DGNum/infrastructure
13
6
Fork 3
Code Issues 19 Pull requests 8 Projects 1 Releases Packages Wiki Activity Actions
infrastructure/modules/dgn-backups/default.nix
Tom Hubrecht 6c4099d369
All checks were successful
Check meta / check_meta (pull_request) Successful in 17s
Details
Check meta / check_dns (pull_request) Successful in 16s
Details
build configuration / build_compute01 (pull_request) Successful in 1m19s
Details
build configuration / build_storage01 (pull_request) Successful in 1m15s
Details
build configuration / build_vault01 (pull_request) Successful in 1m10s
Details
build configuration / build_krz01 (pull_request) Successful in 2m4s
Details
build configuration / build_web01 (pull_request) Successful in 1m40s
Details
build configuration / build_web02 (pull_request) Successful in 1m12s
Details
lint / check (pull_request) Successful in 24s
Details
build configuration / build_geo01 (pull_request) Successful in 1m7s
Details
build configuration / build_rescue01 (pull_request) Successful in 1m10s
Details
build configuration / build_geo02 (pull_request) Successful in 1m7s
Details
build configuration / build_bridge01 (pull_request) Successful in 1m8s
Details
build configuration / push_to_cache_vault01 (pull_request) Successful in 1m56s
Details
build configuration / push_to_cache_storage01 (pull_request) Successful in 1m57s
Details
build configuration / push_to_cache_compute01 (pull_request) Successful in 2m19s
Details
build configuration / push_to_cache_web01 (pull_request) Successful in 2m21s
Details
build configuration / push_to_cache_krz01 (pull_request) Successful in 2m30s
Details
build configuration / push_to_cache_geo01 (pull_request) Successful in 1m8s
Details
build configuration / push_to_cache_web02 (pull_request) Successful in 1m17s
Details
Check meta / check_meta (push) Successful in 17s
Details
Check meta / check_dns (push) Successful in 17s
Details
build configuration / push_to_cache_geo02 (pull_request) Successful in 1m11s
Details
build configuration / push_to_cache_bridge01 (pull_request) Successful in 1m10s
Details
build configuration / push_to_cache_rescue01 (pull_request) Successful in 1m23s
Details
build configuration / build_storage01 (push) Successful in 1m16s
Details
build configuration / build_vault01 (push) Successful in 1m13s
Details
build configuration / build_compute01 (push) Successful in 1m20s
Details
build configuration / build_web01 (push) Successful in 1m38s
Details
build configuration / build_krz01 (push) Successful in 1m58s
Details
lint / check (push) Successful in 25s
Details
build configuration / build_web02 (push) Successful in 1m9s
Details
build configuration / build_geo01 (push) Successful in 1m9s
Details
build configuration / build_geo02 (push) Successful in 1m10s
Details
build configuration / build_rescue01 (push) Successful in 1m15s
Details
build configuration / build_bridge01 (push) Successful in 1m2s
Details
build configuration / push_to_cache_storage01 (push) Successful in 1m25s
Details
build configuration / push_to_cache_vault01 (push) Successful in 1m37s
Details
build configuration / push_to_cache_web02 (push) Successful in 1m21s
Details
build configuration / push_to_cache_compute01 (push) Successful in 1m56s
Details
build configuration / push_to_cache_web01 (push) Successful in 2m18s
Details
build configuration / push_to_cache_geo01 (push) Successful in 1m15s
Details
build configuration / push_to_cache_krz01 (push) Successful in 2m25s
Details
build configuration / push_to_cache_geo02 (push) Successful in 1m8s
Details
build configuration / push_to_cache_bridge01 (push) Successful in 1m8s
Details
build configuration / push_to_cache_rescue01 (push) Successful in 1m23s
Details
feat(infra): Internalize nix-lib, and make keys management simpler
2024-10-09 18:58:46 +02:00

130 lines
2.6 KiB
Nix
Raw Blame History

{
config,
lib,
dgn-keys,
name,
...
}:
let
inherit (lib) mkEnableOption mkOption remove;
inherit (lib.types)
attrs
attrsOf
listOf
str
submodule
;
cfg = config.dgn-backups;
homes = {
compute01 = "/data/slow/bupstash";
geo01 = "/data/bupstash";
geo02 = "/data/bupstash";
storage01 = "/data/slow/bupstash";
};
starts = {
compute01 = "*-*-* *:38:00";
storage01 = "*-*-* *:21:00";
web01 = "*-*-* *:47:00";
};
mkJobs = builtins.mapAttrs (
_:
{ to, settings }:
{
startAt = starts.${name};
key = config.age.secrets."bupstash-put_key".path;
repositoryCommands = lib.extra.mapSingleFuse (
host: "ssh -i /etc/ssh/ssh_host_ed25519_key bupstash-repo@${host}.dgnum"
) to;
}
// settings
);
in
{
options.dgn-backups = {
enable = mkEnableOption "DGNum backup service.";
postgresDatabases = mkOption {
type = listOf str;
default = [ ];
description = ''
List of postgres databases to dump into bupstash.
'';
};
jobs = mkOption {
type = attrsOf (submodule {
options = {
to = mkOption {
type = listOf str;
default = remove name [
"compute01"
"geo01"
"geo02"
"storage01"
];
description = "Hosts to send the backups to.";
};
settings = mkOption {
type = attrs;
default = { };
description = "Base bupstash job config.";
};
};
});
default = { };
description = "List of bupstash jobs.";
};
};
config = {
dgn-backups.jobs = lib.extra.mapFuse (db: {
"${db}-db".settings = {
user = "postgres";
command = [
"${lib.getExe' config.services.postgresql.package "pg_dump"}"
db
];
};
}) cfg.postgresDatabases;
services.bupstash = {
repositories = {
inherit (cfg) enable;
home = homes.${name};
access = [
{
repo = "default";
keys = dgn-keys.getKeys [
"compute01"
"storage01"
"vault01"
"web01"
];
allowed = [ "put" ];
}
];
};
jobs = mkJobs cfg.jobs;
};
programs.ssh.knownHosts =
lib.extra.mapFuse (host: { "${host}.dgnum".publicKey = builtins.head dgn-keys._keys.${host}; })
[
"compute01"
"geo01"
"geo02"
"storage01"
];
};
}
Reference in a new issue View git blame Copy permalink