working backup
This commit is contained in:
parent
6d3532bc16
commit
e2e7ffb75e
4 changed files with 176 additions and 118 deletions
|
|
@ -105,24 +105,32 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{ job_name = "nut";
|
{
|
||||||
|
job_name = "nut";
|
||||||
metrics_path = "/ups_metrics";
|
metrics_path = "/ups_metrics";
|
||||||
params = { ups = [ "minirack-1500va" ]; };
|
params = {
|
||||||
static_configs = [{
|
ups = [ "minirack-1500va" ];
|
||||||
targets = [
|
};
|
||||||
"127.0.0.1:9199"
|
static_configs = [
|
||||||
];
|
{
|
||||||
labels = {
|
targets = [
|
||||||
ups = "minirack-1500va";
|
"127.0.0.1:9199"
|
||||||
};
|
];
|
||||||
}];
|
labels = {
|
||||||
|
ups = "minirack-1500va";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
{ job_name = "minecraft";
|
{
|
||||||
static_configs = [{
|
job_name = "minecraft";
|
||||||
targets = [
|
static_configs = [
|
||||||
"craft01:25585"
|
{
|
||||||
];
|
targets = [
|
||||||
}];
|
"craft01:25585"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
@ -131,10 +139,17 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
nutServer = "xalicas";
|
nutServer = "xalicas";
|
||||||
nutVariables = [
|
nutVariables = [
|
||||||
"battery.charge" "battery.charge.low" "battery.charge.warning"
|
"battery.charge"
|
||||||
"battery.runtime" "battery.runtime.low"
|
"battery.charge.low"
|
||||||
"ups.load" "ups.power" "ups.power.nominal" "ups.realpower"
|
"battery.charge.warning"
|
||||||
"ups.realpower.nominal" "ups.status"
|
"battery.runtime"
|
||||||
|
"battery.runtime.low"
|
||||||
|
"ups.load"
|
||||||
|
"ups.power"
|
||||||
|
"ups.power.nominal"
|
||||||
|
"ups.realpower"
|
||||||
|
"ups.realpower.nominal"
|
||||||
|
"ups.status"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -142,7 +157,7 @@
|
||||||
paths = [ "/var/lib/grafana/data/grafana.db" ];
|
paths = [ "/var/lib/grafana/data/grafana.db" ];
|
||||||
archiveBaseName = null;
|
archiveBaseName = null;
|
||||||
encryption.mode = "none";
|
encryption.mode = "none";
|
||||||
environment.BORG_RSH = "ssh -i /home/admin/.ssh/id_ed25519";
|
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
|
||||||
repo = "ssh://backup@xalicas/./grafana";
|
repo = "ssh://backup@xalicas/./grafana";
|
||||||
compression = "auto,zstd";
|
compression = "auto,zstd";
|
||||||
startAt = "daily";
|
startAt = "daily";
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,12 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
get_key() {
|
get_key() {
|
||||||
hostname=$1
|
hostname=$1
|
||||||
ip=$2
|
ip=$2
|
||||||
ssh "admin@$ip" -- 'if [ ! -f /home/admin/.ssh/id_ed25519.pub ]; then ssh-keygen -t ed25519; fi'
|
pubkey=$(ssh "admin@$ip" sudo cat '/etc/ssh/ssh_host_ed25519_key.pub')
|
||||||
pubkey=$(ssh "admin@$ip" cat '$HOME/.ssh/id*.pub')
|
echo 'command="mkdir -p /borg/'"$hostname"'; cd /borg/'"$hostname"'; borg serve --restrict-to-path /borg/'"$hostname"'",restrict '"$pubkey"
|
||||||
echo 'command="mkdir -p /borg/'"$hostname"'; cd /borg/'"$hostname"'; borg serve --restrict-to-path /borg/'"$hostname"'", restrict '"$pubkey"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
put_key() {
|
put_key() {
|
||||||
|
|
@ -15,4 +16,16 @@ put_key() {
|
||||||
ssh -t robert@xalicas "sudo -u backup mkdir -p ~backup/.ssh; echo '$line' | sudo -u backup tee -a ~backup/.ssh/authorized_keys"
|
ssh -t robert@xalicas "sudo -u backup mkdir -p ~backup/.ssh; echo '$line' | sudo -u backup tee -a ~backup/.ssh/authorized_keys"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
manually_debug_borg_command() {
|
||||||
|
jobname="$1"
|
||||||
|
service="/etc/systemd/system/borgbackup-job-$jobname.service"
|
||||||
|
borg_rsh=$(grep BORG_RSH "$service" | cut -d= -f3 | sed 's/"$//')
|
||||||
