prepare for full borg

2025-11-08 16:58:27 +00:00 · 2025-11-08 16:58:27 +00:00 · 2c9fa4fbe1
commit 2c9fa4fbe1
parent f90a2ce5f7
19 changed files with 212 additions and 134 deletions
--- a/services/akkoma.nix
+++ b/services/akkoma.nix
@ -40,6 +40,33 @@ in {
        };
      };
    };
+    borgbackup.jobs."akkoma" = {
+      repo = "ssh://n65yc7ze@n65yc7ze.repo.borgbase.com/./repo";
+      environment = {
+        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
+      };
+      paths = [
+        "/var/lib/akkoma"
+      ];
+      encryption.mode = "none";
+      compression = "auto,lzma";
+      startAt = "daily";
+      prune.keep = {
+        daily = 7;
+        weekly = 4;
+        monthly = -1;
+      };
+      readWritePaths = [
+        "/var/backup/postgres"
+      ];
+      preHook = ''
+        mkdir -p /var/backup/postgres
+        ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump akkoma > /var/backup/postgres/akkoma.sql
+      '';
+      postHook = ''
+        rm -f /var/backup/postgres/akkoma.sql
+      '';
+    };
  };

  distrust.services."akkoma" = {
--- a/services/borg.nix
+++ b/services/borg.nix
@ -0,0 +1,3 @@
+{
+  age.secrets."borg_ed25519".file = ../secrets/borg_ed25519;
+}
--- a/services/default.nix
+++ b/services/default.nix
@ -1,16 +1,22 @@
 {
  imports = [
+    # Core System
    ./caddy.nix
+    ./borg.nix
+
+    # Non-Stateful
    ./site.nix
-    ./nextcloud.nix
-    ./forgejo.nix
-    ./akkoma.nix
-    ./prosody.nix
-    ./lldap.nix
-    ./paste.nix
    ./crypto.nix
-    ./vaultwarden.nix
-    ./mailserver.nix
    ./tor.nix
+
+    # Stateful
+    ./akkoma.nix
+    ./forgejo.nix
+    ./lldap.nix
+    ./mailserver.nix
+    ./nextcloud.nix
+    ./prosody.nix
+    ./paste.nix
+    ./vaultwarden.nix
  ];
 }
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -5,14 +5,33 @@ in {
    file = ../secrets/hidden_service/forgejo;
  };

-  services.forgejo = {
-    enable = true;
-    lfs.enable = false;
-    settings.server = {
-      DOMAIN = "git.distrust.network";
-      HTTP_PORT = forgejoPort;
-      ROOT_URL = "https://git.distrust.network/";
-      SSH_PORT = builtins.head config.services.openssh.ports;
+  services = {
+    forgejo = {
+      enable = true;
+      lfs.enable = false;
+      settings.server = {
+        DOMAIN = "git.distrust.network";
+        HTTP_PORT = forgejoPort;
+        ROOT_URL = "https://git.distrust.network/";
+        SSH_PORT = builtins.head config.services.openssh.ports;
+      };
+    };
+    borgbackup.jobs."forgejo" = {
+      repo = "ssh://v4379v0z@v4379v0z.repo.borgbase.com/./repo";
+      environment = {
+        BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
+      };
+      paths = [
+        "/var/lib/forgejo"
+      ];
+      encryption.mode = "none";
+      compression = "auto,lzma";
+      startAt = "daily";
+      prune.keep = {
+        daily = 7;
+        weekly = 4;
+        monthly = -1;
+      };
    };
  };