aboutsummaryrefslogtreecommitdiff
path: root/modules/private/system/eldiron.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private/system/eldiron.nix')
-rw-r--r--modules/private/system/eldiron.nix63
1 files changed, 56 insertions, 7 deletions
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 8a5d11c..83e52b8 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -19,9 +19,6 @@
19 }; 19 };
20 20
21 services.zfs = { 21 services.zfs = {
22 autoSnapshot = {
23 enable = true;
24 };
25 autoScrub = { 22 autoScrub = {
26 enable = true; 23 enable = true;
27 }; 24 };
@@ -64,11 +61,11 @@
64 61
65 secrets.keys = [ 62 secrets.keys = [
66 { 63 {
67 dest = "rsync_backup/identity"; 64 dest = "zrepl_backup/identity";
68 user = "root"; 65 user = "root";
69 group = "root"; 66 group = "root";
70 permissions = "0400"; 67 permissions = "0400";
71 text = config.myEnv.rsync_backup.ssh_key.private; 68 text = config.myEnv.zrepl_backup.ssh_key.private;
72 } 69 }
73 ]; 70 ];
74 programs.ssh.knownHosts.dilion = { 71 programs.ssh.knownHosts.dilion = {
@@ -104,8 +101,6 @@
104 mailto = "cron@immae.eu"; 101 mailto = "cron@immae.eu";
105 systemCronJobs = [ 102 systemCronJobs = [
106 '' 103 ''
107 # The star after /var/lib/* avoids deleting all folders in case of problem
108 0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
109 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "immae.eu.*Recipient address rejected" 104 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "immae.eu.*Recipient address rejected"
110 # Need a way to blacklist properly 105 # Need a way to blacklist properly
111 # 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "NOQUEUE:" 106 # 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "NOQUEUE:"
@@ -121,6 +116,60 @@
121 }; 116 };
122 environment.systemPackages = [ pkgs.bindfs ]; 117 environment.systemPackages = [ pkgs.bindfs ];
123 118
119 services.zrepl = {
120 enable = true;
121 config = let
122 redis_dump = pkgs.writeScript "redis-dump" ''
123 #! ${pkgs.stdenv.shell}
124 ${pkgs.redis}/bin/redis-cli bgsave
125 '';
126 in ''
127 jobs:
128 - type: push
129 # must not change
130 name: "backup-to-dilion"
131 filesystems:
132 "zpool/root": true
133 "zpool/root/etc": true
134 "zpool/root/var<": true
135 connect:
136 type: ssh+stdinserver
137 host: dilion.immae.eu
138 user: backup
139 port: 22
140 identity_file: ${config.secrets.fullPaths."zrepl_backup/identity"}
141 snapshotting:
142 type: periodic
143 prefix: zrepl_
144 interval: 15m
145 hooks:
146 - type: mysql-lock-tables
147 dsn: "${config.myEnv.zrepl_backup.mysql.user}:${config.myEnv.zrepl_backup.mysql.password}@tcp(localhost)/"
148 filesystems:
149 "zpool/root/var": true
150 - type: command
151 path: ${redis_dump}
152 err_is_fatal: false
153 filesystems:
154 "zpool/root/var": true
155 send:
156 encrypted: true
157 pruning:
158 keep_sender:
159 - type: not_replicated
160 - type: regex
161 regex: "^manual_.*"
162 - type: grid
163 grid: 1x1h(keep=all) | 24x1h | 7x1d | 4x7d | 6x30d
164 regex: "^zrepl_.*"
165 keep_receiver:
166 - type: regex
167 regex: "^manual_.*"
168 - type: grid
169 grid: 1x1h(keep=all) | 24x1h | 7x1d | 4x7d | 6x30d
170 regex: "^zrepl_.*"
171 '';
172 };
124 # This value determines the NixOS release with which your system is 173 # This value determines the NixOS release with which your system is
125 # to be compatible, in order to avoid breaking some software such as 174 # to be compatible, in order to avoid breaking some software such as
126 # database servers. You should change this only after NixOS release 175 # database servers. You should change this only after NixOS release