aboutsummaryrefslogtreecommitdiff
path: root/systems
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2025-03-14 00:33:59 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2025-03-14 01:06:18 +0100
commit3556fca8370666371de613e6221d407bc553c902 (patch)
treebeb10e4ab40078295d2d45566e48b9aa6e86616a /systems
parent70952c48b9895d587dd7f548e0bdb56d0a02818a (diff)
downloadNix-3556fca8370666371de613e6221d407bc553c902.tar.gz
Nix-3556fca8370666371de613e6221d407bc553c902.tar.zst
Nix-3556fca8370666371de613e6221d407bc553c902.zip
Zrepl config with raspi
Diffstat (limited to 'systems')
-rw-r--r--systems/backup-2/flake.lock30
-rw-r--r--systems/dilion/base.nix76
-rw-r--r--systems/dilion/flake.lock10
-rw-r--r--systems/eldiron/base.nix21
-rw-r--r--systems/eldiron/flake.lock30
-rw-r--r--systems/monitoring-1/flake.lock18
-rw-r--r--systems/quatresaisons/flake.lock10
-rw-r--r--systems/zoldene/base.nix49
-rw-r--r--systems/zoldene/flake.lock10
9 files changed, 156 insertions, 98 deletions
diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock
index baf7dcd..e5c2344 100644
--- a/systems/backup-2/flake.lock
+++ b/systems/backup-2/flake.lock
@@ -23,7 +23,7 @@
23 }, 23 },
24 "locked": { 24 "locked": {
25 "lastModified": 1, 25 "lastModified": 1,
26 "narHash": "sha256-upyulh3TzmYvV0Qn3uybOlG6sVzywk5SCm766k/cuqQ=", 26 "narHash": "sha256-goXqWjXmM+5kv7uJ0Q0UI9Oj+Jsec2JmhOvyYxcq3sQ=",
27 "path": "../../flakes/private/borg_backup", 27 "path": "../../flakes/private/borg_backup",
28 "type": "path" 28 "type": "path"
29 }, 29 },
@@ -38,7 +38,7 @@
38 }, 38 },
39 "locked": { 39 "locked": {
40 "lastModified": 1, 40 "lastModified": 1,
41 "narHash": "sha256-meNl7Q9u50ot5ouEIOEqjq1m/1+gwipQcTtT3hI93kU=", 41 "narHash": "sha256-m6hlfSiLmyu+MARFhvVufx0Mj0TLNnYdmAcNss/mKVY=",
42 "path": "../../flakes/private/chatons", 42 "path": "../../flakes/private/chatons",
43 "type": "path" 43 "type": "path"
44 }, 44 },
@@ -90,7 +90,7 @@
90 "environment": { 90 "environment": {
91 "locked": { 91 "locked": {
92 "lastModified": 1, 92 "lastModified": 1,
93 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 93 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
94 "path": "../environment", 94 "path": "../environment",
95 "type": "path" 95 "type": "path"
96 }, 96 },
@@ -102,7 +102,7 @@
102 "environment_2": { 102 "environment_2": {
103 "locked": { 103 "locked": {
104 "lastModified": 1, 104 "lastModified": 1,
105 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 105 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
106 "path": "../environment", 106 "path": "../environment",
107 "type": "path" 107 "type": "path"
108 }, 108 },
@@ -114,7 +114,7 @@
114 "environment_3": { 114 "environment_3": {
115 "locked": { 115 "locked": {
116 "lastModified": 1, 116 "lastModified": 1,
117 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 117 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
118 "path": "../../flakes/private/environment", 118 "path": "../../flakes/private/environment",
119 "type": "path" 119 "type": "path"
120 }, 120 },
@@ -126,7 +126,7 @@
126 "environment_4": { 126 "environment_4": {
127 "locked": { 127 "locked": {
128 "lastModified": 1, 128 "lastModified": 1,
129 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 129 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
130 "path": "../environment", 130 "path": "../environment",
131 "type": "path" 131 "type": "path"
132 }, 132 },
@@ -138,7 +138,7 @@
138 "environment_5": { 138 "environment_5": {
139 "locked": { 139 "locked": {
140 "lastModified": 1, 140 "lastModified": 1,
141 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 141 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
142 "path": "../environment", 142 "path": "../environment",
143 "type": "path" 143 "type": "path"
144 }, 144 },
@@ -150,7 +150,7 @@
150 "environment_6": { 150 "environment_6": {
