mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-01-31 16:57:55 +00:00
140 lines
3.8 KiB
Nix
140 lines
3.8 KiB
Nix
# It's a setup for my backup.
|
|
{ config, options, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.tasks.backup-archive;
|
|
|
|
borgJobCommonSetting = { patterns ? [ ] }: {
|
|
compression = "zstd,9";
|
|
dateFormat = "+%F-%H-%M-%S-%z";
|
|
doInit = true;
|
|
encryption = {
|
|
mode = "repokey-blake2";
|
|
passCommand = "cat ${config.sops.secrets.borg-password.path}";
|
|
};
|
|
extraCreateArgs = lib.concatStringsSep " "
|
|
(builtins.map (patternFile: "--patterns-from ${patternFile}") patterns);
|
|
extraInitArgs = "--make-parent-dirs";
|
|
|
|
# We're emptying them since we're specifying them all through the patterns file.
|
|
paths = [ ];
|
|
|
|
persistentTimer = true;
|
|
preHook = ''
|
|
extraCreateArgs="$extraCreateArgs --exclude-if-present .nobackup"
|
|
extraCreateArgs="$extraCreateArgs --stats"
|
|
'';
|
|
prune = {
|
|
keep = {
|
|
within = "1d";
|
|
hourly = 8;
|
|
daily = 30;
|
|
weekly = 4;
|
|
monthly = 6;
|
|
yearly = 3;
|
|
};
|
|
};
|
|
};
|
|
|
|
in {
|
|
options.tasks.backup-archive.enable =
|
|
lib.mkEnableOption "backup setup with BorgBackup";
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
sops.secrets = let
|
|
getKey = key: {
|
|
inherit key;
|
|
sopsFile = lib.getSecret "backup-archive.yaml";
|
|
}; in {
|
|
borg-patterns-home = getKey "borg-patterns/home";
|
|
borg-patterns-etc = getKey "borg-patterns/etc";
|
|
borg-patterns-keys = getKey "borg-patterns/keys";
|
|
borg-ssh-key = getKey "ssh-key";
|
|
borg-password = getKey "password";
|
|
};
|
|
|
|
fileSystems."/mnt/external-storage" = {
|
|
device = "/dev/disk/by-uuid/665A391C5A38EB07";
|
|
fsType = "ntfs";
|
|
noCheck = true;
|
|
options = [
|
|
"nofail"
|
|
"noauto"
|
|
"user"
|
|
|
|
# See systemd.mount.5 and systemd.automount.5 manual page for more
|
|
# details.
|
|
"x-systemd.automount"
|
|
"x-systemd.device-timeout=2"
|
|
"x-systemd.idle-timeout=2"
|
|
];
|
|
};
|
|
|
|
fileSystems."/mnt/archives" = {
|
|
device = "/dev/disk/by-uuid/6ba86a30-5fa4-41d9-8354-fa8af0f57f49";
|
|
fsType = "btrfs";
|
|
noCheck = true;
|
|
options = [
|
|
# These are btrfs-specific mount options which can found in btrfs.5
|
|
# manual page.
|
|
"subvol=@"
|
|
"noatime"
|
|
"compress=zstd:9"
|
|
"space_cache=v2"
|
|
|
|
# General mount options from mount.5 manual page.
|
|
"noauto"
|
|
"nofail"
|
|
"user"
|
|
|
|
# See systemd.mount.5 and systemd.automount.5 manual page for more
|
|
# details.
|
|
"x-systemd.automount"
|
|
"x-systemd.idle-timeout=2"
|
|
"x-systemd.device-timeout=2"
|
|
];
|
|
};
|
|
|
|
services.borgbackup.jobs = {
|
|
local-archive = borgJobCommonSetting {
|
|
patterns = [
|
|
config.sops.secrets.borg-patterns-home.path
|
|
config.sops.secrets.borg-patterns-etc.path
|
|
config.sops.secrets.borg-patterns-keys.path
|
|
];
|
|
} // {
|
|
doInit = false;
|
|
removableDevice = true;
|
|
repo = "/mnt/archives/backups";
|
|
startAt = "daily";
|
|
};
|
|
|
|
local-external-drive = borgJobCommonSetting {
|
|
patterns = [
|
|
config.sops.secrets.borg-patterns-home.path
|
|
config.sops.secrets.borg-patterns-etc.path
|
|
config.sops.secrets.borg-patterns-keys.path
|
|
];
|
|
} // {
|
|
doInit = false;
|
|
removableDevice = true;
|
|
repo = "/mnt/external-storage/backups";
|
|
startAt = "daily";
|
|
};
|
|
|
|
remote-borgbase = borgJobCommonSetting {
|
|
patterns = [ config.sops.secrets.borg-patterns-home.path ];
|
|
} // {
|
|
repo = "r6o30viv@r6o30viv.repo.borgbase.com:repo";
|
|
startAt = "daily";
|
|
environment.BORG_RSH = "ssh -i ${config.sops.secrets.borg-ssh-key.path}";
|
|
};
|
|
};
|
|
|
|
programs.ssh.extraConfig = ''
|
|
Host *.repo.borgbase.com
|
|
IdentityFile ${config.sops.secrets.borg-ssh-key.path}
|
|
'';
|
|
};
|
|
}
|