services.duplyBackup.enable = true;
services.duplyBackup.profiles.oldies.rootDir = "/var/lib/oldies";
+ secrets.keys = [
+ {
+ dest = "rsync_backup/identity";
+ user = "root";
+ group = "root";
+ permissions = "0400";
+ text = config.myEnv.rsync_backup.ssh_key.private;
+ }
+ ];
+ programs.ssh.knownHosts.dilion = {
+ hostNames = ["dilion.immae.eu"];
+ publicKey = let
+ profile = config.myEnv.rsync_backup.profiles.dilion;
+ in
+ "${profile.host_key_type} ${profile.host_key}";
+ };
+
deployment = {
targetEnv = "hetzner";
hetzner = {
systemCronJobs = [
''
# The star after /var/lib/* avoids deleting all folders in case of problem
- 0 3,9,15,21 * * * root rsync -e "ssh -i /root/.ssh/id_charon_vpn" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* immae@immae.eu: > /dev/null
+ 0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -g "immae.eu.*Recipient address rejected"
''
];
# database servers. You should change this only after NixOS release
# notes say you should.
# https://nixos.org/nixos/manual/release-notes.html
- system.stateVersion = "19.03"; # Did you read the comment?
+ system.stateVersion = "20.03"; # Did you read the comment?
}