2021-07-15 23:46:01 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
with lib;
|
|
|
|
|
let
|
2022-09-16 01:29:46 +02:00
|
|
|
cfg = config.custom.services.backup-job;
|
2021-07-16 03:09:29 +02:00
|
|
|
in
|
|
|
|
|
{
|
2022-09-16 01:29:46 +02:00
|
|
|
options.custom.services.backup-job = {
|
|
|
|
|
enable = mkEnableOption "backup-job";
|
|
|
|
|
|
2021-07-17 01:02:26 +02:00
|
|
|
additionalPaths = mkOption {
|
|
|
|
|
type = with types; listOf path;
|
|
|
|
|
default = [ ];
|
|
|
|
|
};
|
|
|
|
|
|
2021-11-29 02:04:29 +01:00
|
|
|
readWritePaths = mkOption {
|
2021-07-15 23:46:01 +02:00
|
|
|
type = with types; listOf path;
|
2021-07-16 03:09:29 +02:00
|
|
|
default = [ ];
|
2021-07-15 23:46:01 +02:00
|
|
|
};
|
|
|
|
|
|
2021-11-29 02:04:29 +01:00
|
|
|
preHook = mkOption {
|
2021-07-15 23:46:01 +02:00
|
|
|
type = types.lines;
|
|
|
|
|
default = "";
|
|
|
|
|
};
|
|
|
|
|
|
2021-12-27 05:28:51 +01:00
|
|
|
postHook = mkOption {
|
|
|
|
|
type = types.lines;
|
2022-11-07 03:26:30 +01:00
|
|
|
default = ''
|
2022-11-07 14:57:49 +01:00
|
|
|
if [ $exitStatus -eq 0 ]; then
|
2022-11-07 03:26:30 +01:00
|
|
|
touch /nix/var/data/backup/backup-ok
|
|
|
|
|
fi
|
|
|
|
|
'';
|
2021-12-27 05:28:51 +01:00
|
|
|
};
|
|
|
|
|
|
2021-07-15 23:46:01 +02:00
|
|
|
startAt = mkOption {
|
|
|
|
|
type = with types; either str (listOf str);
|
|
|
|
|
default = "03:30";
|
|
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
|
|
|
|
|
sshKey = mkOption {
|
|
|
|
|
type = with types; path;
|
|
|
|
|
};
|
2021-07-15 23:46:01 +02:00
|
|
|
};
|
|
|
|
|
|
2022-09-16 01:29:46 +02:00
|
|
|
config = mkIf cfg.enable {
|
2021-11-29 02:04:29 +01:00
|
|
|
|
|
|
|
|
sops.secrets = {
|
|
|
|
|
borgPassphrase = {
|
|
|
|
|
owner = config.services.borgbackup.jobs.data.user;
|
|
|
|
|
key = "borg/passphrase";
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-09-16 01:29:46 +02:00
|
|
|
|
2021-07-16 03:09:29 +02:00
|
|
|
services.borgbackup.jobs.data = {
|
2021-11-29 02:04:29 +01:00
|
|
|
paths = [ "/nix/var/data" cfg.sshKey ] ++ cfg.additionalPaths;
|
2021-07-16 03:09:29 +02:00
|
|
|
doInit = false;
|
2022-11-07 03:26:30 +01:00
|
|
|
repo = "borgbackup@212.129.12.205:./";
|
2021-07-16 03:09:29 +02:00
|
|
|
encryption = {
|
|
|
|
|
mode = "repokey-blake2";
|
2021-11-29 02:04:29 +01:00
|
|
|
passCommand = "cat ${config.sops.secrets.borgPassphrase.path}";
|
2021-07-16 03:09:29 +02:00
|
|
|
};
|
2021-11-29 02:04:29 +01:00
|
|
|
readWritePaths = cfg.readWritePaths;
|
|
|
|
|
preHook = cfg.preHook;
|
2021-12-27 05:28:51 +01:00
|
|
|
postHook = cfg.postHook;
|
2021-11-29 02:04:29 +01:00
|
|
|
environment = { BORG_RSH = "ssh -i ${cfg.sshKey}"; };
|
2021-07-16 03:09:29 +02:00
|
|
|
compression = "lz4";
|
|
|
|
|
startAt = cfg.startAt;
|
|
|
|
|
prune.keep = {
|
|
|
|
|
within = "2d";
|
|
|
|
|
daily = 14;
|
|
|
|
|
weekly = 8;
|
|
|
|
|
monthly = 12;
|
|
|
|
|
};
|
|
|
|
|
};
|
2021-07-15 23:46:01 +02:00
|
|
|
};
|
|
|
|
|
}
|
