steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

run most containers and back them up at home

Browse source 
* switch backup from wasabi-s3 to btrfs via ssh
* add srv0 at home
* run webserver and syncthing at home
This commit is contained in:
steveej 2020-12-30 09:10:30 +01:00
parent 2a2715d447
commit 406ab7be7e
12 changed files with 330 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

148
nix/os/containers/backup.nix
View file

@ -1,70 +1,13 @@
{ config
, hostAddress
, localAddress
, subvolumes
, targetPathSuffix ? ""
}:
let
unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };
passwords = import ../../variables/passwords.crypt.nix;
bucket = "bkp";
subvolumeParentDir = "/var/lib";
subvolumeDir = "/var/lib/container-volumes";
subvolumeSnapshot = "/var/lib/container-volumes.snapshot";
bkpSource = subvolumeSnapshot;
bkpDestination = "/container/backup";
cacheDir = "/var/lib/rclone-cachedir";
wasabiRc = pkgs: pkgs.writeText "rc" ''
[wasabi-${bucket}]
type = s3
provider = Wasabi
env_auth = false
#bkp user
access_key_id = ${passwords.storage.wasabi.bkp.key}
secret_access_key = ${passwords.storage.wasabi.bkp.secret}
region = us-east-1
endpoint = s3.wasabisys.com
location_constraint =
acl =
server_side_encryption =
storage_class =
'';
bkp-mount-rclone-manual = pkgs: {
enable = true;
description = "bkp-mount-rclone-manual service";
path = with pkgs; [ unstablepkgs.rclone utillinux ];
serviceConfig = {
Type = "notify";
};
script = ''
export PATH="$PATH:/run/wrappers/bin"
exec rclone --config ${wasabiRc pkgs} mount wasabi-${bucket}:${bucket} ${bkpDestination} \
--stats=50m --stats-log-level=NOTICE \
--cache-dir=${cacheDir} \
--vfs-cache-mode=full
'';
preStart = ''
mkdir -p ${bkpDestination}
mkdir -p ${cacheDir}
'';
postStop = ''
sync
umount ${bkpDestination} \
|| umount -l ${bkpDestination} \
|| :
rmdir ${bkpDestination}
'';
};
subvolumeParentDir = "/var/lib/container-volumes";
in {
config = { pkgs, ... }: {
@ -74,18 +17,14 @@ in {
environment.systemPackages = with pkgs; [
btrfs-progs
rdup rdedup
iptraf-ng nethogs
rclone
btrbk
];
networking.firewall.enable = true;
systemd.services."bkp-mount-rclone-manual" = bkp-mount-rclone-manual pkgs;
systemd.services."bkp-sync-rclone" = {
systemd.services."bkp-sync" = {
enable = true;
description = "bkp-sync-rclone service";
description = "bkp-sync service";
serviceConfig = {
Type = "oneshot";
@ -99,14 +38,10 @@ in {
"bkp-run.service"
];
path = with pkgs; [ unstablepkgs.rclone utillinux ];
path = with pkgs; [ utillinux ];
script = ''
set -x
echo Starting rclone sync...
rclone --config ${wasabiRc pkgs} sync \
${bkpDestination}/rdedup/ wasabi-${bucket}:${bucket}/rdedup/ \
--stats=50m --stats-log-level=WARNING
echo Finished rclone sync...
true
'';
};
@ -119,41 +54,35 @@ in {
};
partOf = [
"bkp-sync-rclone.service"
"bkp-sync.service"
];
path = with pkgs; [ btrfs-progs rdup rdedup coreutils ];
preStart = ''
echo Creating new btrfs snapshot of ${subvolumeDir} at ${subvolumeSnapshot}
btrfs subvolume snapshot -r ${subvolumeDir} ${subvolumeSnapshot}
'';
script = ''
path = with pkgs; [ btrfs-progs btrbk coreutils ];
script = let
bktrbkConf = pkgs.writeText "cfg" ''
timestamp_format long
ssh_identity ${passwords.storage.homeChBackup.keyPath}
ssh_user ${passwords.storage.homeChBackup.user}
ssh_compression no
backend_remote btrfs-progs-sudo
compat_remote busybox
btrfs_commit_delete each
snapshot_create onchange
snapshot_preserve_min latest
snapshot_preserve 7d 4w
target_preserve_min no
target_preserve 7d 4w 12m *y
volume ${subvolumeParentDir}
target ${passwords.storage.homeChBackup.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes}
'';
in ''
#! ${pkgs.bash}/bin/bash
set -Eeuxo pipefail
export RUST_BACKTRACE=1
export TIMESTAMP=$(date +"%Y%m%d.%H%M%S")
echo Starting rdup/rdedup backup...
for d in `ls -1 ${bkpSource}`; do
echo Determining backup source size ${bkpSource}/$d...
du -hs ${bkpSource}/$d
rdup -x /dev/null ${bkpSource}/$d | rdedup -v -ttt --dir=${bkpDestination}/rdedup store $d-''${TIMESTAMP}
done
sync
echo Finished rdup/rdedup backup...
echo Removing all previous backups...
rdedup --dir=${bkpDestination}/rdedup list | grep -v ''${TIMESTAMP} | xargs echo rdedup --dir=${bkpDestination}/rdedup remove
echo Running rdedup garbage-collector...
time rdedup -v -ttt --dir=${bkpDestination}/rdedup gc
echo Determining backup destination size ${bkpDestination}/rdedup...
du -hs ${bkpDestination}/rdedup
'';
postStop = ''
btrfs subvolume delete ${subvolumeSnapshot}
btrbk -c ${bktrbkConf} --progress ''${@:-run}
'';
};
@ -164,9 +93,9 @@ in {
timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00";
OnStartupSec="2d";
Unit = "bkp-sync-rclone.service";
OnUnitInactiveSec="2d";
OnStartupSec="1m";
Unit = "bkp-sync.service";
OnUnitInactiveSec="2h";
Persistent="true";
};
};
@ -176,10 +105,15 @@ in {
bindMounts = {
"${subvolumeParentDir}" = {
hostPath = "/var/lib/";
hostPath = subvolumeParentDir;
isReadOnly = false;
};
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/backup/etc-secrets";
isReadOnly = true;
};
"/dev/fuse" = {
hostPath = "/dev/fuse";
isReadOnly = false;