fruitbasket/modules/bacula.nix

77 lines
2.3 KiB
Nix
Raw Normal View History

{ pkgs, config, lib, ... }:
with lib;
let
# We write a custom config file because the upstream config has some flaws
fd_cfg = config.services.bacula-fd;
fd_conf = pkgs.writeText "bacula-fd.conf" ''
Client {
Name = ${fd_cfg.name}
FDPort = ${toString fd_cfg.port}
WorkingDirectory = /var/lib/bacula
Pid Directory = /run
${fd_cfg.extraClientConfig}
}
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
Director {
Name = ${name}
Password = ${value.password}
Monitor = ${value.monitor}
}
'') fd_cfg.director)}
Messages {
Name = Standard;
syslog = all, !skipped, !restored
${fd_cfg.extraMessagesConfig}
}
'';
2023-07-20 23:38:03 +02:00
# AGDSN is running an outdated version that we have to comply to
bacula_package = (pkgs.bacula.overrideAttrs (old: rec {
version = "9.6.7";
src = pkgs.fetchurl {
url = "mirror://sourceforge/bacula/${old.pname}-${version}.tar.gz";
sha256 = "sha256-3w+FJezbo4DnS1N8pxrfO3WWWT8CGJtZqw6//IXMyN4=";
};
}));
in
2023-07-19 15:46:49 +02:00
{
sops.secrets = {
"bacula/password".owner = "bacula";
"bacula/keypair".owner = "bacula";
"bacula/masterkey".owner = "bacula";
};
2023-07-19 16:02:41 +02:00
networking.firewall.allowedTCPPorts = [ config.services.bacula-fd.port ];
networking.firewall.allowedUDPPorts = [ config.services.bacula-fd.port ];
2023-07-19 15:46:49 +02:00
services.bacula-fd = {
enable = true;
name = "ifsr-quitte";
extraClientConfig = ''
Maximum Concurrent Jobs = 20
FDAddress = 141.30.30.169
PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair = ${config.sops.secrets."bacula/keypair".path}
PKI Master Key = ${config.sops.secrets."bacula/masterkey".path}
'';
extraMessagesConfig = ''
2023-07-19 15:56:07 +02:00
director = abel-dir = all, !skipped, !restored
2023-07-19 15:46:49 +02:00
'';
director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";
};
environment.etc."bacula/bconsole.conf".text = ''
Director {
Name = abel-dir
DIRport = 9101
address = 10.144.0.11
2023-07-19 15:56:07 +02:00
Password = @${config.sops.secrets."bacula/password".path}
2023-07-19 15:46:49 +02:00
}
Console {
Name = ifsr-quitte-console
2023-07-19 15:56:07 +02:00
Password = @${config.sops.secrets."bacula/password".path}
2023-07-19 15:46:49 +02:00
}
'';
2023-07-20 23:38:03 +02:00
systemd.services.bacula-fd.serviceConfig.ExecStart = lib.mkForce "${bacula_package}/sbin/bacula-fd -f -u root -g bacula -c ${fd_conf}";
2023-07-19 15:46:49 +02:00
}