From baf605fbe25db19a3d62fe5d953d69a5f691ab58 Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Tue, 31 Oct 2023 17:11:20 +0000
Subject: [PATCH] nixos/colony: Add rsync job for borgthin

---
 nixos/boxes/colony/default.nix | 33 +++++++++++---
 secrets/colony/rsync.key.age   | 82 ++++++++++++++++++++++++++++++++++
 2 files changed, 110 insertions(+), 5 deletions(-)
 create mode 100644 secrets/colony/rsync.key.age

diff --git a/nixos/boxes/colony/default.nix b/nixos/boxes/colony/default.nix
index 9051d42..883a841 100644
--- a/nixos/boxes/colony/default.nix
+++ b/nixos/boxes/colony/default.nix
@@ -92,6 +92,10 @@ in
           };
         };
 
+        programs.ssh.knownHostsFiles = [
+          lib.my.sshKeyFiles.rsyncNet
+        ];
+
         services = {
           fstrim = lib.my.colony.fstrimConfig;
           lvm = {
@@ -125,15 +129,33 @@ in
         ];
 
         systemd = {
-          services = {
-            "serial-getty@ttyS0".enable = true;
-            "serial-getty@ttyS1".enable = true;
-          };
-
           tmpfiles.rules = [
             "d /var/log/smartd 0755 root root"
           ];
 
+          services = {
+            "serial-getty@ttyS0".enable = true;
+            "serial-getty@ttyS1".enable = true;
+
+            borgthin-rsync = {
+              description = "rsync borgthin backups to rsync.net";
+              serviceConfig = {
+                Type = "oneshot";
+
+                # Only run when no other process is using CPU or disk
+                CPUSchedulingPolicy = "idle";
+                IOSchedulingClass = "idle";
+              };
+              script = ''
+                ${pkgs.rsync}/bin/rsync -av --delete --delete-after \
+                  -e "${pkgs.openssh}/bin/ssh -i ${config.age.secrets."colony/rsync.key".path}" \
+                  /mnt/backup/main/ zh2855@zh2855.rsync.net:borg/colony/
+              '';
+              wantedBy = [ "borgthin-job-main.service" ];
+              after = [ "borgthin-job-main.service" ];
+            };
+          };
+
           network = {
             links = {
               "10-wan0" = {
@@ -275,6 +297,7 @@ in
             key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIijqzAWF6OxKr4aeCa1TAc5xGn4rdIjVTt0wAPU6uY";
             files = {
               "colony/borg-pass.txt" = {};
+              "colony/rsync.key" = {};
             };
           };
 
