2022-05-18 15:57:58 +02:00
|
|
|
{ name, config, ... }: {
|
|
|
|
|
age.secrets.backup_repo.file = ../../secrets/${name}_borg_repo.age;
|
|
|
|
|
age.secrets.backup_ssh.file = ../../secrets/${name}_borg_ssh.age;
|
2021-01-03 22:06:31 +01:00
|
|
|
services.borgbackup.jobs.backup = {
|
|
|
|
|
encryption = {
|
|
|
|
|
# Keep the encryption key in the repo itself
|
|
|
|
|
mode = "repokey-blake2";
|
|
|
|
|
|
|
|
|
|
# Password is used to decrypt the encryption key from the repo
|
2022-05-18 15:57:58 +02:00
|
|
|
passCommand = "cat ${config.age.secrets.backup_repo.path}";
|
2021-01-03 22:06:31 +01:00
|
|
|
};
|
|
|
|
|
environment = {
|
|
|
|
|
# Make sure we're using Borg >= 1.0
|
|
|
|
|
BORG_REMOTE_PATH = "borg1";
|
|
|
|
|
|
|
|
|
|
# SSH key is specific to the subaccount defined in the repo username
|
2022-05-18 15:57:58 +02:00
|
|
|
BORG_RSH = "ssh -i ${config.age.secrets.backup_ssh.path}";
|
2021-01-03 22:06:31 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Define schedule
|
|
|
|
|
startAt = "hourly";
|
|
|
|
|
|
|
|
|
|
repo = "14337@ch-s012.rsync.net:${name}";
|
|
|
|
|
paths = [ "/home" "/root" "/var/lib" ];
|
2021-05-29 18:05:31 +02:00
|
|
|
|
2021-01-03 22:06:31 +01:00
|
|
|
prune.keep = {
|
|
|
|
|
# hourly backups for the past week
|
|
|
|
|
within = "7d";
|
|
|
|
|
|
|
|
|
|
# daily backups for two weeks before that
|
|
|
|
|
daily = 14;
|
|
|
|
|
|
|
|
|
|
# weekly backups for a month before that
|
|
|
|
|
weekly = 4;
|
|
|
|
|
|
|
|
|
|
# monthly backups for 6 months before that
|
|
|
|
|
monthly = 6;
|
|
|
|
|
|
|
|
|
|
# 2 years
|
|
|
|
|
yearly = 2;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
