1 files changed, 56 insertions, 7 deletions
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index 8a5d11c..83e52b8 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -19,9 +19,6 @@
  };
  services.zfs = {
-    autoSnapshot = {
-      enable = true;
-    };
    autoScrub = {
      enable = true;
    };
@@ -64,11 +61,11 @@
  secrets.keys = [
    {
-      dest = "rsync_backup/identity";
+      dest = "zrepl_backup/identity";
      user = "root";
      group = "root";
      permissions = "0400";
-      text = config.myEnv.rsync_backup.ssh_key.private;
+      text = config.myEnv.zrepl_backup.ssh_key.private;
    }
  ];
  programs.ssh.knownHosts.dilion = {
@@ -104,8 +101,6 @@
    mailto = "cron@immae.eu";
    systemCronJobs = [
      ''
-        # The star after /var/lib/* avoids deleting all folders in case of problem
-        0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
        0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "immae.eu.*Recipient address rejected"
        # Need a way to blacklist properly
        # 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "NOQUEUE:"
@@ -121,6 +116,60 @@
  };
  environment.systemPackages = [ pkgs.bindfs ];
+  services.zrepl = {
+    enable = true;
+    config = let
+      redis_dump = pkgs.writeScript "redis-dump" ''
+        #! ${pkgs.stdenv.shell}
+        ${pkgs.redis}/bin/redis-cli bgsave
+      '';
+    in ''
+      jobs:
+        - type: push
+          # must not change
+          name: "backup-to-dilion"
+          filesystems:
+            "zpool/root": true
+            "zpool/root/etc": true
+            "zpool/root/var<": true
+          connect:
+            type: ssh+stdinserver
+            host: dilion.immae.eu
+            user: backup
+            port: 22
+            identity_file: ${config.secrets.fullPaths."zrepl_backup/identity"}
+          snapshotting:
+            type: periodic
+            prefix: zrepl_
+            interval: 15m
+            hooks:
+              - type: mysql-lock-tables
+                dsn: "${config.myEnv.zrepl_backup.mysql.user}:${config.myEnv.zrepl_backup.mysql.password}@tcp(localhost)/"
+                filesystems:
+                  "zpool/root/var": true
+              - type: command
+                path: ${redis_dump}
+                err_is_fatal: false
+                filesystems:
+                  "zpool/root/var": true
+          send:
+            encrypted: true
+          pruning:
+            keep_sender:
+              - type: not_replicated
+              - type: regex
+                regex: "^manual_.*"
+              - type: grid
+                grid: 1x1h(keep=all) | 24x1h | 7x1d | 4x7d | 6x30d
+                regex: "^zrepl_.*"
+            keep_receiver:
+              - type: regex
+                regex: "^manual_.*"
+              - type: grid
+                grid: 1x1h(keep=all) | 24x1h | 7x1d | 4x7d | 6x30d
+                regex: "^zrepl_.*"
+    '';
+  };
  # This value determines the NixOS release with which your system is
  # to be compatible, in order to avoid breaking some software such as
  # database servers. You should change this only after NixOS release

diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix index 8a5d11c..83e52b8 100644 --- a/modules/private/system/eldiron.nix +++ b/modules/private/system/eldiron.nix
@@ -19,9 +19,6 @@
19	};	19	};
20		20
21	services.zfs = {	21	services.zfs = {
22	autoSnapshot = {
23	enable = true;
24	};
25	autoScrub = {	22	autoScrub = {
26	enable = true;	23	enable = true;
27	};	24	};
@@ -64,11 +61,11 @@
64		61
65	secrets.keys = [	62	secrets.keys = [
66	{	63	{
67	dest = "rsync_backup/identity";	64	dest = "zrepl_backup/identity";
68	user = "root";	65	user = "root";
69	group = "root";	66	group = "root";
70	permissions = "0400";	67	permissions = "0400";
71	text = config.myEnv.rsync_backup.ssh_key.private;	68	text = config.myEnv.zrepl_backup.ssh_key.private;
72	}	69	}
73	];	70	];
74	programs.ssh.knownHosts.dilion = {	71	programs.ssh.knownHosts.dilion = {
@@ -104,8 +101,6 @@
104	mailto = "cron@immae.eu";	101	mailto = "cron@immae.eu";
105	systemCronJobs = [	102	systemCronJobs = [
106	''	103	''
107	# The star after /var/lib/* avoids deleting all folders in case of problem
108	0 3,9,15,21 * * * root rsync -e "ssh -i /var/secrets/rsync_backup/identity" --new-compress -aAXv --delete --numeric-ids --super --rsync-path="sudo rsync" /var/lib/* backup@dilion.immae.eu: > /dev/null
109	0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "immae.eu.*Recipient address rejected"	104	0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "immae.eu.*Recipient address rejected"
110	# Need a way to blacklist properly	105	# Need a way to blacklist properly
111	# 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "NOQUEUE:"	106	# 0 0 * * * root journalctl -q --since="25 hours ago" -u postfix -t postfix/smtpd -g "NOQUEUE:"
@@ -121,6 +116,60 @@
121	};	116	};
122	environment.systemPackages = [ pkgs.bindfs ];	117	environment.systemPackages = [ pkgs.bindfs ];
123		118
		119	services.zrepl = {
		120	enable = true;
		121	config = let
		122	redis_dump = pkgs.writeScript "redis-dump" ''
		123	#! ${pkgs.stdenv.shell}
		124	${pkgs.redis}/bin/redis-cli bgsave
		125	'';
		126	in ''
		127	jobs:
		128	- type: push
		129	# must not change
		130	name: "backup-to-dilion"
		131	filesystems:
		132	"zpool/root": true
		133	"zpool/root/etc": true
		134	"zpool/root/var<": true
		135	connect:
		136	type: ssh+stdinserver
		137	host: dilion.immae.eu
		138	user: backup
		139	port: 22
		140	identity_file: ${config.secrets.fullPaths."zrepl_backup/identity"}
		141	snapshotting:
		142	type: periodic
		143	prefix: zrepl_
		144	interval: 15m
		145	hooks:
		146	- type: mysql-lock-tables
		147	dsn: "${config.myEnv.zrepl_backup.mysql.user}:${config.myEnv.zrepl_backup.mysql.password}@tcp(localhost)/"
		148	filesystems:
		149	"zpool/root/var": true
		150	- type: command
		151	path: ${redis_dump}
		152	err_is_fatal: false
		153	filesystems:
		154	"zpool/root/var": true
		155	send:
		156	encrypted: true
		157	pruning:
		158	keep_sender:
		159	- type: not_replicated
		160	- type: regex
		161	regex: "^manual_.*"
		162	- type: grid
		163	grid: 1x1h(keep=all) \| 24x1h \| 7x1d \| 4x7d \| 6x30d
		164	regex: "^zrepl_.*"
		165	keep_receiver:
		166	- type: regex
		167	regex: "^manual_.*"
		168	- type: grid
		169	grid: 1x1h(keep=all) \| 24x1h \| 7x1d \| 4x7d \| 6x30d
		170	regex: "^zrepl_.*"
		171	'';
		172	};
124	# This value determines the NixOS release with which your system is	173	# This value determines the NixOS release with which your system is
125	# to be compatible, in order to avoid breaking some software such as	174	# to be compatible, in order to avoid breaking some software such as
126	# database servers. You should change this only after NixOS release	175	# database servers. You should change this only after NixOS release