steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Pr/backup target container #79

Merged
steveej merged 1 commit from pr/backup-target-container into master 2021-02-09 23:06:40 +00:00
Conversation 1 Commits 1 Files changed 4 +77 -10
4 changed files with 77 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

69
nix/os/containers/backup-target.nix Normal file
View file

@ -0,0 +1,69 @@
{ hostAddress
, localAddress
, containerBackupCfg
, sshPort ? containerBackupCfg.portInt
}: {
config = { config, pkgs, lib, ... }: {
imports = [
../profiles/containers/configuration.nix
];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = containerBackupCfg.addr;
};
services.openssh.enable = true;
users.extraUsers."${containerBackupCfg.user}" = {
uid = 2000;
shell = pkgs.bashInteractive;
home = "/${containerBackupCfg.targetPath}";
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
];
packages = with pkgs; [
btrfsProgs
# btrbk
];
};
security.sudo = {
enable = true;
extraRules = [
{
users = [ "bkp" ];
commands = [
{ command = "/etc/profiles/per-user/bkp/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/test"; options = [ "NOPASSWD" ]; }
];
}
];
};
};
autoStart = true;
bindMounts = {
"/${containerBackupCfg.targetPath}" = {
hostPath = "/var/lib/container-volumes/backup-target";
isReadOnly = false;
};
};
privateNetwork = true;
forwardPorts = [
{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}
];
inherit hostAddress localAddress;
}

6
nix/os/containers/backup.nix
View file

@ -62,8 +62,8 @@ in {
script = let
btrbkConf = pkgs.writeText "cfg" ''
timestamp_format long
ssh_identity ${passwords.storage.homeChBackup.keyPath}
ssh_user ${passwords.storage.homeChBackup.user}
ssh_identity ${passwords.storage.backupTarget.keyPath}
ssh_user ${passwords.storage.backupTarget.user}
ssh_compression no
backend_remote btrfs-progs-sudo
compat_remote busybox
@ -75,7 +75,7 @@ in {
target_preserve 7d 4w 12m *y
volume ${subvolumeParentDir}
target ${passwords.storage.homeChBackup.target}/container-volumes/${targetPathSuffix}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes}
'';
in ''

12
nix/os/devices/vmd32387.contaboserver.net/system.nix
View file

@ -5,6 +5,7 @@
let
keys = import ../../../variables/keys.nix;
passwords = import ../../../variables/passwords.crypt.nix;
in {
# TASK: new device
@ -106,13 +107,10 @@ in {
networking.useHostResolvConf = true;
containers = {
backup = import ../../containers/backup.nix {
inherit config;
hostAddress = "192.168.100.16";
localAddress = "192.168.100.17";
subvolumes = [
"backup"
];
bkpTarget = import ../../containers/backup-target.nix {
hostAddress = "192.168.100.18";
localAddress = "192.168.100.19";
containerBackupCfg = passwords.storage.backupTarget;
};
};

BIN
nix/variables/passwords.crypt.nix
View file

Binary file not shown.