jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jasmine:15b4851e8e848ef6bcda5f07eda8eaae2c72e532
Branches Tags
jasmine:master
..
compare: jasmine:2c286d65fb0b5885f33c4d89ba814d0ec0ef218b
Branches Tags
jasmine:master

No commits in common. "15b4851e8e848ef6bcda5f07eda8eaae2c72e532" and "2c286d65fb0b5885f33c4d89ba814d0ec0ef218b" have entirely different histories.
15b4851e8e ... 2c286d65fb

4 changed files with 122 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

71
nixos/fuchsia/services/borgbackup/offsite.nix
View file

@ -10,63 +10,54 @@
# Create staging directory before borg service starts
systemd.tmpfiles.rules = [
"d /btrfs-subvolumes 0755 root root -"
"d /.staging-offsite 0755 root root -"
];
# Wait for onsite backup to complete before starting offsite
systemd.services."borgbackup-job-offsite" = {
after = ["borgbackup-job-onsite.service"];
};
services.borgbackup.jobs."offsite" = {
# Allow writing to staging directory
readWritePaths = [ "/btrfs-subvolumes" ];
readWritePaths = [ "/.staging-offsite" ];
preHook = /* sh */ ''
# Clean up orphaned snapshots from failed runs (crash/power loss)
[ -d "/btrfs-subvolumes/hm-sajenim" ] && \
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/hm-sajenim" 2>/dev/null || true
# Create read-only BTRFS snapshot for backup
# Create staging snapshots before backup (independent from onsite)
preHook = ''
# Create read-only staging snapshots for home directory
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \
"/home/sajenim" "/btrfs-subvolumes/hm-sajenim"
"/home/sajenim" "/.staging-offsite/home"
'';
# Backup explicit home directories and persistent files
paths = [
# Home directories (valuable user data only)
"/btrfs-subvolumes/hm-sajenim/Documents"
"/btrfs-subvolumes/hm-sajenim/Pictures"
"/btrfs-subvolumes/hm-sajenim/Videos"
"/btrfs-subvolumes/hm-sajenim/Music"
"/btrfs-subvolumes/hm-sajenim/Downloads"
"/btrfs-subvolumes/hm-sajenim/Academics"
"/btrfs-subvolumes/hm-sajenim/Notes"
"/btrfs-subvolumes/hm-sajenim/Library"
"/.staging-offsite/home/Documents"
"/.staging-offsite/home/Pictures"
"/.staging-offsite/home/Videos"
"/.staging-offsite/home/Music"
"/.staging-offsite/home/Downloads"
"/.staging-offsite/home/Academics"
"/.staging-offsite/home/Notes"
"/.staging-offsite/home/Library"
# Dotfiles (critical user configuration)
"/btrfs-subvolumes/hm-sajenim/.ssh"
"/btrfs-subvolumes/hm-sajenim/.gnupg"
"/.staging-offsite/home/.ssh"
"/.staging-offsite/home/.gnupg"
# Persistent files (actual storage location)
"/persist/etc/machine-id"
"/persist/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_rsa_key.pub"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_ed25519_key.pub"
# Files from persist.nix (restore to /persist)
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
# Persistent directories (actual storage location)
"/persist/var/lib/bluetooth"
"/persist/var/lib/nixos"
"/persist/var/lib/private"
"/persist/etc/NetworkManager/system-connections"
# Directories from persist.nix (restore to /persist)
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/private"
"/etc/NetworkManager/system-connections"
];
postHook = /* sh */ ''
# Clean up snapshots after successful backup
# Remove staging snapshots after backup completes
postHook = ''
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/hm-sajenim"
"/.staging-offsite/home"
'';
# Remote repository configuration
@ -79,7 +70,7 @@
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
compression = "zstd,9";
startAt = "*-*-* 00:15:00"; # Daily at 12:15 AM
startAt = "daily";
# Ensure backup runs on next boot if system was asleep
persistentTimer = true;