151 "locked": { 151 "locked": {
152 "lastModified": 1, 152 "lastModified": 1,
153 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 153 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
154 "path": "../environment", 154 "path": "../environment",
155 "type": "path" 155 "type": "path"
156 }, 156 },
@@ -162,7 +162,7 @@
162 "environment_7": { 162 "environment_7": {
163 "locked": { 163 "locked": {
164 "lastModified": 1, 164 "lastModified": 1,
165 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 165 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
166 "path": "../environment", 166 "path": "../environment",
167 "type": "path" 167 "type": "path"
168 }, 168 },
@@ -174,7 +174,7 @@
174 "environment_8": { 174 "environment_8": {
175 "locked": { 175 "locked": {
176 "lastModified": 1, 176 "lastModified": 1,
177 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 177 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
178 "path": "../environment", 178 "path": "../environment",
179 "type": "path" 179 "type": "path"
180 }, 180 },
@@ -380,7 +380,7 @@
380 }, 380 },
381 "locked": { 381 "locked": {
382 "lastModified": 1, 382 "lastModified": 1,
383 "narHash": "sha256-GgBpSALmb4F2Q8gU2A8tv+gU4xjiYHj8SnNJksYRhRw=", 383 "narHash": "sha256-97QRfLMvzWXvLOqbvKo/xS1MhpXoCsq3qVJeMKxISXk=",
384 "path": "../../flakes/private/mail-relay", 384 "path": "../../flakes/private/mail-relay",
385 "type": "path" 385 "type": "path"
386 }, 386 },
@@ -399,7 +399,7 @@
399 }, 399 },
400 "locked": { 400 "locked": {
401 "lastModified": 1, 401 "lastModified": 1,
402 "narHash": "sha256-/Z5S7urMiCclBt3znFcTCz6fzTpO0OnPI2cjhdtCoTM=", 402 "narHash": "sha256-3bGwQe6FfhbrzAmmaQN9LBjJ3hT+vTNL+I5ZkI972hw=",
403 "path": "../../flakes/private/milters", 403 "path": "../../flakes/private/milters",
404 "type": "path" 404 "type": "path"
405 }, 405 },
@@ -417,7 +417,7 @@
417 }, 417 },
418 "locked": { 418 "locked": {
419 "lastModified": 1, 419 "lastModified": 1,
420 "narHash": "sha256-UtTwF1ni+Qy4n65KjH2WLtb263VIf7fnvVWExxSMR6U=", 420 "narHash": "sha256-7tqKXf2kdZ2wIEQTJud7gdN+/eOkXxeQeT03KwmfTwQ=",
421 "path": "../../flakes/private/monitoring", 421 "path": "../../flakes/private/monitoring",
422 "type": "path" 422 "type": "path"
423 }, 423 },
@@ -953,7 +953,7 @@
953 }, 953 },
954 "locked": { 954 "locked": {
955 "lastModified": 1, 955 "lastModified": 1,
956 "narHash": "sha256-zNGorC75RMSwM35XiKvf8i9/PatepjxmgW7AAkhfHTc=", 956 "narHash": "sha256-aFk+jktObN2sAh1pcgfaf3PH0LGaq8IkK9NlKUSTjoA=",
957 "path": "../../flakes/private/opendmarc", 957 "path": "../../flakes/private/opendmarc",
958 "type": "path" 958 "type": "path"
959 }, 959 },
@@ -1145,7 +1145,7 @@
1145 }, 1145 },
1146 "locked": { 1146 "locked": {
1147 "lastModified": 1, 1147 "lastModified": 1,
1148 "narHash": "sha256-InNiobFoX6ugM50G4xuWHJrFjqkRTXixxvTjj69wfuw=", 1148 "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
1149 "path": "../../flakes/private/system", 1149 "path": "../../flakes/private/system",
1150 "type": "path" 1150 "type": "path"
1151 }, 1151 },
diff --git a/systems/dilion/base.nix b/systems/dilion/base.nix
index b47d928..05593aa 100644
--- a/systems/dilion/base.nix
+++ b/systems/dilion/base.nix
@@ -230,6 +230,7 @@
230 230
231 systemd.services.zrepl.serviceConfig.User = "backup"; 231 systemd.services.zrepl.serviceConfig.User = "backup";
232 systemd.services.zrepl.path = [ pkgs.openssh ]; 232 systemd.services.zrepl.path = [ pkgs.openssh ];
233 systemd.services.zrepl.unitConfig.After = lib.mkForce [ "wg-quick-wg0.service" "zfs.target" ];
233 # pour eldiron: 234 # pour eldiron:
234 # zfs allow backup create,mount,receive,destroy,rename,snapshot,hold,bookmark,release zpool/backup 235 # zfs allow backup create,mount,receive,destroy,rename,snapshot,hold,bookmark,release zpool/backup
235 # pour flony: 236 # pour flony:
@@ -242,44 +243,69 @@
242 jobs = [ 243 jobs = [
