diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix index e14067b..dd4aff0 100644 --- a/nixos/boxes/colony/default.nix +++ b/nixos/boxes/colony/default.nix @@ -138,6 +138,23 @@ in "serial-getty@ttyS0".enable = true; "serial-getty@ttyS1".enable = true; + rsync-lvm-meta = { + description = "rsync lvm metadata backups / archives to rsync.net"; + serviceConfig = { + Type = "oneshot"; + + # Only run when no other process is using CPU or disk + CPUSchedulingPolicy = "idle"; + IOSchedulingClass = "idle"; + }; + script = '' + ${pkgs.rsync}/bin/rsync -av --delete --delete-after \ + -e "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."colony/rsync.key".path}" \ + /etc/lvm/{archive,backup} zh2855@zh2855.rsync.net:colony/lvm/ + ''; + wantedBy = [ "borgthin-job-main.service" ]; + after = [ "borgthin-job-main.service" ]; + }; borgthin-rsync = { description = "rsync borgthin backups to rsync.net"; serviceConfig = { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index a53236f..1f62230 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -256,6 +256,18 @@ in my.tmproot.persistence.config.files = concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys; }) + (mkIf config.services.lvm.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/etc/lvm/archive"; + mode = "0700"; + } + { + directory = "/etc/lvm/backup"; + mode = "0700"; + } + ]; + }) (mkIf (config.security.acme.certs != { }) { my.tmproot.persistence.config.directories = [ {