From 449a2f02fe23f5d27a4dc3f77003f45c5b07af62 Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Sun, 26 Mar 2023 17:00:32 +0200 Subject: [PATCH] feat: offline backups using btrbk --- capibara.nix | 95 +++++++++++++++++++++++++++++++++++++++++------- nixos/common.nix | 5 ++- 2 files changed, 86 insertions(+), 14 deletions(-) diff --git a/capibara.nix b/capibara.nix index 2f60aa0..7c6e7e0 100644 --- a/capibara.nix +++ b/capibara.nix @@ -4,7 +4,23 @@ { config, pkgs, stablePkgs, impermanence, ... }: -let home = "/home/rilla"; +let + home = "/home/rilla"; + run-offline-backups = pkgs.writeScriptBin "run-offline-backups" '' + #!${pkgs.dash}/bin/dash + + set -xe + + for x in 0 1 2; do + ${pkgs.systemd}/bin/systemctl start "mnt-backups-''${x}.mount" + done && \ + /run/wrappers/bin/doas -u btrbk \ + ${pkgs.btrbk}/bin/btrbk \ + -c /etc/btrbk/offline-backups.conf \ + --progress \ + --verbose \ + run + ''; in { imports = [ ./nixos/hardware-configuration/capibara.nix ./nixos/common.nix ]; @@ -147,7 +163,7 @@ in { # services.thermald.enable = true; services.tlp.enable = true; services.power-profiles-daemon.enable = false; - environment.systemPackages = with pkgs; [ powertop acpi ]; + environment.systemPackages = with pkgs; [ powertop acpi run-offline-backups ]; #services.beesd.filesystems = { # root = { @@ -159,20 +175,73 @@ in { #}; # todo: target and/or archive - services.btrbk.instances.btrbk = { - onCalendar = "*:0/30"; # every 30 minutes - settings = { - snapshot_preserve = "2d"; - snapshot_preserve_min = "latest"; - snapshot_create = "onchange"; - volume."/mnt/btr_root" = { - snapshot_dir = "btrbk_snapshots"; - subvolume = { - data = { }; - persist = { }; + services.btrbk.instances = { + btrbk = { + onCalendar = "*:0/30"; # every 30 minutes + settings = { + snapshot_preserve = "2d"; + snapshot_preserve_min = "latest"; + snapshot_create = "onchange"; + volume."/mnt/btr_root" = { + snapshot_dir = "btrbk_snapshots"; + subvolume = { + data = { }; + persist = { }; + }; }; }; }; + + # doas -u btrbk btrbk -c /etc/btrbk/offline-backups.conf --dry-run --progress --verbose run + offline-backups = { + onCalendar = null; + settings = { + ssh_user = "btrbk"; + ssh_identity = "/etc/btrbk/id_ed25519"; + backend_remote = "btrfs-progs-doas"; + volume = { + + "ssh://narwhal:22/mnt/btr_pool" = { + subvolume = { + backups = { }; + books = { }; + certs = { }; + data = { }; + docker_volumes = { }; + home = { }; + home-data = { }; + http = { }; + music = { }; + secrets = { }; + transmission = { }; + videos = { }; + }; + target = { + "/mnt/backups/0/btr_backup/narwhal" = { }; + "/mnt/backups/1/btr_backup/narwhal" = { }; + "/mnt/backups/2/btr_backup/narwhal" = { }; + }; + }; + + "ssh://suricata:22/mnt/btr_pool" = { + compat_remote = "busybox"; + subvolume = { + home = { }; + rancher_config = { }; + backups = { }; + configs = { }; + + }; + target = { + "/mnt/backups/0/btr_backup/suricata" = { }; + "/mnt/backups/1/btr_backup/suricata" = { }; + "/mnt/backups/2/btr_backup/suricata" = { }; + }; + }; + }; + + }; + }; }; services.xserver.deviceSection = '' diff --git a/nixos/common.nix b/nixos/common.nix index 07127d5..05e31f8 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -300,7 +300,10 @@ "/etc/ssh/user_ca.pub" ]; }; - "/mnt/data" = { directories = [ "/etc/luks-keys" ]; }; + "/mnt/data" = { + directories = [ "/etc/luks-keys" ]; + files = [ "/etc/btrbk/id_ed25519" ]; + }; "/mnt/logs" = { directories = [ "/var/log" ]; }; };