add borg-server
This commit is contained in:
parent
03b4802740
commit
0f1eba14b6
GPG Key ID:
4000EB35E1AE0F07
@ -52,6 +52,9 @@
|
|||||||
services.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
|
services.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path;
|
||||||
services.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de";
|
services.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de";
|
||||||
|
|
||||||
|
services.borg-server.enable = true;
|
||||||
|
services.borg-server.repositories.comfy-station.ssh_public_key = builtins.readFile (../../static/keys/ + "borg-jonas@comfy-station.pub");
|
||||||
|
|
||||||
# Allow unfree packages
|
# Allow unfree packages
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
|||||||
55
modules/services/borg-server.nix
Normal file
55
modules/services/borg-server.nix
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
cfg = config.services.borg-server;
|
||||||
|
in {
|
||||||
|
options.services.borg-server = {
|
||||||
|
enable = lib.mkEnableOption "Enable the borg server";
|
||||||
|
borg_user = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
example = "borg";
|
||||||
|
default = "borg";
|
||||||
|
description = "The user for the borg repository home.";
|
||||||
|
};
|
||||||
|
repositories_path = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
example = "/var/lib/borg-repositories";
|
||||||
|
default = "/var/lib/borg-repositories";
|
||||||
|
description = "The user for the borg repository home.";
|
||||||
|
};
|
||||||
|
repositories = lib.mkOption {
|
||||||
|
type = lib.types.attrsOf (lib.types.submodule {
|
||||||
|
options = {
|
||||||
|
name = lib.mkOption {
|
||||||
|
type = lib.types.nullOr (lib.types.strMatching "^[a-zA-Z0-9._-]+$");
|
||||||
|
example = "borg-repo";
|
||||||
|
description = "The name of the borg repository. If null, use key of attrset";
|
||||||
|
};
|
||||||
|
ssh_public_key = lib.mkOption {
|
||||||
|
type = lib.types.singleLineStr;
|
||||||
|
example = "ssh-rsa AAAA...";
|
||||||
|
description = "The path to the public key for the borg repository.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
users.users.${cfg.borg_user} = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "Borg user";
|
||||||
|
home = cfg.repositories_path;
|
||||||
|
createHome = true;
|
||||||
|
extraGroups = ["borg"];
|
||||||
|
openSSH.authorizedKeys.keys = builtins.attrValues (
|
||||||
|
builtins.mapAttrs
|
||||||
|
(key: repo: "command=\"${pkgs.borg}/bin/borg serve --restrict-to-path=${cfg.repositories_path}/${repo.name or key}\", restrict ${repo.ssh_public_key}")
|
||||||
|
cfg.repositories
|
||||||
|
);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
1
static/keys/borg-jonas@comfy-station.pub
Normal file
1
static/keys/borg-jonas@comfy-station.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNYmQ4HspLsunLyryI/ZbX4tTuRI6cRv0n/ai6+DNCc borg@jroeger.de
|
||||||
1
static/keys/passgit-jonas@comfy-station.pub
Normal file
1
static/keys/passgit-jonas@comfy-station.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBodNTvEGT2J+w6qpJNvmwZuHCshzq2nwU92+VqRcyn4 jonas@comfy-station
|
||||||
Loading…
x
Reference in New Issue
Block a user