diff options
Diffstat (limited to 'profiles/backup.nix')
-rw-r--r-- | profiles/backup.nix | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/profiles/backup.nix b/profiles/backup.nix deleted file mode 100644 index d1075e2..0000000 --- a/profiles/backup.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ self, pkgs, config, lib, ... }: -let - sshPub = builtins.fromTOML (builtins.readFile "${self}/configs/ssh-pubkeys.toml"); - secrets = config.age.secrets; - ssh-key-path = secrets."rsync.net/ssh-key".path; - backupDir = "/data/slow/backups/"; - backupDest = "de2664@de2664.rsync.net"; -in -{ - # a user used only for backups - users.users.backup = { - uid = 991; - createHome = false; - isSystemUser = true; - group = "users"; - home = "${backupDir}/hosts"; - openssh.authorizedKeys.keys = with sshPub; [ - restic - ]; - }; - - services.openssh.sftpServerExecutable = "internal-sftp"; - services.openssh.extraConfig = '' - Match User backup - ChrootDirectory ${config.users.users.backup.home} - ForceCommand internal-sftp - AllowTcpForwarding no - ''; - - systemd.timers.rsync-backups = { - description = "synchronize restic repository to rsync.net"; - wantedBy = [ "timers.target" ]; - partOf = [ "rsync-backups.service" ]; - timerConfig = { - OnCalendar = "04:00"; - }; - }; - - systemd.services.rsync-backups = { - description = "synchronize restic repository to rsync.net"; - serviceConfig.Type = "oneshot"; - script = '' - exec ${pkgs.rsync}/bin/rsync \ - -azq --delete \ - -e '${pkgs.openssh}/bin/ssh -i ${ssh-key-path}' \ - ${backupDir} ${backupDest}:backups/ - ''; - }; -} |