diff --git a/secrets/colony/rsync.key.age b/secrets/colony/rsync.key.age
new file mode 100644
index 0000000..5482949
--- /dev/null
+++ b/secrets/colony/rsync.key.age
@@ -0,0 +1,82 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGo2N0ZYUSB2em85
+Qk1UN3VxWXJCV2xVRnpxSEhDTmttQXljMStlZlhmQ2t1Qi9VbEh3CmpXU05vNVVr
+a1NxV28vYlRKczRSQVBSSmwyWFpLRW5xMndVTkF0UnprY2sKLT4gWDI1NTE5IDdK
+V21PeXRQODE1UWYxYmI2VmN2aGlOWVMzSWY3aEtkdlNtSkphVEdBMWMKQ0V0N2Vn
+WEU5cnRuNFRjNVYxYWNzTjlZUmx0ci9VdTBERHVRSlErTjY5dwotPiA+fGZXKnxC
+LS1ncmVhc2UgOnZeIGRnSytTMn4yIDh9PGR+TlswCm9xODRucm1RYTlEZklkcEdO
+RmR0L1BwTzdCSG9NR0sxcUV2Wm5uT3lia2FuTXA5M2VhQVZRaTF3NEZXckFiWTUK
+dXlXNWtHWUY4THN0K3lRUmR4YkxwMHJhb1RZCi0tLSBBc1VRQWo2SjRFV3YvZ0NL
+eUNEeUQ5YzNlWU1LMUlOeWh1UHJVS3JBMFdjCruYC0f782So3smThuTgVCo7eZ4h
+LsHM6Ak+TWwLmyYiTvyGBopAYcQsoXogrV0lfHFDOJw4/PbsDzLsl5bUmmk5+YbT
+dJoNBFoxVxrQJGmwxNm6d8Dsd6dWP+sq9ETWD3aEh+erxfZiFoYEL88NuIRWy61t
+3VNyOsg2QduTpIsEtZnkrOMk3ZH5GF/EtTqyKaGlJCGBU9t1gsfrik4JReM01VqS
+BSV0b8+abrSc2oQIIxXQaq5+UFDXo7Cu6+hI7nuqCuHW+ckPVivHi4fqZI+ZWu5I
+HxQxUfH0B2tsllzdOkbw4TBv+uRFwS9HOiXpKx2dsITiSOtfD98ZFeb+lsnc0rpH
+sErWwwR/GxrRtRZ2U4cRB9lKMkXrd/6n2o4UqfropxC29C2pdPiZElNT3e91+0Zl
+MoPBF8eHBM0K1i7uhtZ2a3TJcqM7LOjWmeQDI11ZWcGPUqKyRDM5KjMX2UnCeqkb
+cJ35gPpkLeamTGmFjROlnYyqvQtnFu6J2gq8rus4btxI0P9lZ+vRr1jCFm5ZAi7o
+AFFj9wvg8oDxIPVKQ2HQRFH9BDYJ3pjQiXYf3TKDlaJD2BD6rrmGP+HzRPw1bgzu
+JS17pMY9rgMMnEOm9FadnYOBE2fESUktnd5wD9qcF4Szv86sl03kkte3bypgy/RN
+9X6+a/xEUAUzjlUZkZYIpGnO4tX+Q09xDhAU0POJUQ/bpI9nnEsdxGKxr+nA1r4C
+eTeg4M2epxEGWcOmUAHku2rWg5ou3U2kPdiNfl8XkiCMX2dVCcMF+VPLsaBj4V1T
+JEfXN9bACRhanm3q7xiWQiYtNrv8rCcJ3XZR+TZtTN0oIjdhpB8vCYc28f9upZ04
+W3Ki7D5M/B00RTT1klpYCwp2d+TrpCURJtAWOgW2LSINE1PlcdhmTFbMkPNsKJR8
+8NjYPGt6xkyKJUUaJ6/joQ3kXm5+eiKXY5ornpdgvk0Yjb8QVB5bAWPYHTjqMGRV
+8wZqlmUUB8yVxUTWOTCB8ngT8ys/YXElcdGGnjdmZRjN2CvAoJWLbw48SZdr+nuh
+f6CKctNPDM8Gfb4ULHApapd21L7wXqZC1yd0fsQ98jZdVUjNkrKVv1oVlAOjuMRr
+MTgiRE26MDdXlKVseMxDv/wEocmRxgOz1tBrw6FHnFCrFuvIuJ2UKO/0guTbMD+z
+iW+CeT81DlLik3NVgyfOz8j5AhEilxoRanF8Hacr+4RoLQCLZQYFGvzgtNIxMeRb
+2FAwDBk7mVcumiEqYWXBFGM/FGqxNXuKLird7x/R9PbBptBhF50E89L1yyOb4klo
+CIuEopydCtRD+WlmzxOYkCFph+oZpJmJb55Kq+i/Xmcjt7326055U5EhSo8wvT7b
+iIWC+qzSHDR3PSipe5XaivfavGULiFY6yz1i72FIncCR2g/KmrQP/BIkI9Nldoqa
+vsUGi+EhST28VG+HXa09O4R/JK/sgdQfolohG1XCRBIPn8GTJfPFDZ1CgK2RIRbl
+n9Az1u5HPc2t+Pz+UsyBDVb2Vmlmvbs3lX4EtzdGWOmBPtD735rmLre9Fu7jn/A6
+KwXyknlvV5OLh3nNTUUCHrGDREw51fhnOlD//YNY+copvfxtOXN8NvRabbD+d4hn
+K9jlqbxHBTKW+SxxAI1l+z8Eujd/nB2ISmiM8Nf7/U2L5TavMLJ3BFGL7i8ktFFm
+a9JNPjxWDtIJLK7TrjLpFM/Kw6jFdsP70oZ+elN892NPsCZF712D56KbvW4ga+Zy
+uwxk/FoY7mOYZFMbNXuPg1gcVBxT/TklPrMK1Nd9qkuMIcg1rnmr/HsuoqaPfsxq
+zG+86LDx1jwFNtllpUqf6Cyr6akxlvOofSi0HHut1qcsHWqBxzkC/TdO3rc2nt9T
+hodHQrOg3XXuNaNtrmmAxMJmr0qbtftMxUxSjA406QfoOaTe41YYlRLWcrR4UM2S
