Configure borg backup for zoldene

7 files changed, 67 insertions, 4 deletions

diff --git a/systems/backup-2/base.nix b/systems/backup-2/base.nix
index 61eecc9..cdaebd3 100644
--- a/systems/backup-2/base.nix
+++ b/systems/backup-2/base.nix
@@ -93,6 +93,7 @@
   };
 
   services.borgBackup.enable = true;
+  services.borgBackup.cronSpec = "30 3 * * *";
 
   services.rsyncBackup = {
     mountpoint = "/backup2";
diff --git a/systems/backup-2/flake.lock b/systems/backup-2/flake.lock
index 83e1cad..c2a087b 100644
--- a/systems/backup-2/flake.lock
+++ b/systems/backup-2/flake.lock
@@ -23,7 +23,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-8fef5NmMlX9+iOpw1/qXEtJ6cAWFvV/SO6YJs1e3D4U=",
+        "narHash": "sha256-Kt/2cr2zTi341YxLHDQAc5aYfEyuoVLpZQ9pJFDjwrc=",
         "path": "../../flakes/private/borg_backup",
         "type": "path"
       },
diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock
index bb961b0..8392aa7 100644
--- a/systems/eldiron/flake.lock
+++ b/systems/eldiron/flake.lock
@@ -1985,7 +1985,7 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-8fef5NmMlX9+iOpw1/qXEtJ6cAWFvV/SO6YJs1e3D4U=",
+        "narHash": "sha256-Kt/2cr2zTi341YxLHDQAc5aYfEyuoVLpZQ9pJFDjwrc=",
         "path": "../../flakes/private/borg_backup",
         "type": "path"
       },
diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix
index 947859a..187eb11 100644
--- a/systems/zoldene/base.nix
+++ b/systems/zoldene/base.nix
@@ -16,6 +16,9 @@ in
     ./synapse.nix
   ];
 
+  services.borgBackup.enable = true;
+  services.borgBackup.cronSpec = "0 20 * * *";
+
   programs.ssh.package = pkgs.openssh;
   services.openssh = {
     settings.KbdInteractiveAuthentication = false;
diff --git a/systems/zoldene/flake.lock b/systems/zoldene/flake.lock
index e8389c6..bd8fc48 100644
--- a/systems/zoldene/flake.lock
+++ b/systems/zoldene/flake.lock
@@ -68,6 +68,18 @@
         "type": "path"
       }
     },
+    "environment_2": {
+      "locked": {
+        "lastModified": 1,
+        "narHash": "sha256-PQ5694ARRlpj00lk/C/T0UPGhPO+n0TEcLR1mde0s8M=",
+        "path": "../environment",
+        "type": "path"
+      },
+      "original": {
+        "path": "../environment",
+        "type": "path"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -433,6 +445,22 @@
         "type": "github"
       }
     },
+    "private-borg-backup": {
+      "inputs": {
+        "environment": "environment",
+        "secrets": "secrets"
+      },
+      "locked": {
+        "lastModified": 1,
+        "narHash": "sha256-Kt/2cr2zTi341YxLHDQAc5aYfEyuoVLpZQ9pJFDjwrc=",
+        "path": "../../flakes/private/borg_backup",
+        "type": "path"
+      },
+      "original": {
+        "path": "../../flakes/private/borg_backup",
+        "type": "path"
+      }
+    },
     "private-environment": {
       "locked": {
         "lastModified": 1,
@@ -448,7 +476,7 @@
     "private-system": {
       "inputs": {
         "backports": "backports",
-        "environment": "environment",
+        "environment": "environment_2",
         "mypackages": "mypackages",
         "myuids": "myuids",
         "secrets-public": "secrets-public"
@@ -481,11 +509,24 @@
         "impermanence": "impermanence",
         "my-lib": "my-lib",
         "nixpkgs": "nixpkgs_5",
+        "private-borg-backup": "private-borg-backup",
         "private-environment": "private-environment",
         "private-system": "private-system",
         "public-secrets": "public-secrets"
       }
     },
+    "secrets": {
+      "locked": {
+        "lastModified": 1,
+        "narHash": "sha256-5AakznhrJFmwCD7lr4JEh55MtdAJL6WA/YuBks6ISSE=",
+        "path": "../../secrets",
+        "type": "path"
+      },
+      "original": {
+        "path": "../../secrets",
+        "type": "path"
+      }
+    },
     "secrets-public": {
       "locked": {
         "lastModified": 1,
diff --git a/systems/zoldene/flake.nix b/systems/zoldene/flake.nix
index 7b7b4b7..52db1c4 100644
--- a/systems/zoldene/flake.nix
+++ b/systems/zoldene/flake.nix
@@ -6,6 +6,7 @@
     public-secrets.url = "path:../../flakes/secrets";
     private-environment.url = "path:../../flakes/private/environment";
     private-system.url = "path:../../flakes/private/system";
+    private-borg-backup.url = "path:../../flakes/private/borg_backup";
   };
   outputs = inputs@{ self, nixpkgs, my-lib, ... }:
     my-lib.lib.mkColmenaFlake {
@@ -25,6 +26,7 @@
 
         secrets = public-secrets.nixosModule;
 
+        borg-backup = private-borg-backup.nixosModule;
         environment = private-environment.nixosModule;
         system = private-system.nixosModule;
       };
diff --git a/systems/zoldene/virtualisation.nix b/systems/zoldene/virtualisation.nix
index d2212fe..424f43f 100644
--- a/systems/zoldene/virtualisation.nix
+++ b/systems/zoldene/virtualisation.nix
@@ -6,6 +6,14 @@
   virtualisation.docker.enable = true;
   disko.devices.zpool.zfast.datasets."root/persist/var/lib/docker" =
     { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/docker"; options.mountpoint = "legacy"; };
+  systemd.services.docker.after = [
+    "var-lib-docker.mount"
+    "persist-zfast-var-lib-docker.mount"
+  ];
+  systemd.services.docker.unitConfig.BindsTo = [
+    "var-lib-docker.mount"
+    "persist-zfast-var-lib-docker.mount"
+  ];
 
   ### Enable LXC
   disko.devices.zpool.zfast.datasets."root/persist/var/lib/lxc" =
@@ -14,12 +22,21 @@
     enable = true;
     lxcfs.enable = true;
   };
+  systemd.services.lxc.after = [
+    "var-lib-lxc.mount"
+    "persist-zfast-var-lib-lxc.mount"
+  ];
+  systemd.services.lxc.unitConfig.BindsTo = [
+    "var-lib-lxc.mount"
+    "persist-zfast-var-lib-lxc.mount"
+  ];
 
   ### Enable libvirtd
   virtualisation.libvirtd = {
     enable = true;
     qemu.package = pkgs-no-overlay.qemu;
   };
+  # No persistence for libvirtd: config is supposed to be persisted via config
 
   ### Persistence for LXC / Docker
   environment.persistence."/persist/zfast".directories = [
@@ -43,4 +60,3 @@
     "net.ipv4.conf.default.forwarding" = true;
   };
 }
-