forked from DGNum/infrastructure
126 lines
2.5 KiB
Nix
126 lines
2.5 KiB
Nix
|
{
|
||
|
config,
|
||
|
lib,
|
||
|
name,
|
||
|
...
|
||
|
}:
|
||
|
|
||
|
let
|
||
|
inherit (lib) mkEnableOption mkOption remove;
|
||
|
|
||
|
inherit (lib.types)
|
||
|
attrs
|
||
|
attrsOf
|
||
|
listOf
|
||
|
str
|
||
|
submodule
|
||
|
;
|
||
|
|
||
|
cfg = config.dgn-backups;
|
||
|
|
||
|
homes = {
|
||
|
compute01 = "/data/slow/bupstash";
|
||
|
geo01 = "/data/bupstash";
|
||
|
geo02 = "/data/bupstash";
|
||
|
storage01 = "/data/slow/bupstash";
|
||
|
};
|
||
|
|
||
|
starts = {
|
||
|
compute01 = "*-*-* *:28:00";
|
||
|
};
|
||
|
|
||
|
mkJobs = builtins.mapAttrs (
|
||
|
_:
|
||
|
{ to, settings }:
|
||
|
{
|
||
|
startAt = starts.${name};
|
||
|
key = config.age.secrets."bupstash-put_key".path;
|
||
|
repositoryCommands =
|
||
|
lib.extra.mapSingleFuse (host: "ssh -i /etc/ssh/ssh_host_ed25519_key bupstash-repo@${host}.dgnum")
|
||
|
to;
|
||
|
}
|
||
|
// settings
|
||
|
);
|
||
|
|
||
|
mkPgJobs = lib.extra.mapFuse (db: { "pg-${db}" = { }; });
|
||
|
in
|
||
|
|
||
|
{
|
||
|
options.dgn-backups = {
|
||
|
enable = mkEnableOption "DGNum backup service.";
|
||
|
|
||
|
pgDumps = mkOption {
|
||
|
type = listOf str;
|
||
|
default = [ ];
|
||
|
description = ''
|
||
|
List of postgres databases to dump into bupstash.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
jobs = mkOption {
|
||
|
type = attrsOf (
|
||
|
submodule {
|
||
|
options = {
|
||
|
to = mkOption {
|
||
|
type = listOf str;
|
||
|
default = remove name [
|
||
|
"compute01"
|
||
|
"geo01"
|
||
|
"geo02"
|
||
|
"storage01"
|
||
|
];
|
||
|
description = "Hosts to send the backups to.";
|
||
|
};
|
||
|
|
||
|
settings = mkOption {
|
||
|
type = attrs;
|
||
|
default = { };
|
||
|
description = "Base bupstash job config.";
|
||
|
};
|
||
|
};
|
||
|
}
|
||
|
);
|
||
|
default = { };
|
||
|
description = "List of bupstash jobs.";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = {
|
||
|
services.bupstash = {
|
||
|
repositories = {
|
||
|
inherit (cfg) enable;
|
||
|
|
||
|
home = homes.${name};
|
||
|
|
||
|
access = [
|
||
|
{
|
||
|
repo = "default";
|
||
|
keys = lib.extra.getAllKeys (
|
||
|
# Nodes allowed to create backups
|
||
|
builtins.map (host: "machines/${host}") [
|
||
|
"compute01"
|
||
|
"storage01"
|
||
|
"vault01"
|
||
|
"web01"
|
||
|
]
|
||
|
);
|
||
|
allowed = [ "put" ];
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
|
||
|
jobs = (mkPgJobs cfg.pgDumps) // (mkJobs cfg.jobs);
|
||
|
};
|
||
|
|
||
|
programs.ssh.knownHosts =
|
||
|
lib.extra.mapFuse
|
||
|
(host: { "${host}.dgnum".publicKey = builtins.head (lib.extra.getKeys "machines/${host}"); })
|
||
|
[
|
||
|
"compute01"
|
||
|
"geo01"
|
||
|
"geo02"
|
||
|
"storage01"
|
||
|
];
|
||
|
};
|
||
|
}
|