243 { 244 {
244 type = "sink"; 245 type = "sink";
245 # must not change 246 name = "backup-from-immae-eu";
246 name = "backup-from-eldiron";
247 root_fs = "zpool/backup"; 247 root_fs = "zpool/backup";
248 serve.type = "tls"; 248 serve.type = "tls";
249 serve.listen = ":19000"; 249 serve.listen = "192.168.1.8:19000";
250 serve.ca = config.secrets.fullPaths."zrepl/certificates/eldiron.crt"; 250 serve.ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
251 serve.cert = config.secrets.fullPaths."zrepl/certificates/dilion.crt"; 251 serve.cert = config.secrets.fullPaths."zrepl/certificates/dilion.crt";
252 serve.key = config.secrets.fullPaths."zrepl/dilion.key"; 252 serve.key = config.secrets.fullPaths."zrepl/dilion.key";
253 serve.client_cns = [ "eldiron" ]; 253 serve.client_cns = [ "eldiron" ];
254 } 254 }
255 { 255 {
256 type = "source"; 256 type = "push";
257 # must not change 257 # must not change
258 name = "backup-to-wd-zpool"; 258 name = "backup-to-raspi-encrypted";
259 # not encrypted!
260 serve.type = "tls";
261 serve.listen = ":19001";
262 serve.ca = config.secrets.fullPaths."zrepl/certificates/flony.crt";
263 serve.cert = config.secrets.fullPaths."zrepl/certificates/dilion.crt";
264 serve.key = config.secrets.fullPaths."zrepl/dilion.key";
265 serve.client_cns = [ "flony" ];
266 filesystems."zpool/libvirt<" = true;
267 filesystems."zpool/root<" = true; 259 filesystems."zpool/root<" = true;
268 snapshotting.type = "manual"; 260 filesystems."zpool/root/tmp" = false;
261 connect = {
262 address = "192.168.44.101:19025";
263 type = "tls";
264 server_cn = "raspi";
265 ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
266 cert = config.secrets.fullPaths."zrepl/certificates/dilion.crt";
267 key = config.secrets.fullPaths."zrepl/dilion.key";
268 };
269 send.encrypted = true;
270 snapshotting = {
271 type = "cron";
272 prefix = "raspi_zrepl_";
273 cron = "30 1 * * *"; # Europe/Paris
274 };
275 pruning.keep_sender = [
276 { type = "regex"; negate = true; regex = "^raspi_zrepl_.*"; }
277 { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
278 ];
279 pruning.keep_receiver = [
280 { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
281 ];
269 } 282 }
270 { 283 {
271 type = "source"; 284 type = "push";
272 # must not change 285 # must not change
273 name = "backup-to-wd-zpool-docker"; 286 name = "backup-to-raspi-clear";
274 # not encrypted!
275 serve.type = "tls";
276 serve.listen = ":19002";
277 serve.ca = config.secrets.fullPaths."zrepl/certificates/flony.crt";
278 serve.cert = config.secrets.fullPaths."zrepl/certificates/dilion.crt";
279 serve.key = config.secrets.fullPaths."zrepl/dilion.key";
280 serve.client_cns = [ "flony" ];
281 filesystems."zpool/docker<" = true; 287 filesystems."zpool/docker<" = true;
282 snapshotting.type = "manual"; 288 filesystems."zpool/libvirt<" = true;
289 connect = {
290 address = "192.168.44.101:19025";
291 type = "tls";
292 server_cn = "raspi";
293 ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
294 cert = config.secrets.fullPaths."zrepl/certificates/dilion.crt";
295 key = config.secrets.fullPaths."zrepl/dilion.key";
296 };
297 snapshotting = {
298 type = "cron";
299 prefix = "raspi_zrepl_";
300 cron = "0 1 * * *"; # Europe/Paris
301 };
302 pruning.keep_sender = [
303 { type = "regex"; negate = true; regex = "^raspi_zrepl_.*"; }
304 { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
305 ];
306 pruning.keep_receiver = [
307 { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
308 ];
283 } 309 }
284 ]; 310 ];
285 }; 311 };
diff --git a/systems/dilion/flake.lock b/systems/dilion/flake.lock
index 71557c0..0a03786 100644
--- a/systems/dilion/flake.lock
+++ b/systems/dilion/flake.lock
@@ -59,7 +59,7 @@
59 "environment": { 59 "environment": {
60 "locked": { 60 "locked": {
61 "lastModified": 1, 61 "lastModified": 1,
