Migrate to borg backup

[perso/Immae/Config/Nix.git] / systems / eldiron / base.nix

diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix
index cda518edfeb6e82da6f643cd25c77ef4c235509d..5308ddba1e62fa911dc33dfba41c40fdede9f371 100644 (file)
--- a/systems/eldiron/base.nix
+++ b/systems/eldiron/base.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, php, name, secrets, ... }:
+{ config, pkgs, lib, ports, name, secrets, ... }:
 {
   # ssh-keyscan eldiron | nix-shell -p ssh-to-age --run ssh-to-age
   secrets.ageKeys = [ "age1dxr5lhvtnjssfaqpnf6qx80h8gfwkxg3tdf35m6n9wljmk7wadfs3kmahj" ];
@@ -28,9 +28,7 @@
     "nodejs-16.20.2" # for landing page building
   ];
 
-  nixpkgs.overlays = [
-    php.overlays.php
-  ];
+  nixpkgs.overlays = builtins.attrValues ports.overlays;
   powerManagement.cpuFreqGovernor = "powersave";
 
   security.acme.certs."${name}".postRun = builtins.concatStringsSep "\n" [
@@ -120,6 +118,7 @@
     ./buildbot
     ./coturn.nix
     ./dns.nix
+    ./borg_backup.nix
     ./duply_backup.nix
     ./gemini
     ./gitolite
@@ -134,6 +133,19 @@
     ./vpn
   ];
 
+  services.borgBackup.enable = true;
+  services.borgBackup.profiles.global = {
+    bucket = "global";
+    hash = false;
+    remotes = [ "attilax" ];
+    ignoredPaths = [
+      "udev"
+      "portables"
+      "machines"
+      "nixos"
+      "nixos-containers"
+    ];
+  };
   myServices.buildbot.enable = true;
   myServices.databases.enable = true;
   myServices.gitolite.enable = true;
@@ -165,12 +177,6 @@
     };
   };
 
-  services.netdata.enable = true;
-  services.netdata.config.global."memory mode" = "none";
-  services.netdata.config.health."enabled" = "no";
-  services.netdata.config.web.mode = "none";
-  users.users."${config.services.netdata.user}".extraGroups = [ "keys" ];
-  services.netdata.configDir."stream.conf" = config.secrets.fullPaths."netdata-stream.conf";
   secrets.keys = {
     "ldap/pam_pgsql" = {
       user = "root";
@@ -183,22 +189,11 @@
         table = ldap_users
         user_column = login
         pw_type = function
-        auth_query = SELECT (mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
+        auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
         #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u
       '';
     };
 
-    "netdata-stream.conf" = {
-      user = config.services.netdata.user;
-      group = config.services.netdata.group;
-      permissions = "0400";
-      text = ''
-        [stream]
-            enabled = yes
-            destination = ${config.myEnv.monitoring.netdata_aggregator}
-            api key = ${config.myEnv.monitoring.netdata_keys.eldiron}
-      '';
-    };
     "zrepl_backup/identity" = {
       user = "root";
       group = "root";