feat(viridian): add explicit persist data to backup strategy

Add critical system state from persist.nix to borgbackup jobs: - SSH host keys (required for borg authentication) - machine-id and nixos state - Network and bluetooth configurations Paths mirror persist.nix configuration for maintainability. Service-specific persist data (traefik, crowdsec) excluded - will create dedicated subvolumes if/when needed.
2025-10-07 17:06:45 +08:00 · 2025-10-07 17:06:45 +08:00 · f24a7476a7
commit f24a7476a7
parent 7833d89d86
2 changed files with 29 additions and 2 deletions
--- a/nixos/viridian/services/borgbackup/offsite.nix
+++ b/nixos/viridian/services/borgbackup/offsite.nix
@ -1,6 +1,7 @@
 {
  config,
  pkgs,
+  inputs,
  ...
 }: {
  # Encrypted passphrase for offsite borgbackup repository
@ -32,13 +33,26 @@
      done
    '';

-    # Backup all staging snapshots
+    # Backup staging snapshots and explicit persistent files
    paths = [
      "/.staging-offsite/containers"
      "/.staging-offsite/forgejo"
      "/.staging-offsite/lighttpd"
      "/.staging-offsite/minecraft"
      "/.staging-offsite/opengist"
+
+      # Files from persist.nix (restore to /persist)
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+
+      # Directories from persist.nix (restore to /persist)
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/private"
+      "/etc/NetworkManager/system-connections"
    ];

    # Remove staging snapshots after backup completes
--- a/nixos/viridian/services/borgbackup/onsite.nix
+++ b/nixos/viridian/services/borgbackup/onsite.nix
@ -39,13 +39,26 @@ in {
      done
    '';

-    # Backup all staging snapshots
+    # Backup staging snapshots and explicit persistent files
    paths = [
      "/.staging-onsite/containers"
      "/.staging-onsite/forgejo"
      "/.staging-onsite/lighttpd"
      "/.staging-onsite/minecraft"
      "/.staging-onsite/opengist"
+
+      # Files from persist.nix (restore to /persist)
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+
+      # Directories from persist.nix (restore to /persist)
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/private"
+      "/etc/NetworkManager/system-connections"
    ];

    # Remove staging snapshots after backup completes