diff --git a/nixos/fuchsia/services/borgbackup/offsite.nix b/nixos/fuchsia/services/borgbackup/offsite.nix index ed0d181..35720cb 100644 --- a/nixos/fuchsia/services/borgbackup/offsite.nix +++ b/nixos/fuchsia/services/borgbackup/offsite.nix @@ -10,63 +10,54 @@ # Create staging directory before borg service starts systemd.tmpfiles.rules = [ - "d /btrfs-subvolumes 0755 root root -" + "d /.staging-offsite 0755 root root -" ]; - # Wait for onsite backup to complete before starting offsite - systemd.services."borgbackup-job-offsite" = { - after = ["borgbackup-job-onsite.service"]; - }; - services.borgbackup.jobs."offsite" = { # Allow writing to staging directory - readWritePaths = [ "/btrfs-subvolumes" ]; + readWritePaths = [ "/.staging-offsite" ]; - preHook = /* sh */ '' - # Clean up orphaned snapshots from failed runs (crash/power loss) - [ -d "/btrfs-subvolumes/hm-sajenim" ] && \ - ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/hm-sajenim" 2>/dev/null || true - - # Create read-only BTRFS snapshot for backup + # Create staging snapshots before backup (independent from onsite) + preHook = '' + # Create read-only staging snapshots for home directory ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \ - "/home/sajenim" "/btrfs-subvolumes/hm-sajenim" + "/home/sajenim" "/.staging-offsite/home" ''; # Backup explicit home directories and persistent files paths = [ # Home directories (valuable user data only) - "/btrfs-subvolumes/hm-sajenim/Documents" - "/btrfs-subvolumes/hm-sajenim/Pictures" - "/btrfs-subvolumes/hm-sajenim/Videos" - "/btrfs-subvolumes/hm-sajenim/Music" - "/btrfs-subvolumes/hm-sajenim/Downloads" - "/btrfs-subvolumes/hm-sajenim/Academics" - "/btrfs-subvolumes/hm-sajenim/Notes" - "/btrfs-subvolumes/hm-sajenim/Library" + "/.staging-offsite/home/Documents" + "/.staging-offsite/home/Pictures" + "/.staging-offsite/home/Videos" + "/.staging-offsite/home/Music" + "/.staging-offsite/home/Downloads" + "/.staging-offsite/home/Academics" + "/.staging-offsite/home/Notes" + "/.staging-offsite/home/Library" # Dotfiles (critical user configuration) - "/btrfs-subvolumes/hm-sajenim/.ssh" - "/btrfs-subvolumes/hm-sajenim/.gnupg" + "/.staging-offsite/home/.ssh" + "/.staging-offsite/home/.gnupg" - # Persistent files (actual storage location) - "/persist/etc/machine-id" - "/persist/etc/ssh/ssh_host_rsa_key" - "/persist/etc/ssh/ssh_host_rsa_key.pub" - "/persist/etc/ssh/ssh_host_ed25519_key" - "/persist/etc/ssh/ssh_host_ed25519_key.pub" + # Files from persist.nix (restore to /persist) + "/etc/machine-id" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" - # Persistent directories (actual storage location) - "/persist/var/lib/bluetooth" - "/persist/var/lib/nixos" - "/persist/var/lib/private" - "/persist/etc/NetworkManager/system-connections" + # Directories from persist.nix (restore to /persist) + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/private" + "/etc/NetworkManager/system-connections" ]; - postHook = /* sh */ '' - # Clean up snapshots after successful backup + # Remove staging snapshots after backup completes + postHook = '' ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/hm-sajenim" + "/.staging-offsite/home" ''; # Remote repository configuration @@ -79,7 +70,7 @@ environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key"; compression = "zstd,9"; - startAt = "*-*-* 00:15:00"; # Daily at 12:15 AM + startAt = "daily"; # Ensure backup runs on next boot if system was asleep persistentTimer = true; diff --git a/nixos/fuchsia/services/borgbackup/onsite.nix b/nixos/fuchsia/services/borgbackup/onsite.nix index e8ec62b..507d17b 100644 --- a/nixos/fuchsia/services/borgbackup/onsite.nix +++ b/nixos/fuchsia/services/borgbackup/onsite.nix @@ -8,58 +8,54 @@ in { # Create staging directory before borg service starts systemd.tmpfiles.rules = [ - "d /btrfs-subvolumes 0755 root root -" + "d /.staging-onsite 0755 root root -" ]; services.borgbackup.jobs."onsite" = { # Allow writing to staging directory - readWritePaths = [ "/btrfs-subvolumes" ]; + readWritePaths = [ "/.staging-onsite" ]; - preHook = /* sh */ '' - # Clean up orphaned snapshots from failed runs (crash/power loss) - [ -d "/btrfs-subvolumes/hm-sajenim" ] && \ - ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/hm-sajenim" 2>/dev/null || true - - # Create read-only BTRFS snapshot for backup + # Create staging snapshots before backup (independent from offsite) + preHook = '' + # Create read-only staging snapshots for home directory ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \ - "/home/sajenim" "/btrfs-subvolumes/hm-sajenim" + "/home/sajenim" "/.staging-onsite/home" ''; # Backup explicit home directories and persistent files paths = [ # Home directories (valuable user data only) - "/btrfs-subvolumes/hm-sajenim/Documents" - "/btrfs-subvolumes/hm-sajenim/Pictures" - "/btrfs-subvolumes/hm-sajenim/Videos" - "/btrfs-subvolumes/hm-sajenim/Music" - "/btrfs-subvolumes/hm-sajenim/Downloads" - "/btrfs-subvolumes/hm-sajenim/Academics" - "/btrfs-subvolumes/hm-sajenim/Notes" - "/btrfs-subvolumes/hm-sajenim/Library" + "/.staging-onsite/home/Documents" + "/.staging-onsite/home/Pictures" + "/.staging-onsite/home/Videos" + "/.staging-onsite/home/Music" + "/.staging-onsite/home/Downloads" + "/.staging-onsite/home/Academics" + "/.staging-onsite/home/Notes" + "/.staging-onsite/home/Library" # Dotfiles (critical user configuration) - "/btrfs-subvolumes/hm-sajenim/.ssh" - "/btrfs-subvolumes/hm-sajenim/.gnupg" + "/.staging-onsite/home/.ssh" + "/.staging-onsite/home/.gnupg" - # Persistent files (actual storage location) - "/persist/etc/machine-id" - "/persist/etc/ssh/ssh_host_rsa_key" - "/persist/etc/ssh/ssh_host_rsa_key.pub" - "/persist/etc/ssh/ssh_host_ed25519_key" - "/persist/etc/ssh/ssh_host_ed25519_key.pub" + # Files from persist.nix (restore to /persist) + "/etc/machine-id" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" - # Persistent directories (actual storage location) - "/persist/var/lib/bluetooth" - "/persist/var/lib/nixos" - "/persist/var/lib/private" - "/persist/etc/NetworkManager/system-connections" + # Directories from persist.nix (restore to /persist) + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/private" + "/etc/NetworkManager/system-connections" ]; - postHook = /* sh */ '' - # Clean up snapshots after successful backup + # Remove staging snapshots after backup completes + postHook = '' ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/hm-sajenim" + "/.staging-onsite/home" ''; # Onsite repository configuration (backup to viridian over SSH) diff --git a/nixos/viridian/services/borgbackup/offsite.nix b/nixos/viridian/services/borgbackup/offsite.nix index f36f5a1..173bd75 100644 --- a/nixos/viridian/services/borgbackup/offsite.nix +++ b/nixos/viridian/services/borgbackup/offsite.nix @@ -10,81 +10,55 @@ # Create staging directory before borg service starts systemd.tmpfiles.rules = [ - "d /btrfs-subvolumes 0755 root root -" + "d /.staging-offsite 0755 root root -" ]; - # Wait for onsite backup to complete before starting offsite - systemd.services."borgbackup-job-offsite" = { - after = ["borgbackup-job-onsite.service"]; - }; - services.borgbackup.jobs."offsite" = { # Allow writing to staging directory - readWritePaths = [ "/btrfs-subvolumes" ]; + readWritePaths = [ "/.staging-offsite" ]; - preHook = let - subvolumes = [ - "srv-containers" - "srv-forgejo" - "srv-lighttpd" - "srv-minecraft" - "srv-opengist" - ]; - in /* sh */ '' - # Clean up orphaned snapshots from failed runs (crash/power loss) - for subvol in ${toString subvolumes}; do - [ -d "/btrfs-subvolumes/$subvol" ] && \ - ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/$subvol" 2>/dev/null || true - done - - # Create read-only BTRFS snapshots for backup - for subvol in ${toString subvolumes}; do + # Create staging snapshots before backup (independent from onsite) + preHook = '' + # Create read-only staging snapshots for each service + for subvol in containers forgejo lighttpd minecraft opengist; do + # Map config names to actual subvolume paths case "$subvol" in - srv-containers) src="/srv/multimedia/containers" ;; - srv-*) src="/srv/''${subvol#srv-}" ;; + containers) src="/srv/multimedia/containers" ;; + *) src="/srv/$subvol" ;; esac ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \ - "$src" "/btrfs-subvolumes/$subvol" + "$src" "/.staging-offsite/$subvol" done ''; # Backup staging snapshots and explicit persistent files paths = [ - "/btrfs-subvolumes/srv-containers" - "/btrfs-subvolumes/srv-forgejo" - "/btrfs-subvolumes/srv-lighttpd" - "/btrfs-subvolumes/srv-minecraft" - "/btrfs-subvolumes/srv-opengist" + "/.staging-offsite/containers" + "/.staging-offsite/forgejo" + "/.staging-offsite/lighttpd" + "/.staging-offsite/minecraft" + "/.staging-offsite/opengist" - # Persistent files (actual storage location) - "/persist/etc/machine-id" - "/persist/etc/ssh/ssh_host_rsa_key" - "/persist/etc/ssh/ssh_host_rsa_key.pub" - "/persist/etc/ssh/ssh_host_ed25519_key" - "/persist/etc/ssh/ssh_host_ed25519_key.pub" + # Files