From 3a28291933d6634511fcfec0712cd0f96113fcd4 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 15 Jul 2023 14:51:11 +0100 Subject: [PATCH] backup: got it working for email + some improvements --- applications/email.nix | 14 +++++++------- applications/restic.nix | 32 +++++++++++++++++++++----------- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/applications/email.nix b/applications/email.nix index 9293279..621f21b 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -16,13 +16,6 @@ ./dns.nix ]; - /* - backups = [ - "/var/vmail" - "/var/dkim" - ]; - */ - options.services.skynet_email = { # options that need to be passed in to make this work @@ -94,6 +87,13 @@ }; config = mkIf cfg.enable { + services.skynet_backup = { + normal.backups = [ + "/var/vmail" + "/var/dkim" + ]; + host = { ip = cfg.host.ip; name = cfg.host.name; }; + }; age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; diff --git a/applications/restic.nix b/applications/restic.nix index ee858aa..1598acb 100644 --- a/applications/restic.nix +++ b/applications/restic.nix @@ -30,16 +30,20 @@ # then pull relevant dtails ownServers = builtins.listToAttrs (builtins.concatLists ( lib.attrsets.mapAttrsToList (key: value: + let + backup = value.config.services.skynet_backup; + in if ( (builtins.hasAttr "skynet_backup" value.config.services) - && (value.config.services.skynet_backup.server.enable) - && (!value.config.services.skynet_backup.server.appendOnly) + && backup.server.enable + && backup.host.name != cfg.host.name + && !backup.server.appendOnly ) then [ { - name = value.config.services.skynet_backup.host.name; + name = backup.host.name; value = base // { - repositoryFile = "/etc/skynet/restic/${value.config.services.skynet_backup.host.name}"; + repositoryFile = "/etc/skynet/restic/${backup.host.name}"; backupPrepareCommand = '' #!${pkgs.stdenv.shell} @@ -50,14 +54,13 @@ mkdir -p $baseDir cd $baseDir - #touch ${value.config.services.skynet_backup.host.name} - echo -n "rest:http://root:password@${value.config.services.skynet_backup.host.ip}:${value.config.services.skynet_backup.server.port}/root/${value.config.services.skynet_backup.host.name}" > ${value.config.services.skynet_backup.host.name} + echo -n "rest:http://root:password@${backup.host.ip}:${toString backup.server.port}/root/${cfg.host.name}" > ${backup.host.name} # read in teh password #PW = `cat ${config.age.secrets.restic.path}` line=$(head -n 1 ${config.age.secrets.restic.path}) - sed -i "s/password/$line/g" ${value.config.services.skynet_backup.host.name} + sed -i "s/password/$line/g" ${backup.host.name} ''; }; @@ -134,8 +137,8 @@ enable = mkEnableOption "Skynet backup Server"; port = mkOption { - type = types.str; - default = "8765"; + type = types.port; + default = 8765; }; appendOnly = mkOption { @@ -155,8 +158,15 @@ pkgs.restic ]; + # A list of all login accounts. To create the password hashes, use + # nix-shell -p apacheHttpd + # htpasswd -nbB "" "password" | cut -d: -f2 + age.secrets.restic.file = ../secrets/backup/restic.age; -# age.secrets.backblaze.file = ../secrets/backup/backblaze.age; + + networking.firewall.allowedTCPPorts = [ + cfg.server.port + ]; services.restic.backups = ownServers // { # merge teh two configs together @@ -179,7 +189,7 @@ services.restic.server = mkIf cfg.server.enable{ enable = true; - listenAddress = "${cfg.host.ip}:${cfg.server.port}"; + listenAddress = "${cfg.host.ip}:${toString cfg.server.port}"; appendOnly = cfg.server.appendOnly; privateRepos = true; };