fruitbasket/modules/core/bacula.nix

48 lines
1.4 KiB
Nix
Raw Normal View History

2024-03-11 22:49:12 +01:00
{ pkgs, config, ... }:
2023-07-19 15:46:49 +02:00
{
sops.secrets = {
"bacula/password".owner = "bacula";
"bacula/keypair".owner = "bacula";
"bacula/masterkey".owner = "bacula";
};
networking.firewall = {
extraInputRules = ''
2024-01-07 01:22:42 +01:00
ip saddr 10.144.0.11 tcp dport ${builtins.toString config.services.bacula-fd.port} accept comment "Only allow Bacula access from Abel"
'';
};
2023-07-19 15:46:49 +02:00
services.bacula-fd = {
enable = true;
name = "ifsr-quitte";
extraClientConfig = ''
2024-09-10 20:29:52 +02:00
Comm Compression = no
2023-07-19 15:46:49 +02:00
Maximum Concurrent Jobs = 20
2024-12-08 13:04:18 +01:00
FDAddress = 141.30.30.194
2023-07-19 15:46:49 +02:00
PKI Signatures = Yes
PKI Encryption = Yes
PKI Keypair = ${config.sops.secrets."bacula/keypair".path}
PKI Master Key = ${config.sops.secrets."bacula/masterkey".path}
'';
extraMessagesConfig = ''
2023-07-19 15:56:07 +02:00
director = abel-dir = all, !skipped, !restored
2023-12-14 15:51:52 +01:00
mailcommand = "${pkgs.bacula}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
2023-07-22 13:24:48 +02:00
mail = root+backup = all, !skipped
2023-07-19 15:46:49 +02:00
'';
2024-06-16 18:12:57 +02:00
director."abel-dir" = {
password = "@${config.sops.secrets."bacula/password".path}";
tls.enable = false;
};
2023-07-19 15:46:49 +02:00
};
environment.etc."bacula/bconsole.conf".text = ''
Director {
Name = abel-dir
DIRport = 9101
address = 10.144.0.11
2023-07-19 15:56:07 +02:00
Password = @${config.sops.secrets."bacula/password".path}
2023-07-19 15:46:49 +02:00
}
Console {
Name = ifsr-quitte-console
2023-07-19 15:56:07 +02:00
Password = @${config.sops.secrets."bacula/password".path}
2023-07-19 15:46:49 +02:00
}
'';
}