hosts/db-mdb11: use borg-config module

2025-08-25 20:41:26 -07:00
parent 1fa7d17751
commit f0d84f8758
1 changed files with 18 additions and 75 deletions
--- a/hosts/db-mdb11/default.nix
+++ b/hosts/db-mdb11/default.nix
@@ -29,84 +29,27 @@ in
  sops.secrets."mariadb_databases/bookstack" = { };
  sops.secrets."mariadb_databases/hortusfox" = { };

-  services.borgmatic = {
+  borg-config = {
    enable = true;
-    enableConfigCheck = true;

-    configurations = {
-      local = {
-        repositories = [
-          {
-            label = backupLabel;
-            path = "ssh://borg@borg-01.tail755c5.ts.net/./";
-          }
-        ];
-        encryption_passcommand = ''cat ${config.sops.secrets."borgmatic_pass/local".path}'';
+    backupLabel = "mariadb";
+    localRepoPath = "ssh://borg@borg-01.tail755c5.ts.net/./";
+    remoteRepoPath = "ssh://fm1833@fm1833.rsync.net/./databases/db-mdb11";
+    hcPingUrlLocal = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-databases-db-mdb11";
+    hcPingUrlRemote = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-databases-db-mdb11-remote";

-        mariadb_databases = [
-          {
-            name = "bookstackapp";
-            username = "bookstack";
-            password = ''{credential file ${config.sops.secrets."mariadb_databases/bookstack".path}}'';
-          }
-          {
-            name = "hortusfox";
-            username = "hortusfox";
-            password = ''{credential file ${config.sops.secrets."mariadb_databases/hortusfox".path}}'';
-          }
-        ];
-
-        keep_daily = 7;
-        keep_weekly = 4;
-        keep_monthly = 12;
-        keep_yearly = 3;
-
-        unknown_unencrypted_repo_access_is_ok = false;
-
-        ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
-
-        healthchecks = {
-          ping_url = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-databases-db-mdb11";
-        };
-      };
-      remote = {
-        repositories = [
-          {
-            label = backupLabel;
-            path = "ssh://fm1833@fm1833.rsync.net/./databases/db-mdb11";
-          }
-        ];
-        encryption_passcommand = ''cat ${config.sops.secrets."borgmatic_pass/remote".path}'';
-
-        mariadb_databases = [
-          {
-            name = "bookstackapp";
-            username = "bookstack";
-            password = ''{credential file ${config.sops.secrets."mariadb_databases/bookstack".path}}'';
-          }
-          {
-            name = "hortusfox";
-            username = "hortusfox";
-            password = ''{credential file ${config.sops.secrets."mariadb_databases/hortusfox".path}}'';
-          }
-        ];
-
-        keep_daily = 7;
-        keep_weekly = 4;
-        keep_monthly = 12;
-        keep_yearly = 3;
-
-        unknown_unencrypted_repo_access_is_ok = false;
-
-        ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
-
-        remote_path = "borg14";
-
-        healthchecks = {
-          ping_url = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-databases-db-mdb11-remote";
-        };
-      };
-    };
+    mariadbDatabases = [
+      {
+        name = "bookstackapp";
+        username = "bookstack";
+        password = ''{credential file ${config.sops.secrets."mariadb_databases/bookstack".path}}'';
+      }
+      {
+        name = "hortusfox";
+        username = "hortusfox";
+        password = ''{credential file ${config.sops.secrets."mariadb_databases/hortusfox".path}}'';
+      }
+    ];
  };

  base.userSSHKeys = [