Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions
nixos/applications/restic.nix
Brendan Golden 88353f3727 feat: added backup config 
(currently temp server, will be using hardware soon)
2023-06-23 23:52:31 +01:00

162 lines
4.2 KiB
Nix
Raw Blame History

# nodes is all the nodes
{ lib, config, nodes, ...}: with lib;
let
cfg = config.services.skynet_backup;
# since they should all have the same config we can do this
base = {
paths = cfg.normal.backups;
exclude = cfg.normal.exclude;
initialize = true;
passwordFile = config.age.secrets.restic.path;
pruneOpts = [
#"--keep-within 0y2m0d0h"
#"--keep-monthly 2"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "5h";
};
};
# takes nodes,
# for each check if iut has teh abckup attribute,
# then if the server is enabled,
# then pull relevant dtails
ownServers = builtins.listToAttrs (builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if (
(builtins.hasAttr "skynet_backup" value.config.services)
&& (value.config.services.skynet_backup.server.enable)
&& (!value.config.services.skynet_backup.server.appendOnly)
)
then [
{
name = value.config.services.skynet_backup.host.name;
value = base // {
repository = "rest:http://${value.config.services.skynet_backup.host.ip}:${value.config.services.skynet_backup.server.port}/${cfg.host.name}";
};
}
]
else [ ]
) nodes
));
in {
imports = [
];
# using https://github.com/greaka/ops/blob/818be4c4dea9129abe0f086d738df4cb0bb38288/apps/restic/options.nix as a base
# will eb enabled on every server
options.services.skynet_backup = {
# backup is enabled by default
# enable = mkEnableOption "Skynet backup";
# what folders to backup
normal = {
backups = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of paths to backup.
'';
};
exclude = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of paths to exclide .
'';
};
};
# append only data so space limited
secure = {
backups = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of paths to backup.
'';
};
exclude = lib.mkOption {
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
A list of paths to exclide .
'';
};
};
host = {
ip = mkOption {
type = types.str;
};
name = mkOption {
type = types.str;
};
};
server = {
enable = mkEnableOption "Skynet backup Server";
port = mkOption {
type = types.str;
default = "8765";
};
appendOnly = mkOption {
type = types.bool;
default = false;
};
};
};
config = {
# these values are anabled for every client
age.secrets.restic.file = ../secrets/backup/restic.age;
# age.secrets.backblaze.file = ../secrets/backup/backblaze.age;
services.restic.backups = ownServers // {
# merge teh two configs together
# backblaze = base // {
# # backupos for each server are stored in a folder under their name
# repository = "b2:NixOS-Main2:/${cfg.host.name}";
# #environmentFile = config.age.secrets.backblaze.path;
# };
};
#age.secrets.restic_pw.file = mkIf cfg.server.enable ../secrets/backup/restic_pw.age;
services.restic.server = mkIf cfg.server.enable{
enable = true;
listenAddress = "${cfg.host.ip}:${cfg.server.port}";
appendOnly = cfg.server.appendOnly;
#privateRepos = true;
extraFlags = ["--no-auth"];
#
};
# https://git.hrnz.li/Ulli/nixos/src/commit/5edca2dfdab3ce52208e4dfd2b92951e500f8418/profiles/server/restic.nix
#systemd.tmpfiles.rules = mkIf cfg.server.enable [
# "L+ ${config.services.restic.server.dataDir}/.htpasswd - - - - ${config.age.secrets.restic_pw.path}"
#];
};
}
Reference in a new issue View git blame Copy permalink