from persist.nix (restore to /persist) + "/etc/machine-id" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" - # Persistent directories (actual storage location) - "/persist/var/lib/bluetooth" - "/persist/var/lib/nixos" - "/persist/var/lib/private" - "/persist/etc/NetworkManager/system-connections" + # Directories from persist.nix (restore to /persist) + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/private" + "/etc/NetworkManager/system-connections" ]; - postHook = let - subvolumes = [ - "srv-containers" - "srv-forgejo" - "srv-lighttpd" - "srv-minecraft" - "srv-opengist" - ]; - in /* sh */ '' - # Clean up snapshots after successful backup - for subvol in ${toString subvolumes}; do + # Remove staging snapshots after backup completes + postHook = '' + for subvol in containers forgejo lighttpd minecraft opengist; do ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/$subvol" + "/.staging-offsite/$subvol" done ''; @@ -98,7 +72,7 @@ environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key"; compression = "zstd,9"; - startAt = "*-*-* 00:15:00"; # Daily at 12:15 AM + startAt = "daily"; # Ensure backup runs on next boot if system was asleep persistentTimer = true; diff --git a/nixos/viridian/services/borgbackup/onsite.nix b/nixos/viridian/services/borgbackup/onsite.nix index fd7d09c..7993489 100644 --- a/nixos/viridian/services/borgbackup/onsite.nix +++ b/nixos/viridian/services/borgbackup/onsite.nix @@ -17,76 +17,55 @@ in { # Create staging directory before borg service starts systemd.tmpfiles.rules = [ - "d /btrfs-subvolumes 0755 root root -" + "d /.staging-onsite 0755 root root -" ]; services.borgbackup.jobs."onsite" = { # Allow writing to staging directory - readWritePaths = [ "/btrfs-subvolumes" ]; + readWritePaths = [ "/.staging-onsite" ]; - preHook = let - subvolumes = [ - "srv-containers" - "srv-forgejo" - "srv-lighttpd" - "srv-minecraft" - "srv-opengist" - ]; - in /* sh */ '' - # Clean up orphaned snapshots from failed runs (crash/power loss) - for subvol in ${toString subvolumes}; do - [ -d "/btrfs-subvolumes/$subvol" ] && \ - ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/$subvol" 2>/dev/null || true - done - - # Create read-only BTRFS snapshots for backup - for subvol in ${toString subvolumes}; do + # Create staging snapshots before backup (independent from offsite) + preHook = '' + # Create read-only staging snapshots for each service + for subvol in containers forgejo lighttpd minecraft opengist; do + # Map config names to actual subvolume paths case "$subvol" in - srv-containers) src="/srv/multimedia/containers" ;; - srv-*) src="/srv/''${subvol#srv-}" ;; + containers) src="/srv/multimedia/containers" ;; + *) src="/srv/$subvol" ;; esac ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \ - "$src" "/btrfs-subvolumes/$subvol" + "$src" "/.staging-onsite/$subvol" done ''; # Backup staging snapshots and explicit persistent files paths = [ - "/btrfs-subvolumes/srv-containers" - "/btrfs-subvolumes/srv-forgejo" - "/btrfs-subvolumes/srv-lighttpd" - "/btrfs-subvolumes/srv-minecraft" - "/btrfs-subvolumes/srv-opengist" + "/.staging-onsite/containers" + "/.staging-onsite/forgejo" + "/.staging-onsite/lighttpd" + "/.staging-onsite/minecraft" + "/.staging-onsite/opengist" - # Persistent files (actual storage location) - "/persist/etc/machine-id" - "/persist/etc/ssh/ssh_host_rsa_key" - "/persist/etc/ssh/ssh_host_rsa_key.pub" - "/persist/etc/ssh/ssh_host_ed25519_key" - "/persist/etc/ssh/ssh_host_ed25519_key.pub" + # Files from persist.nix (restore to /persist) + "/etc/machine-id" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" - # Persistent directories (actual storage location) - "/persist/var/lib/bluetooth" - "/persist/var/lib/nixos" - "/persist/var/lib/private" - "/persist/etc/NetworkManager/system-connections" + # Directories from persist.nix (restore to /persist) + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/private" + "/etc/NetworkManager/system-connections" ]; - postHook = let - subvolumes = [ - "srv-containers" - "srv-forgejo" - "srv-lighttpd" - "srv-minecraft" - "srv-opengist" - ]; - in /* sh */ '' - # Clean up snapshots after successful backup - for subvol in ${toString subvolumes}; do + # Remove staging snapshots after backup completes + postHook = '' + for subvol in containers forgejo lighttpd minecraft opengist; do ${pkgs.btrfs-progs}/bin/btrfs subvolume delete \ - "/btrfs-subvolumes/$subvol" + "/.staging-onsite/$subvol" done '';