33 current 2024-04-17 23:41:19 23.11.20240405.72da83d 6.1.84 *

2024-04-17 23:41:29 +02:00 · 2024-04-17 23:41:29 +02:00 · 948e70c783
commit 948e70c783
parent fa9beb8b1c
4 changed files with 127 additions and 0 deletions
--- a/home/jonas/borg.nix
+++ b/home/jonas/borg.nix
@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  defaultChecks = [
+    {
+      name = "repository";
+      frequency = "2 weeks";
+    }
+    {
+      name = "archives";
+      frequency = "4 weeks";
+    }
+    {
+      name = "data";
+      frequency = "6 weeks";
+    }
+    {
+      name = "extract";
+      frequency = "6 weeks";
+    }
+  ];
+  passwordFile = "${config.home.homeDirectory}/.config/borg/password";
+  encCmd = ''cat ${passwordFile}'';
+  repo = "ssh://borg.jroeger.de/comfy-station";
+in {
+  sops.secrets = {
+    "borg/password" = {
+      sopsFile = ../../secrets/jonas/borg.yaml;
+      key = "password";
+      path = passwordFile;
+    };
+  };
+
+  programs.borgmatic.enable = true;
+  programs.borgmatic.backups = {
+    workspaces = {
+      location = {
+        sourceDirectories = ["${config.xdg.userDirs.extraConfig.XDG_WORKSPACES_DIR}"];
+        repositories = [repo];
+        excludeHomeManagerSymlinks = true;
+      };
+      retention = {
+        keepDaily = 7;
+        keepHourly = 12;
+        keepWeekly = 4;
+        keepMonthly = 6;
+      };
+      storage = {
+        encryptionPasscommand = encCmd;
+      };
+      consistency.checks = defaultChecks;
+    };
+    media = {
+      location = {
+        sourceDirectories = [
+          "${config.xdg.userDirs.documents}"
+          "${config.xdg.userDirs.music}"
+          "${config.xdg.userDirs.pictures}"
+          "${config.xdg.userDirs.videos}"
+        ];
+        repositories = [repo];
+        excludeHomeManagerSymlinks = true;
+      };
+      retention = {
+        keepDaily = 7;
+        keepWeekly = 2;
+        keepMonthly = 6;
+      };
+      storage = {
+        encryptionPasscommand = encCmd;
+      };
+      consistency.checks = defaultChecks;
+    };
+    var = {
+      location = {
+        sourceDirectories = [
+          "${config.xdg.userDirs.desktop}"
+          "${config.xdg.userDirs.download}"
+        ];
+        repositories = [repo];
+        excludeHomeManagerSymlinks = true;
+      };
+      retention = {
+        keepDaily = 7;
+        keepWeekly = 2;
+        keepMonthly = 6;
+      };
+      storage = {
+        encryptionPasscommand = encCmd;
+      };
+      consistency.checks = defaultChecks;
+    };
+  };
+}
--- a/home/jonas/home.nix
+++ b/home/jonas/home.nix
@ -4,6 +4,7 @@
  ...
 }: rec {
  imports = [
+    ./borg.nix
    ./firefox.nix
    ./plasma.nix
    ./ssh.nix
@ -30,6 +31,13 @@
      "x-scheme-handler/unknown" = "firefox.desktop";
    };
  };
+  xdg.userDirs.enable = true;
+  xdg.userDirs.createDirectories = true;
+  xdg.userDirs.extraConfig = {
+    XDG_WORKSPACES_DIR = "${config.home.homeDirectory}/Workspaces";
+    XDG_NEXTCLOUD_DIR = "${config.home.homeDirectory}/Nextcloud";
+    XDG_NOTES_DIR = "${config.home.homeDirectory}/Notes";
+  };

  # This value determines the Home Manager release that your configuration is
  # compatible with. This helps avoid breakage when a new Home Manager release
--- a/hosts/comfy-station/configuration.nix
+++ b/hosts/comfy-station/configuration.nix
@ -51,6 +51,7 @@
    age
    alejandra
    borgbackup
+    borgmatic
    docker
    git
    ranger
--- a/secrets/jonas/borg.yaml
+++ b/secrets/jonas/borg.yaml
@ -0,0 +1,22 @@
+repo: ENC[AES256_GCM,data:iKiwwVmH0gZw0tp/MsJQWF6TGyFMc78Hs8h1Fnqz6CqfA8s=,iv:qTNERPdDipOrXefWqk9SKstVpsbgdXVUNtukSwmJ2r8=,tag:ojgzc9XKwq+4tRmFGq06Lg==,type:str]
+password: ENC[AES256_GCM,data:LnS0rAH30QfUukWnbP+xO49vVA==,iv:GCpxdZXtFGAsG6S/mw6s1aKUFa/v6Rt30crKIxLmv80=,tag:g4EcylWvtFZH0j1+uRnQEw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1expg8vyduf290pz7l4f3mjzvk9f0azfdn48pyjzs3m6p7v4qjq0qwtn36z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdXVISjczNFVHTW13WjFl
+            UjloRWU2clNBZk1zUlZyVklnb1AzUTBLaXdvClZCM1NybnNjQ3N1TGRVczJKTXFE
+            N3g5QmhxOCtZa3c5b2dGbnFVcVk5V3MKLS0tIGhocDQ4NWtOSTMyK3BxUlJqWHNG
+            OUFzQlZQWGQ5NXBCSWV3M0VYVk0raFEKMsWSxV4cmuRWvGswc7qwcFUcZxAB6YWg
+            55dc1Sj6AAhr17egQPQzEC72Mls5yZVN1ow0xPI2d13l1l7Q8Drq9Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-17T21:24:51Z"
+    mac: ENC[AES256_GCM,data:zSKO+eHwTv93fLlJa20Me57jv5hcWfDHnzcPaHrlZdb1Sdavf1ledaepPMifQO4hww5SzS6Uptuhkk9n+PSFrOt97jhzMB80aDmYZc5c0RR28fGu0onB4qEccSzCd9wR27JSgCyUnYAS1i3JtOp0pszs+PwQaX2NQPmH/HhhFXQ=,iv:grXkUh3VNE9zunXttKZ+2Mqjk4D7qnUIPUV/o6glHpI=,tag:4ECbvVPCz87D78y98r8Qmw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1