62 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 62 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
63 "path": "../../flakes/private/environment", 63 "path": "../../flakes/private/environment",
64 "type": "path" 64 "type": "path"
65 }, 65 },
@@ -71,7 +71,7 @@
71 "environment_2": { 71 "environment_2": {
72 "locked": { 72 "locked": {
73 "lastModified": 1, 73 "lastModified": 1,
74 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 74 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
75 "path": "../environment", 75 "path": "../environment",
76 "type": "path" 76 "type": "path"
77 }, 77 },
@@ -83,7 +83,7 @@
83 "environment_3": { 83 "environment_3": {
84 "locked": { 84 "locked": {
85 "lastModified": 1, 85 "lastModified": 1,
86 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 86 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
87 "path": "../environment", 87 "path": "../environment",
88 "type": "path" 88 "type": "path"
89 }, 89 },
@@ -207,7 +207,7 @@
207 }, 207 },
208 "locked": { 208 "locked": {
209 "lastModified": 1, 209 "lastModified": 1,
210 "narHash": "sha256-UtTwF1ni+Qy4n65KjH2WLtb263VIf7fnvVWExxSMR6U=", 210 "narHash": "sha256-7tqKXf2kdZ2wIEQTJud7gdN+/eOkXxeQeT03KwmfTwQ=",
211 "path": "../../flakes/private/monitoring", 211 "path": "../../flakes/private/monitoring",
212 "type": "path" 212 "type": "path"
213 }, 213 },
@@ -599,7 +599,7 @@
599 }, 599 },
600 "locked": { 600 "locked": {
601 "lastModified": 1, 601 "lastModified": 1,
602 "narHash": "sha256-InNiobFoX6ugM50G4xuWHJrFjqkRTXixxvTjj69wfuw=", 602 "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
603 "path": "../../flakes/private/system", 603 "path": "../../flakes/private/system",
604 "type": "path" 604 "type": "path"
605 }, 605 },
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix
index 3213e70..a183f52 100644
--- a/systems/eldiron/base.nix
+++ b/systems/eldiron/base.nix
@@ -266,10 +266,10 @@
266 filesystems."zpool/root/etc" = true; 266 filesystems."zpool/root/etc" = true;
267 filesystems."zpool/root/var<" = true; 267 filesystems."zpool/root/var<" = true;
268 connect = { 268 connect = {
269 address = "dilion.immae.eu:19000"; 269 address = "wg-dilion:19000";
270 type = "tls"; 270 type = "tls";
271 server_cn = "dilion"; 271 server_cn = "dilion";
272 ca = config.secrets.fullPaths."zrepl/certificates/dilion.crt"; 272 ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
273 cert = config.secrets.fullPaths."zrepl/certificates/eldiron.crt"; 273 cert = config.secrets.fullPaths."zrepl/certificates/eldiron.crt";
274 key = config.secrets.fullPaths."zrepl/eldiron.key"; 274 key = config.secrets.fullPaths."zrepl/eldiron.key";
275 }; 275 };
@@ -304,23 +304,6 @@
304 { type = "grid"; grid = "6x4h | 7x1d | 4x7d | 6x30d"; regex = "^zrepl_.*"; } 304 { type = "grid"; grid = "6x4h | 7x1d | 4x7d | 6x30d"; regex = "^zrepl_.*"; }
305 ]; 305 ];
306 } 306 }
307 {
308 type = "source";
309 # must not change
310 name = "backup-to-wd-zpool";
311 serve.type = "tls";
312 serve.listen = ":${builtins.toString config.myEnv.ports.zrepl_flony}";
313 serve.ca = config.secrets.fullPaths."zrepl/certificates/flony.crt";
314 serve.cert = config.secrets.fullPaths."zrepl/certificates/eldiron.crt";
315 serve.key = config.secrets.fullPaths."zrepl/eldiron.key";
316 serve.client_cns = [ "flony" ];
317 filesystems."zpool/root" = true;
318 filesystems."zpool/root/etc" = true;
319 filesystems."zpool/root/var<" = true;
320 filesystems."zfast/root/var<" = true;
321 send.encrypted = true;
322 snapshotting.type = "manual";
323 }
324 ]; 307 ];
325 }; 308 };
326 }; 309 };
diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock
index 599cdf2..9ee7afe 100644
--- a/systems/eldiron/flake.lock
+++ b/systems/eldiron/flake.lock
@@ -129,7 +129,7 @@
129 "environment": { 129 "environment": {
130 "locked": { 130 "locked": {
131 "lastModified": 1, 131 "lastModified": 1,