64
nixos/fuchsia/services/borgbackup/onsite.nix
View file

@ -8,58 +8,54 @@ in {
# Create staging directory before borg service starts
systemd.tmpfiles.rules = [
"d /btrfs-subvolumes 0755 root root -"
"d /.staging-onsite 0755 root root -"
];
services.borgbackup.jobs."onsite" = {
# Allow writing to staging directory
readWritePaths = [ "/btrfs-subvolumes" ];
readWritePaths = [ "/.staging-onsite" ];
preHook = /* sh */ ''
# Clean up orphaned snapshots from failed runs (crash/power loss)
[ -d "/btrfs-subvolumes/hm-sajenim" ] && \
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/hm-sajenim" 2>/dev/null || true
# Create read-only BTRFS snapshot for backup
# Create staging snapshots before backup (independent from offsite)
preHook = ''
# Create read-only staging snapshots for home directory
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \
"/home/sajenim" "/btrfs-subvolumes/hm-sajenim"
"/home/sajenim" "/.staging-onsite/home"
'';
# Backup explicit home directories and persistent files
paths = [
# Home directories (valuable user data only)
"/btrfs-subvolumes/hm-sajenim/Documents"
"/btrfs-subvolumes/hm-sajenim/Pictures"
"/btrfs-subvolumes/hm-sajenim/Videos"
"/btrfs-subvolumes/hm-sajenim/Music"
"/btrfs-subvolumes/hm-sajenim/Downloads"
"/btrfs-subvolumes/hm-sajenim/Academics"
"/btrfs-subvolumes/hm-sajenim/Notes"
"/btrfs-subvolumes/hm-sajenim/Library"
"/.staging-onsite/home/Documents"
"/.staging-onsite/home/Pictures"
"/.staging-onsite/home/Videos"
"/.staging-onsite/home/Music"
"/.staging-onsite/home/Downloads"
"/.staging-onsite/home/Academics"
"/.staging-onsite/home/Notes"
"/.staging-onsite/home/Library"
# Dotfiles (critical user configuration)
"/btrfs-subvolumes/hm-sajenim/.ssh"
"/btrfs-subvolumes/hm-sajenim/.gnupg"
"/.staging-onsite/home/.ssh"
"/.staging-onsite/home/.gnupg"
# Persistent files (actual storage location)
"/persist/etc/machine-id"
"/persist/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_rsa_key.pub"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_ed25519_key.pub"
# Files from persist.nix (restore to /persist)
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
# Persistent directories (actual storage location)
"/persist/var/lib/bluetooth"
"/persist/var/lib/nixos"
"/persist/var/lib/private"
"/persist/etc/NetworkManager/system-connections"
# Directories from persist.nix (restore to /persist)
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/private"
"/etc/NetworkManager/system-connections"
];
postHook = /* sh */ ''
# Clean up snapshots after successful backup
# Remove staging snapshots after backup completes
postHook = ''
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/hm-sajenim"
"/.staging-onsite/home"
'';
# Onsite repository configuration (backup to viridian over SSH)

88
nixos/viridian/services/borgbackup/offsite.nix
View file

@ -10,81 +10,55 @@
# Create staging directory before borg service starts
systemd.tmpfiles.rules = [
"d /btrfs-subvolumes 0755 root root -"
"d /.staging-offsite 0755 root root -"
];
# Wait for onsite backup to complete before starting offsite
systemd.services."borgbackup-job-offsite" = {
after = ["borgbackup-job-onsite.service"];
};
services.borgbackup.jobs."offsite" = {
# Allow writing to staging directory
readWritePaths = [ "/btrfs-subvolumes" ];
readWritePaths = [ "/.staging-offsite" ];
preHook = let
subvolumes = [
"srv-containers"
"srv-forgejo"
"srv-lighttpd"
"srv-minecraft"
"srv-opengist"
];
in /* sh */ ''
# Clean up orphaned snapshots from failed runs (crash/power loss)
for subvol in ${toString subvolumes}; do
[ -d "/btrfs-subvolumes/$subvol" ] && \
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/$subvol" 2>/dev/null || true
done
# Create read-only BTRFS snapshots for backup
for subvol in ${toString subvolumes}; do
# Create staging snapshots before backup (independent from onsite)
preHook = ''
# Create read-only staging snapshots for each service
for subvol in containers forgejo lighttpd minecraft opengist; do
# Map config names to actual subvolume paths
case "$subvol" in
srv-containers) src="/srv/multimedia/containers" ;;
srv-*) src="/srv/''${subvol#srv-}" ;;
containers) src="/srv/multimedia/containers" ;;
*) src="/srv/$subvol" ;;
esac
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \
"$src" "/btrfs-subvolumes/$subvol"
"$src" "/.staging-offsite/$subvol"
done
'';
# Backup staging snapshots and explicit persistent files
paths = [
"/btrfs-subvolumes/srv-containers"
"/btrfs-subvolumes/srv-forgejo"
"/btrfs-subvolumes/srv-lighttpd"
"/btrfs-subvolumes/srv-minecraft"
"/btrfs-subvolumes/srv-opengist"
"/.staging-offsite/containers"
"/.staging-offsite/forgejo"
"/.staging-offsite/lighttpd"
"/.staging-offsite/minecraft"
"/.staging-offsite/opengist"
# Persistent files (actual storage location)
"/persist/etc/machine-id"
"/persist/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_rsa_key.pub"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_ed25519_key.pub"
# Files from persist.nix (restore to /persist)
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
# Persistent directories (actual storage location)
"/persist/var/lib/bluetooth"
"/persist/var/lib/nixos"
"/persist/var/lib/private"
"/persist/etc/NetworkManager/system-connections"
# Directories from persist.nix (restore to /persist)
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/private"
"/etc/NetworkManager/system-connections"
];
postHook = let
subvolumes = [
"srv-containers"
"srv-forgejo"
"srv-lighttpd"
"srv-minecraft"
"srv-opengist"
];
in /* sh */ ''
# Clean up snapshots after successful backup
for subvol in ${toString subvolumes}; do
# Remove staging snapshots after backup completes
postHook = ''
for subvol in containers forgejo lighttpd minecraft opengist; do
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/$subvol"
"/.staging-offsite/$subvol"
done
'';
@ -98,7 +72,7 @@
environment.BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
compression = "zstd,9";
startAt = "*-*-* 00:15:00"; # Daily at 12:15 AM
startAt = "daily";
# Ensure backup runs on next boot if system was asleep
persistentTimer = true;