|
borg_repo=$(grep BORG_REPO "$service" | cut -d= -f3 | sed 's/"$//')
|
||||||
|
script1=$(grep ExecStart "$service" | cut -d= -f2 | sed 's/ $//')
|
||||||
|
script2=$(grep '^exec' "$script1" | cut -d\ -f2)
|
||||||
|
set -x
|
||||||
|
sudo env BORG_RSH="$borg_rsh" BORG_REPO="$borg_repo" "$script2" || true
|
||||||
|
set +x
|
||||||
|
}
|
||||||
|
|
||||||
"$@"
|
"$@"
|
||||||
|
|
|
||||||
203
vm-base.nix
203
vm-base.nix
|
|
@ -1,4 +1,10 @@
|
||||||
{ config, pkgs, modulesPath, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
@ -27,105 +33,116 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = let cfg = config.my.vm; in {
|
config =
|
||||||
proxmox.qemuConf.name = cfg.name;
|
let
|
||||||
# virtualisation.diskSize = 10240; # MiB
|
cfg = config.my.vm;
|
||||||
proxmox.qemuConf.diskSize = "auto";
|
in
|
||||||
|
{
|
||||||
|
proxmox.qemuConf.name = cfg.name;
|
||||||
|
virtualisation.diskSize = "auto";
|
||||||
|
|
||||||
# Enable QEMU Guest for Proxmox
|
# Enable QEMU Guest for Proxmox
|
||||||
services.qemuGuest.enable = lib.mkDefault true;
|
services.qemuGuest.enable = lib.mkDefault true;
|
||||||
|
|
||||||
# Use the boot drive for grub
|
# Use the boot drive for grub
|
||||||
boot.loader.grub.enable = lib.mkDefault true;
|
boot.loader.grub.enable = lib.mkDefault true;
|
||||||
boot.loader.grub.devices = [ "nodev" ];
|
boot.loader.grub.devices = [ "nodev" ];
|
||||||
|
|
||||||
boot.growPartition = lib.mkDefault true;
|
boot.growPartition = lib.mkDefault true;
|
||||||
|
|
||||||
# Allow remote updates with flakes and non-root users
|
# Allow remote updates with flakes and non-root users
|
||||||
nix.settings.trusted-users = [ "root" "@wheel" ];
|
nix.settings.trusted-users = [
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
"root"
|
||||||
|
"@wheel"
|
||||||
|
];
|
||||||
|
nix.settings.experimental-features = [
|
||||||
|
"nix-command"
|
||||||
|
"flakes"
|
||||||
|
];
|
||||||
|
|
||||||
# Enable mDNS for `hostname.local` addresses
|
# Enable mDNS for `hostname.local` addresses
|
||||||
services.avahi.enable = true;
|
services.avahi.enable = true;
|
||||||
services.avahi.nssmdns4 = true;
|
services.avahi.nssmdns4 = true;
|
||||||
services.avahi.publish = {
|
services.avahi.publish = {
|
||||||
enable = true;
|
enable = true;
|
||||||
addresses = true;
|
addresses = true;
|
||||||
};
|
|
||||||
|
|
||||||
# Some sane packages we need on every system
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
vim
|
|
||||||
git # for pulling nix flakes
|
|
||||||
];
|
|
||||||
|
|
||||||
# doing it here opens udp port _and_ installs package
|
|
||||||
programs.mosh.enable = true;
|
|
||||||
|
|
||||||
# Don't ask for passwords
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
|
||||||
|
|
||||||
# Don't use cloud-init
|
|
||||||
services.cloud-init.network.enable = lib.mkForce false;
|
|
||||||
networking = {
|
|
||||||
hostName = cfg.name;
|
|
||||||
nameservers = ["192.168.0.1"];
|
|
||||||
interfaces.${cfg.iface} = {
|
|
||||||
ipv4.addresses = [{
|
|
||||||
address = cfg.ip4;
|
|
||||||
prefixLength = 24;
|
|
||||||
}];
|
|
||||||
};
|
};
|
||||||
defaultGateway = {
|
|
||||||
address = "192.168.0.1";
|
# Some sane packages we need on every system
|
||||||
interface = "${cfg.iface}";
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
git # for pulling nix flakes
|
||||||
|
];
|
||||||
|
|
||||||
|
# doing it here opens udp port _and_ installs package
|
||||||
|
programs.mosh.enable = true;
|
||||||
|
|
||||||
|
# Don't ask for passwords
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
|
# Don't use cloud-init
|
||||||
|
services.cloud-init.network.enable = lib.mkForce false;
|
||||||
|
networking = {
|
||||||
|
hostName = cfg.name;
|