132 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 132 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
133 "path": "../environment", 133 "path": "../environment",
134 "type": "path" 134 "type": "path"
135 }, 135 },
@@ -141,7 +141,7 @@
141 "environment_2": { 141 "environment_2": {
142 "locked": { 142 "locked": {
143 "lastModified": 1, 143 "lastModified": 1,
144 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 144 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
145 "path": "../environment", 145 "path": "../environment",
146 "type": "path" 146 "type": "path"
147 }, 147 },
@@ -153,7 +153,7 @@
153 "environment_3": { 153 "environment_3": {
154 "locked": { 154 "locked": {
155 "lastModified": 1, 155 "lastModified": 1,
156 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 156 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
157 "path": "../environment", 157 "path": "../environment",
158 "type": "path" 158 "type": "path"
159 }, 159 },
@@ -165,7 +165,7 @@
165 "environment_4": { 165 "environment_4": {
166 "locked": { 166 "locked": {
167 "lastModified": 1, 167 "lastModified": 1,
168 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 168 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
169 "path": "../environment", 169 "path": "../environment",
170 "type": "path" 170 "type": "path"
171 }, 171 },
@@ -177,7 +177,7 @@
177 "environment_5": { 177 "environment_5": {
178 "locked": { 178 "locked": {
179 "lastModified": 1, 179 "lastModified": 1,
180 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 180 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
181 "path": "../environment", 181 "path": "../environment",
182 "type": "path" 182 "type": "path"
183 }, 183 },
@@ -189,7 +189,7 @@
189 "environment_6": { 189 "environment_6": {
190 "locked": { 190 "locked": {
191 "lastModified": 1, 191 "lastModified": 1,
192 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 192 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
193 "path": "../environment", 193 "path": "../environment",
194 "type": "path" 194 "type": "path"
195 }, 195 },
@@ -201,7 +201,7 @@
201 "environment_7": { 201 "environment_7": {
202 "locked": { 202 "locked": {
203 "lastModified": 1, 203 "lastModified": 1,
204 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 204 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
205 "path": "../environment", 205 "path": "../environment",
206 "type": "path" 206 "type": "path"
207 }, 207 },
@@ -1985,7 +1985,7 @@
1985 }, 1985 },
1986 "locked": { 1986 "locked": {
1987 "lastModified": 1, 1987 "lastModified": 1,
1988 "narHash": "sha256-upyulh3TzmYvV0Qn3uybOlG6sVzywk5SCm766k/cuqQ=", 1988 "narHash": "sha256-goXqWjXmM+5kv7uJ0Q0UI9Oj+Jsec2JmhOvyYxcq3sQ=",
1989 "path": "../../flakes/private/borg_backup", 1989 "path": "../../flakes/private/borg_backup",
1990 "type": "path" 1990 "type": "path"
1991 }, 1991 },
@@ -2017,7 +2017,7 @@
2017 }, 2017 },
2018 "locked": { 2018 "locked": {
2019 "lastModified": 1, 2019 "lastModified": 1,
2020 "narHash": "sha256-meNl7Q9u50ot5ouEIOEqjq1m/1+gwipQcTtT3hI93kU=", 2020 "narHash": "sha256-m6hlfSiLmyu+MARFhvVufx0Mj0TLNnYdmAcNss/mKVY=",
2021 "path": "../../flakes/private/chatons", 2021 "path": "../../flakes/private/chatons",
2022 "type": "path" 2022 "type": "path"
2023 }, 2023 },
@@ -2029,7 +2029,7 @@
2029 "private-environment": { 2029 "private-environment": {
2030 "locked": { 2030 "locked": {
2031 "lastModified": 1, 2031 "lastModified": 1,
2032 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 2032 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
2033 "path": "../../flakes/private/environment", 2033 "path": "../../flakes/private/environment",
2034 "type": "path" 2034 "type": "path"
2035 }, 2035 },
@@ -2048,7 +2048,7 @@
2048 }, 2048 },
2049 "locked": { 2049 "locked": {
2050 "lastModified": 1, 2050 "lastModified": 1,
