tasks/backup-archive: format and refactor

2025-02-07 12:19:07 +00:00 · 2022-09-01 22:47:22 +08:00 · 2022-09-01 22:47:22 +08:00 · 91097f18df
commit 91097f18df
parent 33a090a73d
1 changed files with 46 additions and 37 deletions
--- a/modules/nixos/tasks/backup-archive/default.nix
+++ b/modules/nixos/tasks/backup-archive/default.nix
@ -36,28 +36,34 @@ let
    };
  };
-in {
+in
 {
  options.tasks.backup-archive.enable =
    lib.mkEnableOption "backup setup with BorgBackup";
  config = lib.mkIf cfg.enable {
-    sops.secrets = let
+    sops.secrets =
-      borgSecretsPath = key: "borg-backup/${key}";
+      let
-      getKey = key: {
+        getKey = key: {
-        inherit key;
+          inherit key;
-        sopsFile = lib.getSecret "backup-archive.yaml";
+          sopsFile = lib.getSecret "backup-archive.yaml";
-        name = borgSecretsPath key;
+        };
-      };
+        getSecrets = keys:
-      getSecrets = keys:
+          lib.listToAttrs (lib.lists.map
-        lib.listToAttrs (lib.lists.map (key: lib.nameValuePair (borgSecretsPath key) (getKey key)) keys);
+            (key:
-    in getSecrets [
+              lib.nameValuePair
-      "borg-patterns/home"
+                "borg-backup/${key}"
-      "borg-patterns/etc"
+                (getKey key))
-      "borg-patterns/keys"
+            keys);
-      "borg-patterns/remote-backup"
+      in
-      "ssh-key"
+      getSecrets [
-      "password"
+        "borg-patterns/home"
-    ];
+        "borg-patterns/etc"
        "borg-patterns/keys"
        "borg-patterns/remote-backup"
        "ssh-key"
        "password"
      ];
    profiles.filesystem = {
      archive.enable = true;
@ -65,37 +71,40 @@ in {
    };
    services.borgbackup.jobs = {
-      local-archive = borgJobCommonSetting {
+      local-archive = borgJobCommonSetting
-        patterns = with config.sops; [
+        {
-          secrets."borg-backup/borg-patterns/home".path
+          patterns = with config.sops; [
-          secrets."borg-backup/borg-patterns/etc".path
+            secrets."borg-backup/borg-patterns/home".path
-          secrets."borg-backup/borg-patterns/keys".path
+            secrets."borg-backup/borg-patterns/etc".path
-        ];
+            secrets."borg-backup/borg-patterns/keys".path
-      } // {
+          ];
        } // {
        doInit = false;
        removableDevice = true;
        repo = "/mnt/archives/backups";
        startAt = "daily";
      };
-      local-external-drive = borgJobCommonSetting {
+      local-external-drive = borgJobCommonSetting
-        patterns = with config.sops; [
+        {
-          secrets."borg-backup/borg-patterns/home".path
+          patterns = with config.sops; [
-          secrets."borg-backup/borg-patterns/etc".path
+            secrets."borg-backup/borg-patterns/home".path
-          secrets."borg-backup/borg-patterns/keys".path
+            secrets."borg-backup/borg-patterns/etc".path
-        ];
+            secrets."borg-backup/borg-patterns/keys".path
-      } // {
+          ];
        } // {
        doInit = false;
        removableDevice = true;
        repo = "/mnt/external-storage/backups";
        startAt = "daily";
      };
-      remote-borgbase = borgJobCommonSetting {
+      remote-borgbase = borgJobCommonSetting
-        patterns = with config.sops; [
+        {
-          secrets."borg-backup/borg-patterns/remote-backup".path
+          patterns = with config.sops; [
-        ];
+            secrets."borg-backup/borg-patterns/remote-backup".path
-      } // {
+          ];
        } // {
        repo = "r6o30viv@r6o30viv.repo.borgbase.com:repo";
        startAt = "daily";
        environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-backup/ssh-key".path}";