diff --git a/trantor.nix b/trantor.nix index c5973fe..aa39ab8 100644 --- a/trantor.nix +++ b/trantor.nix @@ -83,6 +83,34 @@ in { fsType = "nfs"; }; + "/mnt/backups/0" = { + device = "/dev/mapper/backups0"; + fsType = "btrfs"; + options = [ "noauto" "subvolid=5" "compress=zstd" ]; + }; + + "/mnt/backups/1" = { + device = "/dev/mapper/backups1"; + fsType = "btrfs"; + options = [ "noauto" "subvolid=5" "compress=zstd" ]; + }; + + "/mnt/backups/2" = { + device = "/dev/mapper/backups2"; + fsType = "btrfs"; + options = [ "noauto" "subvolid=5" "compress=zstd" ]; + }; + + }; + + environment.etc = { + crypttab = { + text = '' + backups0 UUID="e45232d5-f46f-46f3-a150-be26374b3357" /etc/luks-keys/backups.bin noauto + backups1 UUID="5b3da928-4862-4451-89cd-5bd6a95466d0" /etc/luks-keys/backups.bin noauto + backups2 UUID="cbfa9cba-dee2-4d0b-8cde-2f1d1849b22c" /etc/luks-keys/backups.bin noauto + ''; + }; }; environment.variables = { @@ -154,8 +182,10 @@ in { }; }; secrets = { - "/system_keyfile.bin" = "/boot/system_keyfile.bin"; - "/user_keyfile.bin" = "/boot/user_keyfile.bin"; + # "/system_keyfile.bin" = "/boot/system_keyfile.bin"; + # "/user_keyfile.bin" = "/boot/user_keyfile.bin"; + "/system_keyfile.bin" = "/etc/luks-keys/system.bin"; + "/user_keyfile.bin" = "/etc/luks-keys/user.bin"; }; }; }; @@ -176,17 +206,24 @@ in { # }; # todo: target and/or archive - services.btrbk.instances.btrbk = { - onCalendar = "*:0/30"; # every 30 minutes - settings = { - snapshot_preserve = "2d"; - snapshot_preserve_min = "latest"; - snapshot_create = "onchange"; - volume."/mnt/btr_user" = { - snapshot_dir = "btrbk_snapshots"; - subvolume = { - data = { }; - persist = { }; + services.btrbk = { + sshAccess = [{ + roles = [ "info" "source" "target" "delete" "snapshot" "send" "receive" ]; + key = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAJy2lSOeG4iCUlk+W0TK9DnJyHe/0XUU0PD0kokbWKF btrbk"; + }]; + instances.btrbk = { + onCalendar = "*:0/30"; # every 30 minutes + settings = { + snapshot_preserve = "2d"; + snapshot_preserve_min = "latest"; + snapshot_create = "onchange"; + volume."/mnt/btr_user" = { + snapshot_dir = "btrbk_snapshots"; + subvolume = { + data = { }; + persist = { }; + }; }; }; };