+APTQEBiqCzlItGbXVBjFfJMdMRue/yDXbz6ggCTRlOMjuGLP6+lLuois+nY/BSNi
+zhTD6iEdCmLZ/AlQZBs2ZoLicFPsArqP7TXjKlY6GcHFyoWJGfdINlYniGgX4zk4
+UO9pgNtkI1PIMRIDTIVMkFp0FAdbcnY6NMTyJBZR1fxS7WPiWcLEhd4u3XWlCt3c
+i2G7D5hnVC4ZnJWj671dnQgKdWAS+Y1UcjrmhvfYzi1k/qrN0HICxk7Nde4QJxUZ
+NgO6CATuSzUXa1kq1IK1S73FBWrxhbV540N76ws512fWHK2vISHGi1TK546FXtZD
+lpkbjr564pjqL01Y8HwehW2Q8y80YQ8T64/VTwSzVi4dQKTI0ZnqPRHGH7wg3Shw
+v1O6LOqO3r5XELziHxpFJSreEeEB5c4rqxPQjl1WeOYBoChZS3JHwEMeT2UAzXVv
+L0Y+qoa0pB0lwDZm4LR2h4UWLWaJSEj2BqBihVBmGH0s/umou+LztWkVA+vYVyDF
+rU9bIXpdYm1zTYuyB3DHJVXkDQJwsjfQhpe4Kcd79pdPH9pudnMQliVQMuzoD8R3
+dAzP/SU/5i5t8aQPOkStzJXE0nZe1bHrY+/9Cmq//n7zIRall8GVMJ5LBwbg3qex
+OHViAM/+VI6UOwB3FjGbCJTP3wX0y08bxM9klvVOi0gVQkEF058A6Ir18Tfo9Vho
+fcjJEaYHacB+oVE7/Gwz35mTOvDzkTRlfHVjbcxzLQ0UJJzY7hZl0tXviK1cphiP
+rSQqwaaxp0uZCrOiQkMrwS1X3RZ5MqIJ2B34y/rSnwU6kJyx5uD0rIslZgohmNx0
+oOCDQgfh13O2SVMNYDMrpIeFQtksMN9TEmRu5bzZwo/lmf/9DjZmDe3aDqlf4wuI
+PO7Qt2vmPHcgC7aQ5fqQYzFtYko86FrRLc/ih1Jto+tfnqt/mD1kCLi/w2dhqKu3
+E1FWKmc1jzL6/K5sPxHHSaYjmJB4YqQ5VzmhV23uzyydarySDO+atM8UkaC/FIvX
+uV/LrLBDxXAmuuV5493ga4Lo+EWraqeuCWcA+kofqrN7ChH4hQnGQF9IAwhqaOzQ
+DSCrnL6Ame3W1nhJrQmzm7ACtowyFmTL6BVtnPNnHTEeirrKZzrtpEk9tm9GsMxT
+DxmUqWk7A0s6nBiQ+Z9oCFyCAsLaXUPIIxfyhirp+S5yyhKrkgy2rBGeKIXi+jmp
+WSARJVaFCqkaRYqJdnm4mB8haXSNyHLqFSYxwijr+1uAuD7GkXhbFztv6bvKC0yN
+mbCTQJT+tn0ixOTUb6w+EYftekpg3sLuxrIlfBBUBBUde2ZqZtqZ8hCUBoYDgovk
+Ka4eXTfFwxhy0efC3DAjXwlvCXjRH5dF5Opw5PdQjt7sPD1qHYb0g+YcspNNOOMm
+cK0mBD2atI/TRA+JAHzTD7yL8t3XP6QA/ELvDpdtRkmVRhJk2vfDMF4NVwfjYWqc
+RBBFozGx1yffVoRn4ZZfvdITelxotwidMBpZ2ene+Q9Qj47szfKm147EqFqZq5ZZ
+5b7asWfCd3K9M4mYGy3lqtckbNEEFWRHXxiCObIRC3GRJ3rGWRWx5BRclGAeFHqd
+eFANicRCHuTvgRI8JtGk8wH6VJC1oHAL0f2GnqNY0ve206+pKMuqcpxqP5VPI2EW
+eIlqiGL3zDuJFsyjOEVpt8adEo0Ks2IV4Wc7zn3dtVMRn5VBuXlLF5/8/bYJZEOM
+YgW6l2O5ABaY0Hrog0UqqdluvrPl7/qwmMFK8rHkv07n1N0EWRpBAdOXpgv28T2E
+r/5CWA5PIoX86WIOrFAklEg0pfwc/nMl4G22z4hVKeRcrXcSTJ/hpicjajEVre36
+VMYOyc+/4CXoJ9rL/kdSJ87zlOnejM+SBld1nTikRI3icG5ahX+WKOiEOEKkw0V0
+PQX/9W5l3v3g8O+4fbrjIpsnHfdaQE+X1Rfju+EQ//IdWj3Uiaph+OXgCX6tr4r1
+c5DhsAl4tRhzgHQHeHXPqb89B6mf5FuCDiKmUNYl92vxn8+AUHiCah/n3Jf97Ny7
+2lliV8bKL3XoioKrC92+942TP25l0ufbbxekYfKnmXMmSf6aLx1vY4cj4OjkJU4T
+UZVWnh4w7P5LzoEMZCoLHBzBIEa/puUaAL5vCPefaXekBKEiAnl+LQh6//kTAFRK
+XKgoU3BAIy6D8exVdkniva6kVbQ+0mMROywSJ3P2QrCNr/Kid0js/46m5qUpgJKp
+m+SnkdmALU6vIPEORnqSEa/Ku2s/kOdUwm9vJPdD21chLCXVwDPmyj1ZNmIiQB9Y
+EULpw6z1Sg24awXuiTKkhIpJhm6CalOhTNkeLrU1W1Q3zaq1oVWkCLCsukhZk4xk
+jugqrDYRPPv6qQj9dr6sF0SKe/2hfIXCve9yeHU6jhp8PaBNp73EErsjdkbt/FOm
+fbr85mqB7ZvXf0My9joxZLKp7ajarwsFxSggthekLdYwlLm8gSGqYRk2AkvYa5E0
+WGZsi+DM1FvsA+St3m3znaHyQKKRxMlcNwaMWP0TJCuWUj0DTIWHvjjLKr6dJshM
+nrVMBlK1X7TO5QQh1+r10gcMy2o1
+-----END AGE ENCRYPTED FILE-----