self-hosting/modules/backup-job.nix

{ config, lib, pkgs, ... }:
with lib;
let cfg = config.custom.services.backup-job;
in {
  options.custom.services.backup-job = {
    enable = mkEnableOption "backup-job";

    additionalPaths = mkOption {
      type = with types; listOf path;
      default = [ ];
    };

    patterns = mkOption {
      type = with types; listOf str;
      default = [ ];
    };

    repoName = mkOption { type = types.str; };

    readWritePaths = mkOption {
      type = with types; listOf path;
      default = [ ];
    };

    preHook = mkOption {
      type = types.lines;
      default = "";
    };

    postHook = mkOption {
      type = types.lines;
      default = ''
        if [ $exitStatus -eq 0 ]; then
          touch /nix/var/data/backup/backup-ok
        fi
      '';
    };

    startAt = mkOption {
      type = with types; either str (listOf str);
      default = "03:30";
    };

    sshKey = mkOption { type = with types; path; };
  };

  config = mkIf cfg.enable {

    sops.secrets = {
      borgPassphrase = {
        owner = config.services.borgbackup.jobs.data.user;
        key = "borg/passphrase";
      };
    };

    services.borgbackup.jobs.data = {
      paths = [ "/nix/var/data" cfg.sshKey ] ++ cfg.additionalPaths;
      patterns = cfg.patterns;
      doInit = false;
      repo =
        "ssh://u348077@u348077.your-storagebox.de:23/home/repos/${cfg.repoName}";
      encryption = {
        mode = "repokey-blake2";
        passCommand = "cat ${config.sops.secrets.borgPassphrase.path}";
      };
      readWritePaths = cfg.readWritePaths;
      preHook = cfg.preHook;
      postHook = cfg.postHook;
      environment = { BORG_RSH = "ssh -i ${cfg.sshKey}"; };
      compression = "lz4";
      startAt = cfg.startAt;
      prune.keep = {
        within = "2d";
        daily = 14;
        weekly = 8;
        monthly = 12;
      };
    };
  };
}
Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`{ config, lib, pkgs, ... }:`
			`with lib;`
Move backup to Hetzner's storage box 2023-04-22 02:46:55 +02:00			`let cfg = config.custom.services.backup-job;`
			`in {`
Start migrating config to NixOS modules 2022-09-16 01:29:46 +02:00			`options.custom.services.backup-job = {`
			`enable = mkEnableOption "backup-job";`

Configure backup for Nextcloud 2021-07-17 01:02:26 +02:00			`additionalPaths = mkOption {`
			`type = with types; listOf path;`
			`default = [ ];`
			`};`

Move backup to Hetzner's storage box 2023-04-22 02:46:55 +02:00			`patterns = mkOption {`
			`type = with types; listOf str;`
			`default = [ ];`
			`};`

			`repoName = mkOption { type = types.str; };`

Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`readWritePaths = mkOption {`
Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`type = with types; listOf path;`
Reformat nix files 2021-07-16 03:09:29 +02:00			`default = [ ];`
Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`};`

Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`preHook = mkOption {`
Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`type = types.lines;`
			`default = "";`
			`};`

Configure Monit on all hosts 2021-12-27 05:28:51 +01:00			`postHook = mkOption {`
			`type = types.lines;`
Change backup user to borgbackup 2022-11-07 03:26:30 +01:00			`default = ''`
Fix wrong condition when checking backup status 2022-11-07 14:57:49 +01:00			`if [ $exitStatus -eq 0 ]; then`
Change backup user to borgbackup 2022-11-07 03:26:30 +01:00			`touch /nix/var/data/backup/backup-ok`
			`fi`
			`'';`
Configure Monit on all hosts 2021-12-27 05:28:51 +01:00			`};`

Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`startAt = mkOption {`
			`type = with types; either str (listOf str);`
			`default = "03:30";`
			`};`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
Move backup to Hetzner's storage box 2023-04-22 02:46:55 +02:00			`sshKey = mkOption { type = with types; path; };`
Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`};`

Start migrating config to NixOS modules 2022-09-16 01:29:46 +02:00			`config = mkIf cfg.enable {`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00
			`sops.secrets = {`
			`borgPassphrase = {`
			`owner = config.services.borgbackup.jobs.data.user;`
			`key = "borg/passphrase";`
			`};`
			`};`
Start migrating config to NixOS modules 2022-09-16 01:29:46 +02:00
Reformat nix files 2021-07-16 03:09:29 +02:00			`services.borgbackup.jobs.data = {`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`paths = [ "/nix/var/data" cfg.sshKey ] ++ cfg.additionalPaths;`
Move backup to Hetzner's storage box 2023-04-22 02:46:55 +02:00			`patterns = cfg.patterns;`
Reformat nix files 2021-07-16 03:09:29 +02:00			`doInit = false;`
Move backup to Hetzner's storage box 2023-04-22 02:46:55 +02:00			`repo =`
			`"ssh://u348077@u348077.your-storagebox.de:23/home/repos/${cfg.repoName}";`
Reformat nix files 2021-07-16 03:09:29 +02:00			`encryption = {`
			`mode = "repokey-blake2";`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`passCommand = "cat ${config.sops.secrets.borgPassphrase.path}";`
Reformat nix files 2021-07-16 03:09:29 +02:00			`};`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`readWritePaths = cfg.readWritePaths;`
			`preHook = cfg.preHook;`
Configure Monit on all hosts 2021-12-27 05:28:51 +01:00			`postHook = cfg.postHook;`
Start migration to NixOS for storage1 2021-11-29 02:04:29 +01:00			`environment = { BORG_RSH = "ssh -i ${cfg.sshKey}"; };`
Reformat nix files 2021-07-16 03:09:29 +02:00			`compression = "lz4";`
			`startAt = cfg.startAt;`
			`prune.keep = {`
			`within = "2d";`
			`daily = 14;`
			`weekly = 8;`
			`monthly = 12;`
			`};`
			`};`
Backup hcloud instances with borg 2021-07-15 23:46:01 +02:00			`};`
			`}`