# nodes is all the nodes { lib, config, nodes, ...}: with lib; let cfg = config.services.skynet_backup; # since they should all have the same config we can do this base = { paths = cfg.normal.backups; exclude = cfg.normal.exclude; initialize = true; passwordFile = config.age.secrets.restic.path; pruneOpts = [ #"--keep-within 0y2m0d0h" #"--keep-monthly 2" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; RandomizedDelaySec = "5h"; }; }; # takes nodes, # for each check if iut has teh abckup attribute, # then if the server is enabled, # then pull relevant dtails ownServers = builtins.listToAttrs (builtins.concatLists ( lib.attrsets.mapAttrsToList (key: value: if ( (builtins.hasAttr "skynet_backup" value.config.services) && (value.config.services.skynet_backup.server.enable) && (!value.config.services.skynet_backup.server.appendOnly) ) then [ { name = value.config.services.skynet_backup.host.name; value = base // { repository = "rest:http://${value.config.services.skynet_backup.host.ip}:${value.config.services.skynet_backup.server.port}/${cfg.host.name}"; }; } ] else [ ] ) nodes )); in { imports = [ ]; # using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base # will eb enabled on every server options.services.skynet_backup = { # backup is enabled by default # enable = mkEnableOption "Skynet backup"; # what folders to backup normal = { backups = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; description = '' A list of paths to backup. ''; }; exclude = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; description = '' A list of paths to exclide . ''; }; }; # append only data so space limited secure = { backups = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; description = '' A list of paths to backup. ''; }; exclude = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; description = '' A list of paths to exclide . ''; }; }; host = { ip = mkOption { type = types.str; }; name = mkOption { type = types.str; }; }; server = { enable = mkEnableOption "Skynet backup Server"; port = mkOption { type = types.str; default = "8765"; }; appendOnly = mkOption { type = types.bool; default = false; }; }; }; config = { # these values are anabled for every client age.secrets.restic.file = ../secrets/backup/restic.age; # age.secrets.backblaze.file = ../secrets/backup/backblaze.age; services.restic.backups = ownServers // { # merge teh two configs together # backblaze = base // { # # backupos for each server are stored in a folder under their name # repository = "b2:NixOS-Main2:/${cfg.host.name}"; # #environmentFile = config.age.secrets.backblaze.path; # }; }; #age.secrets.restic_pw.file = mkIf cfg.server.enable ../secrets/backup/restic_pw.age; services.restic.server = mkIf cfg.server.enable{ enable = true; listenAddress = "${cfg.host.ip}:${cfg.server.port}"; appendOnly = cfg.server.appendOnly; #privateRepos = true; extraFlags = ["--no-auth"]; # }; # https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix #systemd.tmpfiles.rules = mkIf cfg.server.enable [ # "L+ ${config.services.restic.server.dataDir}/.htpasswd - - - - ${config.age.secrets.restic_pw.path}" #]; }; }