2051 "narHash": "sha256-/Z5S7urMiCclBt3znFcTCz6fzTpO0OnPI2cjhdtCoTM=", 2051 "narHash": "sha256-3bGwQe6FfhbrzAmmaQN9LBjJ3hT+vTNL+I5ZkI972hw=",
2052 "path": "../../flakes/private/milters", 2052 "path": "../../flakes/private/milters",
2053 "type": "path" 2053 "type": "path"
2054 }, 2054 },
@@ -2066,7 +2066,7 @@
2066 }, 2066 },
2067 "locked": { 2067 "locked": {
2068 "lastModified": 1, 2068 "lastModified": 1,
2069 "narHash": "sha256-UtTwF1ni+Qy4n65KjH2WLtb263VIf7fnvVWExxSMR6U=", 2069 "narHash": "sha256-7tqKXf2kdZ2wIEQTJud7gdN+/eOkXxeQeT03KwmfTwQ=",
2070 "path": "../../flakes/private/monitoring", 2070 "path": "../../flakes/private/monitoring",
2071 "type": "path" 2071 "type": "path"
2072 }, 2072 },
@@ -2101,7 +2101,7 @@
2101 }, 2101 },
2102 "locked": { 2102 "locked": {
2103 "lastModified": 1, 2103 "lastModified": 1,
2104 "narHash": "sha256-zNGorC75RMSwM35XiKvf8i9/PatepjxmgW7AAkhfHTc=", 2104 "narHash": "sha256-aFk+jktObN2sAh1pcgfaf3PH0LGaq8IkK9NlKUSTjoA=",
2105 "path": "../../flakes/private/opendmarc", 2105 "path": "../../flakes/private/opendmarc",
2106 "type": "path" 2106 "type": "path"
2107 }, 2107 },
@@ -2162,7 +2162,7 @@
2162 }, 2162 },
2163 "locked": { 2163 "locked": {
2164 "lastModified": 1, 2164 "lastModified": 1,
2165 "narHash": "sha256-jZn/LajHvVlJetDQioFezOsVrO92HjitxuD5MAPlUvo=", 2165 "narHash": "sha256-VjQgn4V81UeSO6ggkLt7xq22rV3NFCbUjzHkSNRtd0U=",
2166 "path": "../../flakes/private/ssh", 2166 "path": "../../flakes/private/ssh",
2167 "type": "path" 2167 "type": "path"
2168 }, 2168 },
@@ -2181,7 +2181,7 @@
2181 }, 2181 },
2182 "locked": { 2182 "locked": {
2183 "lastModified": 1, 2183 "lastModified": 1,
2184 "narHash": "sha256-InNiobFoX6ugM50G4xuWHJrFjqkRTXixxvTjj69wfuw=", 2184 "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
2185 "path": "../../flakes/private/system", 2185 "path": "../../flakes/private/system",
2186 "type": "path" 2186 "type": "path"
2187 }, 2187 },
diff --git a/systems/monitoring-1/flake.lock b/systems/monitoring-1/flake.lock
index dd2a52e..0c8e29d 100644
--- a/systems/monitoring-1/flake.lock
+++ b/systems/monitoring-1/flake.lock
@@ -22,7 +22,7 @@
22 }, 22 },
23 "locked": { 23 "locked": {
24 "lastModified": 1, 24 "lastModified": 1,
25 "narHash": "sha256-meNl7Q9u50ot5ouEIOEqjq1m/1+gwipQcTtT3hI93kU=", 25 "narHash": "sha256-m6hlfSiLmyu+MARFhvVufx0Mj0TLNnYdmAcNss/mKVY=",
26 "path": "../../flakes/private/chatons", 26 "path": "../../flakes/private/chatons",
27 "type": "path" 27 "type": "path"
28 }, 28 },
@@ -74,7 +74,7 @@
74 "environment": { 74 "environment": {
75 "locked": { 75 "locked": {
76 "lastModified": 1, 76 "lastModified": 1,
77 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 77 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
78 "path": "../environment", 78 "path": "../environment",
79 "type": "path" 79 "type": "path"
80 }, 80 },
@@ -86,7 +86,7 @@
86 "environment_2": { 86 "environment_2": {
87 "locked": { 87 "locked": {
88 "lastModified": 1, 88 "lastModified": 1,
89 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 89 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
90 "path": "../../flakes/private/environment", 90 "path": "../../flakes/private/environment",
91 "type": "path" 91 "type": "path"
92 }, 92 },
@@ -98,7 +98,7 @@
98 "environment_3": { 98 "environment_3": {
99 "locked": { 99 "locked": {
100 "lastModified": 1, 100 "lastModified": 1,
101 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 101 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
102 "path": "../environment", 102 "path": "../environment",
103 "type": "path" 103 "type": "path"
104 }, 104 },
@@ -110,7 +110,7 @@
110 "environment_4": { 110 "environment_4": {
111 "locked": { 111 "locked": {
112 "lastModified": 1, 112 "lastModified": 1,
113 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 113 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
114 "path": "../environment", 114 "path": "../environment",
