feat: backup client will now only run if there are items to backup.

Closes #54
This commit is contained in:
silver 2024-02-28 14:12:05 +00:00
parent a42ac52f9d
commit 90d8a105f7
2 changed files with 47 additions and 40 deletions

View file

@ -343,6 +343,8 @@ in {
}; };
config = lib.mkIf cfg.server.enable { config = lib.mkIf cfg.server.enable {
# services.skynet_backup.normal.backups = ["/etc/skynet/dns"];
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
"ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept" "ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept"

View file

@ -9,6 +9,8 @@
with lib; let with lib; let
cfg = config.services.skynet_backup; cfg = config.services.skynet_backup;
enable_client = cfg.normal.backups != null && cfg.normal.backups != [];
# since they should all have the same config we can do this # since they should all have the same config we can do this
base = { base = {
paths = cfg.normal.backups; paths = cfg.normal.backups;
@ -150,13 +152,36 @@ in {
}; };
}; };
config = { config =
{
# these values are anabled for every client # these values are anabled for every client
environment.systemPackages = with pkgs; [
environment.systemPackages = [ restic
# for flakes
pkgs.restic
]; ];
}
// mkIf cfg.server.enable {
networking.firewall.allowedTCPPorts = [
cfg.server.port
];
age.secrets.restic_pw = {
file = ../secrets/backup/restic_pw.age;
path = "${config.services.restic.server.dataDir}/.htpasswd";
symlink = false;
mode = "770";
owner = "restic";
group = "restic";
};
services.restic.server = {
enable = true;
listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
appendOnly = cfg.server.appendOnly;
privateRepos = true;
};
}
// mkIf enable_client {
# client stuff here
# A list of all login accounts. To create the password hashes, use # A list of all login accounts. To create the password hashes, use
# nix-shell -p apacheHttpd # nix-shell -p apacheHttpd
@ -164,10 +189,6 @@ in {
age.secrets.restic.file = ../secrets/backup/restic.age; age.secrets.restic.file = ../secrets/backup/restic.age;
networking.firewall.allowedTCPPorts = [
cfg.server.port
];
services.restic.backups = services.restic.backups =
ownServers ownServers
// { // {
@ -178,21 +199,5 @@ in {
# #environmentFile = config.age.secrets.backblaze.path; # #environmentFile = config.age.secrets.backblaze.path;
# }; # };
}; };
age.secrets.restic_pw = mkIf cfg.server.enable {
file = ../secrets/backup/restic_pw.age;
path = "${config.services.restic.server.dataDir}/.htpasswd";
symlink = false;
mode = "770";
owner = "restic";
group = "restic";
};
services.restic.server = mkIf cfg.server.enable {
enable = true;
listenAddress = "${cfg.host.ip}:${toString cfg.server.port}";
appendOnly = cfg.server.appendOnly;
privateRepos = true;
};
}; };
} }