1 files changed, 49 insertions, 0 deletions
diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix
index d580f99..7fc59e8 100644
--- a/systems/zoldene/base.nix
+++ b/systems/zoldene/base.nix
@@ -17,6 +17,55 @@ in
    ./database.nix
  ];
+  secrets.keys = {
+    "zrepl/${name}.key" = {
+      permissions = "0400";
+      text = config.myEnv.zrepl_backup.certs."${name}".key;
+      user = "root";
+      group = "root";
+    };
+  } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
+    permissions = "0400";
+    text = config.myEnv.zrepl_backup.certs."${x}".certificate;
+    user = "root";
+    group = "root";
+  }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
+  services.zrepl = {
+    enable = true;
+    settings = {
+      jobs = [
+        {
+          type = "push";
+          # must not change
+          name = "backup-to-raspi";
+          filesystems."zfast/root/persist<" = true;
+          filesystems."zpool/root/persist<" = true;
+          connect = {
+            address = "192.168.44.101:19025";
+            type = "tls";
+            server_cn = "raspi";
+            ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
+            cert = config.secrets.fullPaths."zrepl/certificates/zoldene.crt";
+            key = config.secrets.fullPaths."zrepl/zoldene.key";
+          };
+          snapshotting = {
+            type = "cron";
+            prefix = "raspi_zrepl_";
+            cron = "35 23 * * *";
+          };
+          pruning.keep_sender = [
+            { type = "regex"; negate = true; regex = "^raspi_zrepl_.*"; }
+            { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
+          ];
+          pruning.keep_receiver = [
+            { type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
+          ];
+        }
+      ];
+    };
+  };
  services.borgBackup.enable = true;
  services.borgBackup.cronSpec = "0 20 * * *";
  disko.devices.zpool.zfast.datasets."root/persist/var/lib/borgbackup" =

diff --git a/systems/zoldene/base.nix b/systems/zoldene/base.nix index d580f99..7fc59e8 100644 --- a/systems/zoldene/base.nix +++ b/systems/zoldene/base.nix
@@ -17,6 +17,55 @@ in
17	./database.nix	17	./database.nix
18	];	18	];
19		19
		20	secrets.keys = {
		21	"zrepl/${name}.key" = {
		22	permissions = "0400";
		23	text = config.myEnv.zrepl_backup.certs."${name}".key;
		24	user = "root";
		25	group = "root";
		26	};
		27	} // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
		28	permissions = "0400";
		29	text = config.myEnv.zrepl_backup.certs."${x}".certificate;
		30	user = "root";
		31	group = "root";
		32	}) (builtins.attrNames config.myEnv.zrepl_backup.certs));
		33
		34	services.zrepl = {
		35	enable = true;
		36	settings = {
		37	jobs = [
		38	{
		39	type = "push";
		40	# must not change
		41	name = "backup-to-raspi";
		42	filesystems."zfast/root/persist<" = true;
		43	filesystems."zpool/root/persist<" = true;
		44	connect = {
		45	address = "192.168.44.101:19025";
		46	type = "tls";
		47	server_cn = "raspi";
		48	ca = config.secrets.fullPaths."zrepl/certificates/ca.crt";
		49	cert = config.secrets.fullPaths."zrepl/certificates/zoldene.crt";
		50	key = config.secrets.fullPaths."zrepl/zoldene.key";
		51	};
		52	snapshotting = {
		53	type = "cron";
		54	prefix = "raspi_zrepl_";
		55	cron = "35 23 * * *";
		56	};
		57	pruning.keep_sender = [
		58	{ type = "regex"; negate = true; regex = "^raspi_zrepl_.*"; }
		59	{ type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
		60	];
		61	pruning.keep_receiver = [
		62	{ type = "grid"; grid = "3x1d"; regex = "^raspi_zrepl_.*"; }
		63	];
		64	}
		65	];
		66	};
		67	};
		68
20	services.borgBackup.enable = true;	69	services.borgBackup.enable = true;
21	services.borgBackup.cronSpec = "0 20 * * *";	70	services.borgBackup.cronSpec = "0 20 * * *";
22	disko.devices.zpool.zfast.datasets."root/persist/var/lib/borgbackup" =	71	disko.devices.zpool.zfast.datasets."root/persist/var/lib/borgbackup" =