115 "type": "path" 115 "type": "path"
116 }, 116 },
@@ -122,7 +122,7 @@
122 "environment_5": { 122 "environment_5": {
123 "locked": { 123 "locked": {
124 "lastModified": 1, 124 "lastModified": 1,
125 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 125 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
126 "path": "../environment", 126 "path": "../environment",
127 "type": "path" 127 "type": "path"
128 }, 128 },
@@ -259,7 +259,7 @@
259 }, 259 },
260 "locked": { 260 "locked": {
261 "lastModified": 1, 261 "lastModified": 1,
262 "narHash": "sha256-GgBpSALmb4F2Q8gU2A8tv+gU4xjiYHj8SnNJksYRhRw=", 262 "narHash": "sha256-97QRfLMvzWXvLOqbvKo/xS1MhpXoCsq3qVJeMKxISXk=",
263 "path": "../../flakes/private/mail-relay", 263 "path": "../../flakes/private/mail-relay",
264 "type": "path" 264 "type": "path"
265 }, 265 },
@@ -277,7 +277,7 @@
277 }, 277 },
278 "locked": { 278 "locked": {
279 "lastModified": 1, 279 "lastModified": 1,
280 "narHash": "sha256-UtTwF1ni+Qy4n65KjH2WLtb263VIf7fnvVWExxSMR6U=", 280 "narHash": "sha256-7tqKXf2kdZ2wIEQTJud7gdN+/eOkXxeQeT03KwmfTwQ=",
281 "path": "../../flakes/private/monitoring", 281 "path": "../../flakes/private/monitoring",
282 "type": "path" 282 "type": "path"
283 }, 283 },
@@ -735,7 +735,7 @@
735 }, 735 },
736 "locked": { 736 "locked": {
737 "lastModified": 1, 737 "lastModified": 1,
738 "narHash": "sha256-InNiobFoX6ugM50G4xuWHJrFjqkRTXixxvTjj69wfuw=", 738 "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
739 "path": "../../flakes/private/system", 739 "path": "../../flakes/private/system",
740 "type": "path" 740 "type": "path"
741 }, 741 },
diff --git a/systems/quatresaisons/flake.lock b/systems/quatresaisons/flake.lock
index 95e58d0..58effe3 100644
--- a/systems/quatresaisons/flake.lock
+++ b/systems/quatresaisons/flake.lock
@@ -59,7 +59,7 @@
59 "environment": { 59 "environment": {
60 "locked": { 60 "locked": {
61 "lastModified": 1, 61 "lastModified": 1,
62 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 62 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
63 "path": "../../flakes/private/environment", 63 "path": "../../flakes/private/environment",
64 "type": "path" 64 "type": "path"
65 }, 65 },
@@ -71,7 +71,7 @@
71 "environment_2": { 71 "environment_2": {
72 "locked": { 72 "locked": {
73 "lastModified": 1, 73 "lastModified": 1,
74 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 74 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
75 "path": "../environment", 75 "path": "../environment",
76 "type": "path" 76 "type": "path"
77 }, 77 },
@@ -83,7 +83,7 @@
83 "environment_3": { 83 "environment_3": {
84 "locked": { 84 "locked": {
85 "lastModified": 1, 85 "lastModified": 1,
86 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 86 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
87 "path": "../environment", 87 "path": "../environment",
88 "type": "path" 88 "type": "path"
89 }, 89 },
@@ -239,7 +239,7 @@
239 }, 239 },
240 "locked": { 240 "locked": {
241 "lastModified": 1, 241 "lastModified": 1,
242 "narHash": "sha256-UtTwF1ni+Qy4n65KjH2WLtb263VIf7fnvVWExxSMR6U=", 242 "narHash": "sha256-7tqKXf2kdZ2wIEQTJud7gdN+/eOkXxeQeT03KwmfTwQ=",
243 "path": "../../flakes/private/monitoring", 243 "path": "../../flakes/private/monitoring",
244 "type": "path" 244 "type": "path"
245 }, 245 },
@@ -712,7 +712,7 @@
712 }, 712 },
713 "locked": { 713 "locked": {
714 "lastModified": 1, 714 "lastModified": 1,
715 "narHash": "sha256-InNiobFoX6ugM50G4xuWHJrFjqkRTXixxvTjj69wfuw=", 715 "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
716 "path": "../../flakes/private/system", 716 "path": "../../flakes/private/system",
717 "type": "path" 717 "type": "path"
718 }, 718 },
diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix
index d580f99..7fc59e8 100644
--- a/systems/zoldene/base.nix
+++ b/systems/zoldene/base.nix
