Compare commits
7 Commits
286e03c853
...
sanoid
| Author | SHA1 | Date | |
|---|---|---|---|
| be0bb0b08b | |||
| 026494c877 | |||
| 3021716640 | |||
| 70ec63f213 | |||
| 91d86c49a1 | |||
| 96dee29595 | |||
| d5e94b50cb |
@@ -18,6 +18,7 @@ in
|
||||
inputs.self.nixosModules.malobeo.microvm
|
||||
inputs.self.nixosModules.malobeo.metrics
|
||||
inputs.self.nixosModules.malobeo.users
|
||||
inputs.self.nixosModules.malobeo.backup
|
||||
];
|
||||
|
||||
virtualisation.vmVariantWithDisko = {
|
||||
@@ -42,6 +43,11 @@ in
|
||||
cacheurl = "https://cache.dynamicdiscord.de";
|
||||
};
|
||||
|
||||
malobeo.backup = {
|
||||
enable = true;
|
||||
snapshots = [ "storage/encrypted" "zroot/encrypted/var" ];
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
#always update microvms
|
||||
@@ -53,6 +59,7 @@ in
|
||||
malobeo.users = {
|
||||
malobeo = true;
|
||||
admin = true;
|
||||
backup = true;
|
||||
};
|
||||
|
||||
malobeo.disks = {
|
||||
|
||||
@@ -2,42 +2,66 @@
|
||||
with lib;
|
||||
let
|
||||
cfg = config.malobeo.backup;
|
||||
newfunc = (hostname: datasetNames: (map (dataset: { name = "${hostname}_${dataset.sourceDataset}"; value = { inherit hostname; inherit dataset; }; } ) datasetNames));
|
||||
hostToCommand = (hostname: datasetNames:
|
||||
(map (dataset: {
|
||||
name = "${hostname}_${dataset.sourceDataset}";
|
||||
value = {
|
||||
inherit hostname;
|
||||
inherit (dataset) sourceDataset targetDataset;
|
||||
};
|
||||
} ) datasetNames));
|
||||
peers = import ./peers.nix;
|
||||
|
||||
enableSnapshots = cfg.snapshots != null;
|
||||
enableBackups = cfg.hosts != null;
|
||||
in
|
||||
{
|
||||
options.malobeo.backup = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable sharing metrics";
|
||||
description = "Enable sanoid/syncoid based backup functionality";
|
||||
};
|
||||
|
||||
snapshots = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = null;
|
||||
description = "Automatic snapshots will be created for the given datasets";
|
||||
};
|
||||
|
||||
#TODO: instead listof str we need dataset here to declare the dataset name on the source host
|
||||
# and also the dataset name on target host (which stores the backups)
|
||||
hosts = mkOption {
|
||||
type = types.attrsOf (types.listOf (types.submodule {
|
||||
default = null;
|
||||
type = types.nullOr (types.attrsOf (types.listOf (types.submodule {
|
||||
options = {
|
||||
sourceDataset = mkOption {
|
||||
type = types.str;
|
||||
description = "The source that needs to be backed up";
|
||||
};
|
||||
targetDataset = mkOption {
|
||||
type = types.str;
|
||||
description = "The target dataset where the backup should be stored";
|
||||
};
|
||||
};
|
||||
}));
|
||||
description = "Hostname with list of datasets to backup.";
|
||||
})));
|
||||
description = ''
|
||||
Hostname with list of datasets to backup. This option should be defined on hosts that will store backups.
|
||||
|
||||
It is necessary to add the machines that get backed up to known hosts.
|
||||
This can be done for example systemwide using
|
||||
programs.ssh.knownHosts."10.100.0.101" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqp2/YiiIhai7wyScGZJ20gtrzY+lp4N/8unyRs4qhc";
|
||||
Or set it for the syncoid user directly.
|
||||
'';
|
||||
};
|
||||
|
||||
sshKey = mkOption {
|
||||
default = null;
|
||||
type = types.nullOr types.str;
|
||||
description = "Set path to ssh key used for pull backups. Otherwise default key is used";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (cfg.enable) {
|
||||
services.sanoid = {
|
||||
services.sanoid = mkIf (enableSnapshots) {
|
||||
enable = true;
|
||||
|
||||
templates."default" = {
|
||||
@@ -56,10 +80,9 @@ in
|
||||
}; }) cfg.snapshots);
|
||||
};
|
||||
|
||||
services.syncoid = with config; {
|
||||
services.syncoid = mkIf (enableBackups) {
|
||||
enable = true;
|
||||
|
||||
sshKey = sops.secrets.backup_key.path;
|
||||
sshKey = cfg.sshKey;
|
||||
|
||||
commonArgs = [
|
||||
"--no-sync-snap"
|
||||
@@ -68,17 +91,12 @@ in
|
||||
interval = "*-*-* 04:15:00";
|
||||
|
||||
commands = builtins.mapAttrs (name: value: {
|
||||
source = "backup@${peers.${value.hostname}.address}:${value.dataset.sourceDataset}";
|
||||
target = "${value.dataset.targetDataset}";
|
||||
source = "backup@${peers.${value.hostname}.address}:${value.sourceDataset}";
|
||||
target = "${value.targetDataset}";
|
||||
sendOptions = "w";
|
||||
recvOptions = "\"\"";
|
||||
recursive = true;
|
||||
})(builtins.listToAttrs (builtins.concatLists (builtins.attrValues (builtins.mapAttrs newfunc cfg.hosts))));
|
||||
};
|
||||
|
||||
sops.secrets.backup_key = {
|
||||
owner = config.services.syncoid.user;
|
||||
key = "backup_key";
|
||||
})(builtins.listToAttrs (builtins.concatLists (builtins.attrValues (builtins.mapAttrs hostToCommand cfg.hosts))));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -68,7 +68,7 @@ in
|
||||
users = [ "backup" ];
|
||||
commands = [
|
||||
{
|
||||
command = "${pkgs.zfs-user}/bin/zfs";
|
||||
command = "${pkgs.zfs}/bin/zfs";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
@@ -94,4 +94,4 @@ in
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user