81
nixos/viridian/services/borgbackup/onsite.nix
View file

@ -17,76 +17,55 @@ in {
# Create staging directory before borg service starts
systemd.tmpfiles.rules = [
"d /btrfs-subvolumes 0755 root root -"
"d /.staging-onsite 0755 root root -"
];
services.borgbackup.jobs."onsite" = {
# Allow writing to staging directory
readWritePaths = [ "/btrfs-subvolumes" ];
readWritePaths = [ "/.staging-onsite" ];
preHook = let
subvolumes = [
"srv-containers"
"srv-forgejo"
"srv-lighttpd"
"srv-minecraft"
"srv-opengist"
];
in /* sh */ ''
# Clean up orphaned snapshots from failed runs (crash/power loss)
for subvol in ${toString subvolumes}; do
[ -d "/btrfs-subvolumes/$subvol" ] && \
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/$subvol" 2>/dev/null || true
done
# Create read-only BTRFS snapshots for backup
for subvol in ${toString subvolumes}; do
# Create staging snapshots before backup (independent from offsite)
preHook = ''
# Create read-only staging snapshots for each service
for subvol in containers forgejo lighttpd minecraft opengist; do
# Map config names to actual subvolume paths
case "$subvol" in
srv-containers) src="/srv/multimedia/containers" ;;
srv-*) src="/srv/''${subvol#srv-}" ;;
containers) src="/srv/multimedia/containers" ;;
*) src="/srv/$subvol" ;;
esac
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r \
"$src" "/btrfs-subvolumes/$subvol"
"$src" "/.staging-onsite/$subvol"
done
'';
# Backup staging snapshots and explicit persistent files
paths = [
"/btrfs-subvolumes/srv-containers"
"/btrfs-subvolumes/srv-forgejo"
"/btrfs-subvolumes/srv-lighttpd"
"/btrfs-subvolumes/srv-minecraft"
"/btrfs-subvolumes/srv-opengist"
"/.staging-onsite/containers"
"/.staging-onsite/forgejo"
"/.staging-onsite/lighttpd"
"/.staging-onsite/minecraft"
"/.staging-onsite/opengist"
# Persistent files (actual storage location)
"/persist/etc/machine-id"
"/persist/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_rsa_key.pub"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_ed25519_key.pub"
# Files from persist.nix (restore to /persist)
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
# Persistent directories (actual storage location)
"/persist/var/lib/bluetooth"
"/persist/var/lib/nixos"
"/persist/var/lib/private"
"/persist/etc/NetworkManager/system-connections"
# Directories from persist.nix (restore to /persist)
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/private"
"/etc/NetworkManager/system-connections"
];
postHook = let
subvolumes = [
"srv-containers"
"srv-forgejo"
"srv-lighttpd"
"srv-minecraft"
"srv-opengist"
];
in /* sh */ ''
# Clean up snapshots after successful backup
for subvol in ${toString subvolumes}; do
# Remove staging snapshots after backup completes
postHook = ''
for subvol in containers forgejo lighttpd minecraft opengist; do
${pkgs.btrfs-progs}/bin/btrfs subvolume delete \
"/btrfs-subvolumes/$subvol"
"/.staging-onsite/$subvol"
done
'';