@@ -17,6 +17,55 @@ in
17 ./database.nix 17 ./database.nix
18 ]; 18 ];
19 19
20 secrets.keys = {
21 "zrepl/${name}.key" = {
22 permissions = "0400";
23 text = config.myEnv.zrepl_backup.certs."${name}".key;
24 user = "root";
25 group = "root";
26 };
27 } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
28 permissions = "0400";
29 text = config.myEnv.zrepl_backup.certs."${x}".certificate;
30 user = "root";
31 group = "root";
32 }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
33
34 services.zrepl = {
35 enable = true;
36 settings = {
37 jobs = [
38 {
39 type = "push";
40 # must not change
41 name = "backup-to-raspi";
42 filesystems."zfast/root/persist<" = true;
43 filesystems."zpool/root/persist<" = true;
44 connect = {
45 address = "192.168.44.101:19025";
46 type = "tls";
47 server_cn = "raspi";
48 ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
49 cert = config.secrets.fullPaths."zrepl/certificates/zoldene.crt";
50 key = config.secrets.fullPaths."zrepl/zoldene.key";
51 };
52 snapshotting = {
53 type = "cron";
54 prefix = "raspi_zrepl_";
55 cron = "35 23 * * *";
56 };
57 pruning.keep_sender = [
58 { type = "regex"; negate = true; regex = "^raspi_zrepl_.*"; }
59 { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
60 ];
61 pruning.keep_receiver = [
62 { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
63 ];
64 }
65 ];
66 };
67 };
68
20 services.borgBackup.enable = true; 69 services.borgBackup.enable = true;
21 services.borgBackup.cronSpec = "0 20 * * *"; 70 services.borgBackup.cronSpec = "0 20 * * *";
22 disko.devices.zpool.zfast.datasets."root/persist/var/lib/borgbackup" = 71 disko.devices.zpool.zfast.datasets."root/persist/var/lib/borgbackup" =
diff --git a/systems/zoldene/flake.lock b/systems/zoldene/flake.lock
index b7d4a02..158fd83 100644
--- a/systems/zoldene/flake.lock
+++ b/systems/zoldene/flake.lock
@@ -59,7 +59,7 @@
59 "environment": { 59 "environment": {
60 "locked": { 60 "locked": {
61 "lastModified": 1, 61 "lastModified": 1,
62 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 62 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
63 "path": "../environment", 63 "path": "../environment",
64 "type": "path" 64 "type": "path"
65 }, 65 },
@@ -71,7 +71,7 @@
71 "environment_2": { 71 "environment_2": {
72 "locked": { 72 "locked": {
73 "lastModified": 1, 73 "lastModified": 1,
74 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 74 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
75 "path": "../environment", 75 "path": "../environment",
76 "type": "path" 76 "type": "path"
77 }, 77 },
@@ -452,7 +452,7 @@
452 }, 452 },
453 "locked": { 453 "locked": {
454 "lastModified": 1, 454 "lastModified": 1,
455 "narHash": "sha256-upyulh3TzmYvV0Qn3uybOlG6sVzywk5SCm766k/cuqQ=", 455 "narHash": "sha256-goXqWjXmM+5kv7uJ0Q0UI9Oj+Jsec2JmhOvyYxcq3sQ=",
456 "path": "../../flakes/private/borg_backup", 456 "path": "../../flakes/private/borg_backup",
457 "type": "path" 457 "type": "path"
458 }, 458 },
@@ -464,7 +464,7 @@
464 "private-environment": { 464 "private-environment": {
465 "locked": { 465 "locked": {
466 "lastModified": 1, 466 "lastModified": 1,
467 "narHash": "sha256-TsRuohxw/zmZy1PV2kyraE9VbLULWOyad2jir8O9UbQ=", 467 "narHash": "sha256-6HzZMgW6wsSkeN87+OcMhVnWxUKFT2C9EMXvmMfxRzc=",
468 "path": "../../flakes/private/environment", 468 "path": "../../flakes/private/environment",
469 "type": "path" 469 "type": "path"
470 }, 470 },
@@ -483,7 +483,7 @@
483 }, 483 },
484 "locked": { 484 "locked": {
485 "lastModified": 1, 485 "lastModified": 1,
486 "narHash": "sha256-InNiobFoX6ugM50G4xuWHJrFjqkRTXixxvTjj69wfuw=", 486 "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
487 "path": "../../flakes/private/system", 487 "path": "../../flakes/private/system",
488 "type": "path" 488 "type": "path"
489 }, 489 },
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-15 00:10:51 +0000