From 04a0f8e9350d81b66fbcc3222dc3264d2951308c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Thu, 25 Jan 2024 14:48:17 +0200
Subject: [PATCH] fra1-a: backup e11sync

---
 flake.nix                              |  1 +
 hosts/fra1-a/configuration.nix         | 20 ++++++++++++++++++++
 secrets.nix                            |  1 +
 secrets/fra1-a/borgbackup-password.age | 13 +++++++++++++
 4 files changed, 35 insertions(+)
 create mode 100644 secrets/fra1-a/borgbackup-password.age

diff --git a/flake.nix b/flake.nix
index 9b576de..4b9aafe 100644
--- a/flake.nix
+++ b/flake.nix
@@ -224,6 +224,7 @@
             {
               age.secrets = {
                 zfs-passphrase-vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age;
+                borgbackup-password.file = ./secrets/fra1-a/borgbackup-password.age;
                 e11sync-secret-key.file = ./secrets/e11sync/secret-key.age;
                 motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
                 root-passwd-hash.file = ./secrets/root_passwd_hash.age;
diff --git a/hosts/fra1-a/configuration.nix b/hosts/fra1-a/configuration.nix
index 82ac267..41986d2 100644
--- a/hosts/fra1-a/configuration.nix
+++ b/hosts/fra1-a/configuration.nix
@@ -36,10 +36,30 @@
         root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
         motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
       };
+
       unitstatus = {
         enable = true;
         email = "motiejus+alerts@jakstys.lt";
       };
+
+      snapshot = {
+        enable = true;
+        mountpoints = ["/var/lib"];
+      };
+
+      zfsborg = {
+        enable = true;
+        passwordPath = config.age.secrets.borgbackup-password.path;
+        sshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
+        dirs = [
+          {
+            mountpoint = "/var/lib";
+            repo = "zh2769@zh2769.rsync.net:${config.networking.hostName}.${config.networking.domain}-var_lib";
+            paths = ["private/e11sync-backend"];
+            backup_at = "*-*-* 01:00:00 UTC";
+          }
+        ];
+      };
     };
 
     services = {
diff --git a/secrets.nix b/secrets.nix
index 6cc0d71..7672c09 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -37,6 +37,7 @@ in
   ]
   // mk ([fra1-a] ++ motiejus) [
     "secrets/vno1-oh2/zfs-passphrase.age"
+    "secrets/fra1-a/borgbackup-password.age"
     "secrets/e11sync/secret-key.age"
   ]
   // mk ([vno3-rp3b] ++ motiejus) [
diff --git a/secrets/fra1-a/borgbackup-password.age b/secrets/fra1-a/borgbackup-password.age
new file mode 100644
index 0000000..2e3b0eb
--- /dev/null
+++ b/secrets/fra1-a/borgbackup-password.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 qDkIVA 4eWKaOEipqD+wBm6LmkoK859W0rxuqOlHRhl1rqg214
+6iAPFM9dodI0DQH/mBMty6vYRYnj6d/VXd8JNBISSUk
+-> X25519 FQDerBkjJCkdAIOtC0Id6ICpyYHKvMZ7OJ81clYNJV4
+y9xXAiQnUGAuj2iUjenA198npAWkXoucn9e1DZgk7jw
+-> X25519 5B40eKXvnhKs2e4cAZVsWUmT6VnfWncsBHe8hqQ1N34
+Bu8cltpUTA8qwKXMs/+oHpA8dWpV39WBWr5Wjf3Dyxo
+-> piv-p256 +y2G/w A7itUCaM5PqCyjJTam00/My8kiNPLfqxAGx2AtfL/WjZ
+Q8hoFEsPFezWn5EIujJZmEeLCUkYb/v2l6ZZvweRris
+-> piv-p256 jNqd3A A/ujG5oTDZhsUlT6UPvVH189ea1YMsac2x67A04ZX20M
+QsgHXAIeUWZtTlzG6AKTBvjvgDPXIZUInGIA95jWmHg
+--- QNizHaPQcAJYZQSbbzSSLOF8Cxj/DlZsUkCO2kRsVtI
+Ré²ûûãÞ!äÇÅO¢ZÄˆðÖŸÏ„¿¸j(Eúˆ^®lh´ìQuõvélápž$
\ No newline at end of file