||||||
|
nameservers = [ "192.168.0.1" ];
|
||||||
|
interfaces.${cfg.iface} = {
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = cfg.ip4;
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = {
|
||||||
|
address = "192.168.0.1";
|
||||||
|
interface = "${cfg.iface}";
|
||||||
|
};
|
||||||
|
defaultGateway6 = {
|
||||||
|
address = "fe80::1";
|
||||||
|
interface = "${cfg.iface}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
defaultGateway6 = {
|
|
||||||
address = "fe80::1";
|
# Enable ssh
|
||||||
interface = "${cfg.iface}";
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
settings.KbdInteractiveAuthentication = false;
|
||||||
};
|
};
|
||||||
|
programs.ssh.startAgent = true;
|
||||||
|
|
||||||
|
# Enable prometheus metrics export
|
||||||
|
networking.firewall.allowedTCPPorts = [ 9100 ];
|
||||||
|
services.prometheus.exporters.node = {
|
||||||
|
enable = true;
|
||||||
|
port = 9100;
|
||||||
|
enabledCollectors = [ "systemd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Add an admin user
|
||||||
|
users.users.admin = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "Robert Perce";
|
||||||
|
extraGroups = [ "wheel" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.admin.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
|
||||||
|
];
|
||||||
|
|
||||||
|
# Default filesystem
|
||||||
|
fileSystems."/" = lib.mkDefault {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
autoResize = true;
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/mnt/nfs" = lib.mkDefault {
|
||||||
|
device = "192.168.0.3:/";
|
||||||
|
fsType = "nfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = lib.mkDefault "24.11";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable ssh
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
settings.PasswordAuthentication = false;
|
|
||||||
settings.KbdInteractiveAuthentication = false;
|
|
||||||
};
|
|
||||||
programs.ssh.startAgent = true;
|
|
||||||
|
|
||||||
# Enable prometheus metrics export
|
|
||||||
networking.firewall.allowedTCPPorts = [ 9100 ];
|
|
||||||
services.prometheus.exporters.node = {
|
|
||||||
enable = true;
|
|
||||||
port = 9100;
|
|
||||||
enabledCollectors = ["systemd"];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Add an admin user
|
|
||||||
users.users.admin = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = "Robert Perce";
|
|
||||||
extraGroups = [ "wheel" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.admin.openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Default filesystem
|
|
||||||
fileSystems."/" = lib.mkDefault {
|
|
||||||
device = "/dev/disk/by-label/nixos";
|
|
||||||
autoResize = true;
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/mnt/nfs" = lib.mkDefault {
|
|
||||||
device = "192.168.0.3:/";
|
|
||||||
fsType = "nfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = lib.mkDefault "24.11";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,8 @@
|
||||||
{ inputs, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
minidump = pkgs.writeScript "minidump" "exec /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dump miniflux";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./vm-base.nix
|
./vm-base.nix
|
||||||
|
|
@ -87,5 +90,15 @@
|
||||||
mailer.ENABLED = false;
|
mailer.ENABLED = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.borgbackup.jobs.miniflux = {
|
||||||
|
dumpCommand = minidump;
|
||||||
|
archiveBaseName = null;
|
||||||
|
encryption.mode = "none";
|
||||||
|
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
|
||||||
|
repo = "ssh://backup@xalicas/./miniflux";
|
||||||
|
compression = "auto,zstd";
|
||||||
|
startAt = "daily";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue