Bacula sd
services.bacula-sd.autochanger
This option defines Autochanger resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.autochanger.<name>.changerCommand
The name-string specifies an external program to be called that will automatically change volumes as required by Bacula. Normally, this directive will be specified only in the AutoChanger resource, which is then used for all devices. However, you may also specify the different Changer Command in each Device resource. Most frequently, you will specify the Bacula supplied mtx-changer script as follows:
"/path/mtx-changer %c %o %S %a %d"
and you will install the mtx on your system (found in the depkgs release). An example of this command is in the default bacula-sd.conf file. For more details on the substitution characters that may be specified to configure your autochanger please see the AutochangersAutochangersChapter chapter of this manual. For FreeBSD users, you might want to see one of the several chio scripts in examples/autochangers.
Type: string
Default
"/etc/bacula/mtx-changer %c %o %S %a %d"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.autochanger.<name>.changerDevice
The specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource. This generic SCSI device name
should be specified if you have an autochanger or if you have a
standard tape drive and want to use the Alert Command (see below).
For example, on Linux systems, for an Archive Device name of
/dev/nst0, you would specify
/dev/sg0 for the Changer Device name. Depending
on your exact configuration, and the number of autochangers or the
type of autochanger, what you specify here can vary. This directive
is optional. See the Using AutochangersAutochangersChapter chapter of
this manual for more details of using this and the following
autochanger directives.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.autochanger.<name>.devices
Type: list of string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.autochanger.<name>.extraAutochangerConfig
Extra configuration to be passed in Autochanger directive.
Type: strings concatenated with "\n"
Default
""
Example
`#!nix ''
''`
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.device
This option defines Device resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.device.<name>.archiveDevice
The specified name-string gives the system file name of the storage
device managed by this storage daemon. This will usually be the
device file name of a removable storage device (tape drive), for
example /dev/nst0 or
/dev/rmt/0mbn. For a DVD-writer, it will be for
example /dev/hdc. It may also be a directory name
if you are archiving to disk storage. In this case, you must supply
the full absolute path to the directory. When specifying a tape
device, it is preferable that the "non-rewind" variant of the device
file name be given.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.device.<name>.extraDeviceConfig
Extra configuration to be passed in Device directive.
Type: strings concatenated with "\n"
Default
""
Example
'' LabelMedia = yes Random Access = no AutomaticMount = no RemovableMedia = no MaximumOpenWait = 60 AlwaysOpen = no''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.device.<name>.mediaType
The specified name-string names the type of media supported by this
device, for example, DLT7000. Media type names are
arbitrary in that you set them to anything you want, but they must be
known to the volume database to keep track of which storage daemons
can read which volumes. In general, each different storage type
should have a unique Media Type associated with it. The same
name-string must appear in the appropriate Storage resource
definition in the Director's configuration file.
Even though the names you assign are arbitrary (i.e. you choose the name you want), you should take care in specifying them because the Media Type is used to determine which storage device Bacula will select during restore. Thus you should probably use the same Media Type specification for all drives where the Media can be freely interchanged. This is not generally an issue if you have a single Storage daemon, but it is with multiple Storage daemons, especially if they have incompatible media.
For example, if you specify a Media Type of DDS-4
then during the restore, Bacula will be able to choose any Storage
Daemon that handles DDS-4. If you have an
autochanger, you might want to name the Media Type in a way that is
unique to the autochanger, unless you wish to possibly use the
Volumes in other drives. You should also ensure to have unique Media
Type names if the Media is not compatible between drives. This
specification is required for all devices.
In addition, if you are using disk storage, each Device resource will generally have a different mount point or directory. In order for Bacula to select the correct Device resource, each one must have a unique Media Type.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director
This option defines Director resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.monitor
If Monitor is set to no, this director will have
full access to this Storage daemon. If Monitor is set to
yes, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of "no", "yes"
Default
"no"
Example
"yes"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.password
Specifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls
TLS Options for the Director in this Configuration.
Type: submodule
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.allowedCN
Common name attribute of allowed peer certificates.
This directive is valid for a server and in a client context.
If this directive is specified, the peer certificate will be verified against this list.
In the case this directive is configured on a server side, the allowed
CN list will not be checked if services.bacula-sd.director.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s).
Multiple certificates are permitted in the file.
One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless
services.bacula-sd.director.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-sd.director.false in the corresponding server context.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.enable
Specifies if TLS should be enabled.
If this set to false TLS will be completely disabled, even if services.bacula-sd.director.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-sd.director.yes.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-sd.director.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.director.<name>.tls.verifyPeer
Verify peer certificate.
Instructs server to request and verify the client's X.509 certificate.
Any client certificate signed by a known-CA will be accepted.
Additionally, the client's X509 certificate Common Name must meet the value of the Address directive.
If services.bacula-sd.director.
Standard from Bacula is true.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.enable
Whether to enable Bacula Storage Daemon.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.extraMessagesConfig
Extra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default
""
Example
'' console = all''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.extraStorageConfig
Extra configuration to be passed in Storage directive.
Type: strings concatenated with "\n"
Default
""
Example
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30;''
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.name
Specifies the Name of the Storage daemon.
Type: string
Default
"${config.networking.hostName}-sd"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.port
Specifies port number on which the Storage daemon listens for Director connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
9103
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls
TLS Options for the Storage Daemon. Important notice: The backup won't be encrypted.
Type: submodule
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.allowedCN
Common name attribute of allowed peer certificates. This directive is valid for a server and in a client context. If this directive is specified, the peer certificate will be verified against this list. In the case this directive is configured on a server side, the allowed CN list will not be checked if services.bacula-sd.tls.verifyPeer is false.
Type: list of string
Default
[ ]
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.caCertificateFile
The path specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless services.bacula-sd.tls.verifyPeer is false, and are always required in a client context.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.certificate
The full path to the PEM encoded TLS certificate.
It will be used as either a client or server certificate,
depending on the connection direction.
This directive is required in a server context, but it may
not be specified in a client context if services.bacula-sd.tls.verifyPeer is
false in the corresponding server context.
Type: null or path
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.enable
Specifies if TLS should be enabled.
If this set to false TLS will be completely disabled, even if services.bacula-sd.tls.require is true.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.key
The path of a PEM encoded TLS private key. It must correspond to the TLS certificate.
Type: path
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.require
Require TLS or TLS-PSK encryption.
This directive is ignored unless one of services.bacula-sd.tls.enable is true or TLS PSK Enable is set to yes.
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
will connect with other components either with or without TLS or TLS-PSK
If services.bacula-sd.tls.enable or TLS-PSK is enabled and TLS is required, then the Bacula component will refuse any connection request that does not use TLS.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix
services.bacula-sd.tls.verifyPeer
Verify peer certificate. Instructs server to request and verify the client's X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client's X509 certificate Common Name must meet the value of the Address directive. If services.bacula-sd.tls.allowedCN is used, the client's x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-sd.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true.
Type: null or boolean
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/backup/bacula.nix