setup backups for mail

author: Max Audron <audron@cocaine.farm> 2026-01-07 15:28:01 +0100
committer: Max Audron <audron@cocaine.farm> 2026-01-07 15:28:01 +0100
commit: 84739ac2345265e518a50bc2e9a239eb442e6e22 (patch)
tree: e289c856e5465f0c713e97a0ba86e1f734c3484e /machines/mail/default.nix
parent: add kopia module (diff)
1 files changed, 72 insertions, 13 deletions
diff --git a/machines/mail/default.nix b/machines/mail/default.nix
index 36de86e..a08d419 100644
--- a/machines/mail/default.nix
+++ b/machines/mail/default.nix
@@ -1,6 +1,12 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 
-let endpoint = "2a01:4f8:1c1c:3ce7::1";
+let
+  endpoint = "116.203.26.228";
 in
 {
   networking = {
@@ -10,21 +16,36 @@ in
     interfaces.eth0 = {
       ipv4 = {
         addresses = [
-          { address="116.203.26.228"; prefixLength=32; }
+          {
+            address = "116.203.26.228";
+            prefixLength = 32;
+          }
         ];
 
         routes = [
-          { address = "172.31.1.1"; prefixLength = 32; }
+          {
+            address = "172.31.1.1";
+            prefixLength = 32;
+          }
         ];
       };
       ipv6 = {
         addresses = [
-          { address="2a01:4f8:1c1c:3ce7::1"; prefixLength=64; }
-          { address="fe80::9000:6ff:fe53:14ce"; prefixLength=64; }
+          {
+            address = "2a01:4f8:1c1c:3ce7::1";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::9000:6ff:fe53:14ce";
+            prefixLength = 64;
+          }
         ];
-        
+
         routes = [
-          { address = "fe80::1"; prefixLength = 128; }
+          {
+            address = "fe80::1";
+            prefixLength = 128;
+          }
         ];
       };
     };
@@ -36,16 +57,54 @@ in
     };
   };
 
-  pubKey =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwt+/sB77NZnjwqgwtkcqKsIYyMnYh5qlqYoY9dLEd";
+  pubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPVwt+/sB77NZnjwqgwtkcqKsIYyMnYh5qlqYoY9dLEd";
 
   wireguard = {
     enable = true;
     inherit endpoint;
-    v4 = { address = "10.10.0.6"; };
-    v6 = { address = "6"; };
+    v4 = {
+      address = "10.10.0.6";
+    };
+    v6 = {
+      address = "6";
+    };
     publicKey = "lk0mN1R5Uf5iwvWe/4mOmrMap7xtsieQaJSHcXQ7+VY=";
-    allowedIPs = [];
+    allowedIPs = [ ];
+  };
+
+  services.kopia = {
+    enable = true;
+    instances = {
+      b2 = {
+        enable = true;
+        environmentFile = config.secrets.b2.dest;
+        repository.b2.bucket = "mail-vapor-systems";
+
+        snapshots = {
+          schedule = "daily";
+          paths = [
+            "/var/lib/stalwart-mail"
+          ];
+        };
+
+        policy = [{
+          retention = {
+            keepLatest = 5;
+            keepDaily = 30;
+            keepWeekly = 4;
+            keepMonthly = 3;
+            keepAnnual = 0;
+          };
+        }];
+      };
+    };
+  };
+
+  secrets = {
+    b2 = {
+      source = ../../secrets/backup/mail.vapor.systems.env;
+      dest = "/etc/secrets/b2.env";
+    };
   };
 
   deploy = {
author	Max Audron <audron@cocaine.farm>	2026-01-07 15:28:01 +0100
committer	Max Audron <audron@cocaine.farm>	2026-01-07 15:28:01 +0100
commit	84739ac2345265e518a50bc2e9a239eb442e6e22 (patch)
tree	e289c856e5465f0c713e97a0ba86e1f734c3484e /machines/mail/default.nix
parent	add kopia module (diff)