root/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

borg the rest

Browse source
This commit is contained in:
root 2025-11-08 19:19:39 +00:00
parent 767bbd6a5f
commit 59dd33d66c
8 changed files with 147 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

3
services/akkoma.nix
View file

@ -41,12 +41,13 @@ in {
};
};
borgbackup.jobs."akkoma" = {
repo = "ssh://n65yc7ze@n65yc7ze.repo.borgbase.com/./repo";
repo = "ssh://u506783@u506783.your-storagebox.de:23/./akkoma";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/lib/akkoma"
"/var/backup/postgres/akkoma.sql"
];
encryption.mode = "none";
compression = "auto,lzma";

2
services/forgejo.nix
View file

@ -17,7 +17,7 @@ in {
};
};
borgbackup.jobs."forgejo" = {
repo = "ssh://v4379v0z@v4379v0z.repo.borgbase.com/./repo";
repo = "ssh://u506783@u506783.your-storagebox.de:23/./forgejo";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};

21
services/lldap.nix
View file

@ -3,7 +3,8 @@
in {
age.secrets."hidden_service/lldap".file = ../secrets/hidden_service/lldap;
services.lldap = {
services = {
lldap = {
enable = true;
settings = {
http_url = "https://login.distrust.network";
@ -14,6 +15,24 @@ in {
ldap_user_pass = "VERY_SECURE";
};
};
borgbackup.jobs."lldap" = {
repo = "ssh://u506783@u506783.your-storagebox.de:23/./lldap";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/lib/lldap"
];
encryption.mode = "none";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
distrust.services."lldap" = {
url = "https://login.distrust.network";

18
services/mailserver.nix
View file

@ -15,4 +15,22 @@
uris = ["ldap://localhost:3890"];
};
};
services.borgbackup.jobs."mailserver" = {
repo = "ssh://u506783@u506783.your-storagebox.de:23/./mailserver";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/vmail/ldap"
];
encryption.mode = "none";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
};
}

28
services/nextcloud.nix
View file

@ -41,6 +41,34 @@ in {
"listen.owner" = "caddy";
"listen.group" = "caddy";
};
borgbackup.jobs."nextcloud" = {
repo = "ssh://u506783@u506783.your-storagebox.de:23/./nextcloud";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/lib/nextcloud"
"/var/backup/postgres/nextcloud.sql"
];
encryption.mode = "none";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
readWritePaths = [
"/var/backup/postgres"
];
preHook = ''
mkdir -p /var/backup/postgres
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump nextcloud > /var/backup/postgres/nextcloud.sql
'';
postHook = ''
rm -f /var/backup/postgres/nextcloud.sql
'';
};
};
distrust.services."nextcloud" = {

21
services/paste.nix
View file

@ -3,7 +3,8 @@
in {
age.secrets."hidden_service/microbin".file = ../secrets/hidden_service/microbin;
services.microbin = {
services = {
microbin = {
enable = true;
settings = {
MICROBIN_PORT = pastePort;
@ -14,6 +15,24 @@ in {
MICROBIN_PUBLIC_PATH = "https://paste.distrust.network/";
};
};
borgbackup.jobs."microbin" = {
repo = "ssh://u506783@u506783.your-storagebox.de:23/./microbin";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/lib/microbin"
];
encryption.mode = "none";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
distrust.services."microbin" = {
url = "https://paste.distrust.network";

17
services/prosody.nix
View file

@ -46,6 +46,23 @@
file_server
}
'';
borgbackup.jobs."prosody" = {
repo = "ssh://u506783@u506783.your-storagebox.de:23/./prosody";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/lib/prosody"
];
encryption.mode = "none";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
security.acme = {

21
services/vaultwarden.nix
View file

@ -6,7 +6,8 @@ in {
"hidden_service/vaultwarden".file = ../secrets/hidden_service/vaultwarden;
};
services.vaultwarden = {
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://vault.distrust.network";
@ -14,6 +15,24 @@ in {
};
environmentFile = config.age.secrets."vaultwarden.env".path;
};
borgbackup.jobs."vaultwarden" = {
repo = "ssh://u506783@u506783.your-storagebox.de:23/./vaultwarden";
environment = {
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
};
paths = [
"/var/lib/vaultwarden"
];
encryption.mode = "none";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
};
};
distrust.services."vaultwarden" = {
url = "https://vault.distrust.network";