.xqtc = {
|
users.users.xqtc = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = ["wheel" "docker" "libvirtd"]; # Enable ‘sudo’ for the user.
|
extraGroups = ["wheel" "docker" "libvirtd" "adbusers" ]; # Enable ‘sudo’ for the user.
|
||||||
packages = with pkgs; [nushell clamtk];
|
packages = with pkgs; [nushell clamtk];
|
||||||
shell = pkgs.nushell;
|
shell = pkgs.nushell;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue