backup: got it working for email + some improvements
This commit is contained in:
parent
03fa2255c3
commit
3a28291933
2 changed files with 28 additions and 18 deletions
|
|
@ -16,13 +16,6 @@
|
|||
./dns.nix
|
||||
];
|
||||
|
||||
/*
|
||||
backups = [
|
||||
"/var/vmail"
|
||||
"/var/dkim"
|
||||
];
|
||||
*/
|
||||
|
||||
options.services.skynet_email = {
|
||||
# options that need to be passed in to make this work
|
||||
|
||||
|
|
@ -94,6 +87,13 @@
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.skynet_backup = {
|
||||
normal.backups = [
|
||||
"/var/vmail"
|
||||
"/var/dkim"
|
||||
];
|
||||
host = { ip = cfg.host.ip; name = cfg.host.name; };
|
||||
};
|
||||
|
||||
age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
|
||||
|
||||
|
|
|
|||
|
|
@ -30,16 +30,20 @@
|
|||
# then pull relevant dtails
|
||||
ownServers = builtins.listToAttrs (builtins.concatLists (
|
||||
lib.attrsets.mapAttrsToList (key: value:
|
||||
let
|
||||
backup = value.config.services.skynet_backup;
|
||||
in
|
||||
if (
|
||||
(builtins.hasAttr "skynet_backup" value.config.services)
|
||||
&& (value.config.services.skynet_backup.server.enable)
|
||||
&& (!value.config.services.skynet_backup.server.appendOnly)
|
||||
&& backup.server.enable
|
||||
&& backup.host.name != cfg.host.name
|
||||
&& !backup.server.appendOnly
|
||||
)
|
||||
then [
|
||||
{
|
||||
name = value.config.services.skynet_backup.host.name;
|
||||
name = backup.host.name;
|
||||
value = base // {
|
||||
repositoryFile = "/etc/skynet/restic/${value.config.services.skynet_backup.host.name}";
|
||||
repositoryFile = "/etc/skynet/restic/${backup.host.name}";
|
||||
|
||||
backupPrepareCommand = ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
|
@ -50,14 +54,13 @@
|
|||
mkdir -p $baseDir
|
||||
cd $baseDir
|
||||
|
||||
#touch ${value.config.services.skynet_backup.host.name}
|
||||
echo -n "rest:http://root:password@${value.config.services.skynet_backup.host.ip}:${value.config.services.skynet_backup.server.port}/root/${value.config.services.skynet_backup.host.name}" > ${value.config.services.skynet_backup.host.name}
|
||||
echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name}
|
||||
|
||||
# read in teh password
|
||||
#PW = `cat ${config.age.secrets.restic.path}`
|
||||
line=$(head -n 1 ${config.age.secrets.restic.path})
|
||||
|
||||
sed -i "s/password/$line/g" ${value.config.services.skynet_backup.host.name}
|
||||
sed -i "s/password/$line/g" ${backup.host.name}
|
||||
'';
|
||||
|
||||
};
|
||||
|
|
@ -134,8 +137,8 @@
|
|||
enable = mkEnableOption "Skynet backup Server";
|
||||
|
||||
port = mkOption {
|
||||
type = types.str;
|
||||
default = "8765";
|
||||
type = types.port;
|
||||
default = 8765;
|
||||
};
|
||||
|
||||
appendOnly = mkOption {
|
||||
|
|
@ -155,8 +158,15 @@
|
|||
pkgs.restic
|
||||
];
|
||||
|
||||
# A list of all login accounts. To create the password hashes, use
|
||||
# nix-shell -p apacheHttpd
|
||||
# htpasswd -nbB "" "password" | cut -d: -f2
|
||||
|
||||
age.secrets.restic.file = ../secrets/backup/restic.age;
|
||||
# age.secrets.backblaze.file = ../secrets/backup/backblaze.age;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
cfg.server.port
|
||||
];
|
||||
|
||||
services.restic.backups = ownServers // {
|
||||
# merge teh two configs together
|
||||
|
|
@ -179,7 +189,7 @@
|
|||
|
||||
services.restic.server = mkIf cfg.server.enable{
|
||||
enable = true;
|
||||
listenAddress = "${cfg.host.ip}:${cfg.server.port}";
|
||||
listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
|
||||
appendOnly = cfg.server.appendOnly;
|
||||
privateRepos = true;
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in a new issue