working backup

2025-08-25 23:20:08 -05:00 · 2025-08-25 23:20:08 -05:00 · e2e7ffb75e
commit e2e7ffb75e
parent 6d3532bc16
4 changed files with 176 additions and 118 deletions
--- a/lxc-metrics.nix
+++ b/lxc-metrics.nix
@ -105,24 +105,32 @@
            }
          ];
        }
-        { job_name = "nut";
+        {
          job_name = "nut";
          metrics_path = "/ups_metrics";
-          params = { ups = [ "minirack-1500va" ]; };
+          params = {
-          static_configs = [{
+            ups = [ "minirack-1500va" ];
          };
          static_configs = [
            {
              targets = [
                "127.0.0.1:9199"
              ];
              labels = {
                ups = "minirack-1500va";
              };
          }];
            }
-        { job_name = "minecraft";
+          ];
-          static_configs = [{
+        }
        {
          job_name = "minecraft";
          static_configs = [
            {
              targets = [
                "craft01:25585"
              ];
-          }];
+            }
          ];
        }
      ];
    };
@ -131,10 +139,17 @@
      enable = true;
      nutServer = "xalicas";
      nutVariables = [
-        "battery.charge" "battery.charge.low" "battery.charge.warning"
+        "battery.charge"
-        "battery.runtime" "battery.runtime.low"
+        "battery.charge.low"
-        "ups.load" "ups.power" "ups.power.nominal" "ups.realpower"
+        "battery.charge.warning"
-        "ups.realpower.nominal" "ups.status"
+        "battery.runtime"
        "battery.runtime.low"
        "ups.load"
        "ups.power"
        "ups.power.nominal"
        "ups.realpower"
        "ups.realpower.nominal"
        "ups.status"
      ];
    };
@ -142,7 +157,7 @@
      paths = [ "/var/lib/grafana/data/grafana.db" ];
      archiveBaseName = null;
      encryption.mode = "none";
-      environment.BORG_RSH = "ssh -i /home/admin/.ssh/id_ed25519";
+      environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
      repo = "ssh://backup@xalicas/./grafana";
      compression = "auto,zstd";
      startAt = "daily";
--- a/recipes/borg-auth.bash
+++ b/recipes/borg-auth.bash
@ -1,11 +1,12 @@
 #!/usr/bin/env bash
 set -euo pipefail
 get_key() {
  hostname=$1
  ip=$2
-  ssh "admin@$ip" -- 'if [ ! -f /home/admin/.ssh/id_ed25519.pub ]; then ssh-keygen -t ed25519; fi'
+  pubkey=$(ssh "admin@$ip" sudo cat '/etc/ssh/ssh_host_ed25519_key.pub')
-  pubkey=$(ssh "admin@$ip" cat '$HOME/.ssh/id*.pub')
+  echo 'command="mkdir -p /borg/'"$hostname"'; cd /borg/'"$hostname"'; borg serve --restrict-to-path /borg/'"$hostname"'",restrict '"$pubkey"
  echo 'command="mkdir -p /borg/'"$hostname"'; cd /borg/'"$hostname"'; borg serve --restrict-to-path /borg/'"$hostname"'", restrict '"$pubkey"
 }
 put_key() {
@ -15,4 +16,16 @@ put_key() {
  ssh -t robert@xalicas "sudo -u backup mkdir -p ~backup/.ssh; echo '$line' | sudo -u backup tee -a ~backup/.ssh/authorized_keys"
 }
 manually_debug_borg_command() {
  jobname="$1"
  service="/etc/systemd/system/borgbackup-job-$jobname.service"
  borg_rsh=$(grep BORG_RSH "$service" | cut -d= -f3 | sed 's/"$//')
  borg_repo=$(grep BORG_REPO "$service" | cut -d= -f3 | sed 's/"$//')
  script1=$(grep ExecStart "$service" | cut -d= -f2 | sed 's/ $//')
  script2=$(grep '^exec' "$script1" | cut -d\  -f2)
  set -x
  sudo env BORG_RSH="$borg_rsh" BORG_REPO="$borg_repo" "$script2" || true
  set +x
 }
 "$@"
--- a/vm-base.nix
+++ b/vm-base.nix
@ -1,4 +1,10 @@
-{ config, pkgs, modulesPath, lib, ... }:
+{
  config,
  pkgs,
  modulesPath,
  lib,
  ...
 }:
 {
  imports = [
@ -27,10 +33,13 @@
    };
  };
-  config = let cfg = config.my.vm; in {
+  config =
    let
      cfg = config.my.vm;
    in
    {
      proxmox.qemuConf.name = cfg.name;
-    # virtualisation.diskSize = 10240; # MiB
+      virtualisation.diskSize = "auto";
    proxmox.qemuConf.diskSize = "auto";
      # Enable QEMU Guest for Proxmox
      services.qemuGuest.enable = lib.mkDefault true;
@ -42,8 +51,14 @@
      boot.growPartition = lib.mkDefault true;
      # Allow remote updates with flakes and non-root users
-    nix.settings.trusted-users = [ "root" "@wheel" ];
+      nix.settings.trusted-users = [
-    nix.settings.experimental-features = [ "nix-command" "flakes" ];
+        "root"
        "@wheel"
      ];
      nix.settings.experimental-features = [
        "nix-command"
        "flakes"
      ];
      # Enable mDNS for `hostname.local` addresses
      services.avahi.enable = true;
@ -69,12 +84,14 @@
      services.cloud-init.network.enable = lib.mkForce false;
      networking = {
        hostName = cfg.name;
-      nameservers = ["192.168.0.1"];
+        nameservers = [ "192.168.0.1" ];
        interfaces.${cfg.iface} = {
-        ipv4.addresses = [{
+          ipv4.addresses = [
            {
              address = cfg.ip4;
              prefixLength = 24;
-        }];
+            }
          ];
        };
        defaultGateway = {
          address = "192.168.0.1";
@ -99,7 +116,7 @@
      services.prometheus.exporters.node = {
        enable = true;
        port = 9100;
-      enabledCollectors = ["systemd"];
+        enabledCollectors = [ "systemd" ];
      };
      # Add an admin user
--- a/vm-homelab.nix
+++ b/vm-homelab.nix
@ -1,5 +1,8 @@
-{ inputs, pkgs, ... }:
+{ pkgs, ... }:
 let
  minidump = pkgs.writeScript "minidump" "exec /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dump miniflux";
 in
 {
  imports = [
    ./vm-base.nix
@ -87,5 +90,15 @@
        mailer.ENABLED = false;
      };
    };
    services.borgbackup.jobs.miniflux = {
      dumpCommand = minidump;
      archiveBaseName = null;
      encryption.mode = "none";
      environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
      repo = "ssh://backup@xalicas/./miniflux";
      compression = "auto,zstd";
      startAt = "daily";
    };
  };
 }