From c8a13555d8621e92329e5c2f88903236aa6cd5c3 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Tue, 3 May 2022 18:24:19 +0000
Subject: [PATCH] Back up a whole grid into one repository. Have much fewer
 configuration.

Spoiler:  This won't work, Borg does not guarantee consistency with
parallel writers to the same repo as I now found out.
---
 morph/grid/local/config.json                               | 1 +
 morph/grid/local/grid.nix                                  | 2 +-
 morph/grid/local/public-keys/borgbackup/storage1.repopath  | 1 -
 morph/grid/local/public-keys/borgbackup/storage2.repopath  | 1 -
 morph/grid/production/config.json                          | 1 +
 morph/grid/production/grid.nix                             | 2 +-
 .../production/public-keys/borgbackup/storage001.repopath  | 1 -
 .../production/public-keys/borgbackup/storage002.repopath  | 1 -
 .../production/public-keys/borgbackup/storage003.repopath  | 1 -
 .../production/public-keys/borgbackup/storage004.repopath  | 1 -
 .../production/public-keys/borgbackup/storage005.repopath  | 1 -
 morph/grid/testing/config.json                             | 1 +
 morph/grid/testing/grid.nix                                | 2 +-
 .../testing/public-keys/borgbackup/storage001.repopath     | 1 -
 morph/lib/base.nix                                         | 7 ++++++-
 morph/lib/borgbackup.nix                                   | 5 +++--
 16 files changed, 15 insertions(+), 14 deletions(-)
 delete mode 100644 morph/grid/local/public-keys/borgbackup/storage1.repopath
 delete mode 120000 morph/grid/local/public-keys/borgbackup/storage2.repopath
 delete mode 100644 morph/grid/production/public-keys/borgbackup/storage001.repopath
 delete mode 120000 morph/grid/production/public-keys/borgbackup/storage002.repopath
 delete mode 120000 morph/grid/production/public-keys/borgbackup/storage003.repopath
 delete mode 120000 morph/grid/production/public-keys/borgbackup/storage004.repopath
 delete mode 120000 morph/grid/production/public-keys/borgbackup/storage005.repopath
 delete mode 100644 morph/grid/testing/public-keys/borgbackup/storage001.repopath

diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 52809842..3f643ca9 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -11,4 +11,5 @@
     "http://localhost:5000"
   ]
 , "monitoringGoogleOAuthClientID": ""
+, "borgBackupRepoPath": "vjs989hy@vjs989hy.repo.borgbase.com:repo"
 }
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 088d9e8c..003f52a8 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -57,7 +57,7 @@ let
     grid = {
       publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
       privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
-      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
+      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
     };
     # Configure deployment management authorization for all systems in the grid.
     services.private-storage.deployment = {
diff --git a/morph/grid/local/public-keys/borgbackup/storage1.repopath b/morph/grid/local/public-keys/borgbackup/storage1.repopath
deleted file mode 100644
index 7e24d080..00000000
--- a/morph/grid/local/public-keys/borgbackup/storage1.repopath
+++ /dev/null
@@ -1 +0,0 @@
-vjs989hy@vjs989hy.repo.borgbase.com:repo
diff --git a/morph/grid/local/public-keys/borgbackup/storage2.repopath b/morph/grid/local/public-keys/borgbackup/storage2.repopath
deleted file mode 120000
index f8e96aa8..00000000
--- a/morph/grid/local/public-keys/borgbackup/storage2.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage1.repopath
\ No newline at end of file
diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 8cdeaab9..7d734e23 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -17,4 +17,5 @@
     "https://private.storage"
   ]
 , "monitoringGoogleOAuthClientID": "802959152038-klpkk38sfnqmknn1ucg7pvs4hcc2k8ae.apps.googleusercontent.com"
+, "borgBackupRepoPath": "still-to@fill-in.repo.borgbase.com:repo"
 }
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 06fe07f8..2e9a1029 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -19,7 +19,7 @@ let
     grid = {
       publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
       privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
-      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
+      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
     };
     # Configure deployment management authorization for all systems in the grid.
     services.private-storage.deployment = {
diff --git a/morph/grid/production/public-keys/borgbackup/storage001.repopath b/morph/grid/production/public-keys/borgbackup/storage001.repopath
deleted file mode 100644
index 8ab7655f..00000000
--- a/morph/grid/production/public-keys/borgbackup/storage001.repopath
+++ /dev/null
@@ -1 +0,0 @@
-tqxc4i79@tqxc4i79.repo.borgbase.com:repo
diff --git a/morph/grid/production/public-keys/borgbackup/storage002.repopath b/morph/grid/production/public-keys/borgbackup/storage002.repopath
deleted file mode 120000
index 30741301..00000000
--- a/morph/grid/production/public-keys/borgbackup/storage002.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage003.repopath b/morph/grid/production/public-keys/borgbackup/storage003.repopath
deleted file mode 120000
index 30741301..00000000
--- a/morph/grid/production/public-keys/borgbackup/storage003.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage004.repopath b/morph/grid/production/public-keys/borgbackup/storage004.repopath
deleted file mode 120000
index 30741301..00000000
--- a/morph/grid/production/public-keys/borgbackup/storage004.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage005.repopath b/morph/grid/production/public-keys/borgbackup/storage005.repopath
deleted file mode 120000
index 30741301..00000000
--- a/morph/grid/production/public-keys/borgbackup/storage005.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/testing/config.json b/morph/grid/testing/config.json
index ba48a27d..914ffd44 100644
--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -18,4 +18,5 @@
   , "https://privatestorage-staging.com"
   ]
 , "monitoringGoogleOAuthClientID": "802959152038-6esn1c6u2lm3j82lf29jvmn8s63hi8dc.apps.googleusercontent.com"
+, "borgBackupRepoPath": "tqxc4i79@tqxc4i79.repo.borgbase.com:repo"
 }
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index c033da12..65adee9f 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -19,7 +19,7 @@ let
     grid = {
       publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
       privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
-      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
+      inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
     };
     # Configure deployment management authorization for all systems in the grid.
     services.private-storage.deployment = {
diff --git a/morph/grid/testing/public-keys/borgbackup/storage001.repopath b/morph/grid/testing/public-keys/borgbackup/storage001.repopath
deleted file mode 100644
index 8ab7655f..00000000
--- a/morph/grid/testing/public-keys/borgbackup/storage001.repopath
+++ /dev/null
@@ -1 +0,0 @@
-tqxc4i79@tqxc4i79.repo.borgbase.com:repo
diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index 41734977..bfaa4f48 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -30,7 +30,6 @@
         The domain name and port of the monitoring VPN endpoint.
       '';
     };
-
     letsEncryptAdminEmail = lib.mkOption {
       type = lib.types.str;
       description = ''
@@ -38,6 +37,12 @@
         certificate issuance.
       '';
     };
+    borgBackupRepoPath = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        The Borg backup repository shared between all nodes of one grid.
+      '';
+    };
   };
 
   # Any extra NixOS modules to load on all our servers.  Note that just
diff --git a/morph/lib/borgbackup.nix b/morph/lib/borgbackup.nix
index 229dc218..9d17629d 100644
--- a/morph/lib/borgbackup.nix
+++ b/morph/lib/borgbackup.nix
@@ -6,7 +6,7 @@
 { lib, config, ...}:
 let
   cfg = config.services.private-storage.borgbackup;
-  inherit (config.grid) publicKeyPath privateKeyPath;
+  inherit (config.grid) publicKeyPath privateKeyPath borgBackupRepoPath;
 
   # Get a per-host number of hours to start the backup at a
   # time that should be "night" in most of the USA:
@@ -46,8 +46,9 @@ in {
     services.borgbackup.jobs = {
       daily = {
         paths = cfg.paths;
-        repo = lib.fileContents "${publicKeyPath}/borgbackup/${config.networking.hostName}.repopath";
         doInit = false;
+        repo = borgBackupRepoPath;
+        archiveBaseName = config.networking.hostName;
         encryption = {
           mode = "repokey-blake2";
           passCommand = "cat /run/keys/borgbackup/passphrase";
-- 
GitLab