2023-07-20 10:14:12 +02:00
|
|
|
{ pkgs, config, lib, ... }:
|
2023-07-19 15:46:49 +02:00
|
|
|
{
|
|
|
|
sops.secrets = {
|
|
|
|
"bacula/password".owner = "bacula";
|
|
|
|
"bacula/keypair".owner = "bacula";
|
|
|
|
"bacula/masterkey".owner = "bacula";
|
|
|
|
};
|
2024-01-07 01:16:37 +01:00
|
|
|
networking.firewall = {
|
|
|
|
extraInputRules = ''
|
2024-01-07 01:22:42 +01:00
|
|
|
ip saddr 10.144.0.11 tcp dport ${builtins.toString config.services.bacula-fd.port} accept comment "Only allow Bacula access from Abel"
|
2024-01-07 01:16:37 +01:00
|
|
|
'';
|
|
|
|
};
|
2023-07-19 15:46:49 +02:00
|
|
|
services.bacula-fd = {
|
|
|
|
enable = true;
|
|
|
|
name = "ifsr-quitte";
|
|
|
|
extraClientConfig = ''
|
|
|
|
Maximum Concurrent Jobs = 20
|
|
|
|
FDAddress = 141.30.30.169
|
|
|
|
PKI Signatures = Yes
|
|
|
|
PKI Encryption = Yes
|
|
|
|
PKI Keypair = ${config.sops.secrets."bacula/keypair".path}
|
|
|
|
PKI Master Key = ${config.sops.secrets."bacula/masterkey".path}
|
|
|
|
'';
|
|
|
|
extraMessagesConfig = ''
|
2023-07-19 15:56:07 +02:00
|
|
|
director = abel-dir = all, !skipped, !restored
|
2023-12-14 15:51:52 +01:00
|
|
|
mailcommand = "${pkgs.bacula}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
|
2023-07-22 13:24:48 +02:00
|
|
|
mail = root+backup = all, !skipped
|
2023-07-19 15:46:49 +02:00
|
|
|
'';
|
|
|
|
director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";
|
|
|
|
};
|
|
|
|
environment.etc."bacula/bconsole.conf".text = ''
|
|
|
|
Director {
|
|
|
|
Name = abel-dir
|
|
|
|
DIRport = 9101
|
|
|
|
address = 10.144.0.11
|
2023-07-19 15:56:07 +02:00
|
|
|
Password = @${config.sops.secrets."bacula/password".path}
|
2023-07-19 15:46:49 +02:00
|
|
|
}
|
|
|
|
Console {
|
|
|
|
Name = ifsr-quitte-console
|
2023-07-19 15:56:07 +02:00
|
|
|
Password = @${config.sops.secrets."bacula/password".path}
|
2023-07-19 15:46:49 +02:00
|
|
|
}
|
|
|
|
'';
|
|
|
|
}
|