add borgstor

This commit is contained in:
Motiejus Jakštys 2023-09-11 15:51:33 +03:00
parent 377030d0c0
commit 866347b042
5 changed files with 43 additions and 2 deletions

View File

@ -10,6 +10,8 @@ rec {
# "upstream" user. We need a way to configure the uidgid,
# so creating users explicitly.
node_exporter = 503;
borgstor = 504;
};
ports = {

View File

@ -449,7 +449,6 @@
inotify = "yes";
};
};
};
systemd.services = {

View File

@ -62,6 +62,12 @@
services = {
node_exporter.enable = true;
borgstor = {
enable = true;
dataDir = "/data/borg";
sshKeys = [myData.hosts."vno1-oh2.servers.jakst".publicKey];
};
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;

View File

@ -0,0 +1,33 @@
{
config,
lib,
myData,
pkgs,
...
}: {
options.mj.services.borgstor = with lib.types; {
enable = lib.mkEnableOption "Enable borg storage user";
dataDir = lib.mkOption {type = path;};
sshKeys = lib.mkOption {type = listOf str;};
};
config = with config.mj.services.borgstor;
lib.mkIf enable {
users.users.borgstor = {
description = "Borg Storage";
home = dataDir;
useDefaultShell = true;
group = "borgstor";
isSystemUser = true;
createHome = false;
uid = myData.uidgid.borgstor;
openssh.authorizedKeys.keys =
map (
k: "command=\"${pkgs.borgbackup}/bin/borg serve --restrict-to-path ${dataDir}\",restrict ${k}"
)
sshKeys;
};
users.groups.borgstor.gid = myData.uidgid.borgstor;
};
}

View File

@ -5,6 +5,7 @@
...
}: {
imports = [
./borgstor
./deployerbot
./friendlyport
./gitea