mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-01-31 16:57:55 +00:00
207a682045
While Borgmatic is great, the NixOS module does have easier configuration for various use cases such as backups in removable devices. To make this possible in Borgmatic, you have to go through some loops. Borgmatic does have easier way of indicating paths. However, in recent versions of Borg, they have the experimental feature of indicate both include and exclude through patterns which is close enough. Also, because of this, we'll be deprecating the custom borgmatic service at this point. It'll be removed once all of my NixOS-related backup setups are not using it.
115 lines
3.2 KiB
Nix
115 lines
3.2 KiB
Nix
# This is my external hard drive with the backup setup with borg.
|
|
{ config, options, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.hardware-setup.backup-archive;
|
|
|
|
borgJobCommonSetting = { patterns ? [ ] }: {
|
|
compression = "zstd,9";
|
|
dateFormat = "+%F-%H-%M-%S-%z";
|
|
doInit = true;
|
|
encryption = {
|
|
mode = "repokey-blake2";
|
|
passCommand = "cat ${config.age.secrets.borg-password.path}";
|
|
};
|
|
extraCreateArgs = lib.concatStringsSep " "
|
|
(builtins.map (patternFile: "--patterns-from ${patternFile}") patterns);
|
|
extraInitArgs = "--make-parent-dirs";
|
|
|
|
# We're emptying them since we're specifying them all through the patterns file.
|
|
paths = [ ];
|
|
|
|
persistentTimer = true;
|
|
preHook = ''
|
|
extraCreateArgs="$extraCreateArgs --exclude-if-present .nobackup"
|
|
extraCreateArgs="$extraCreateArgs --stats"
|
|
'';
|
|
prune = {
|
|
keep = {
|
|
within = "1d";
|
|
hourly = 8;
|
|
daily = 30;
|
|
weekly = 4;
|
|
monthly = 6;
|
|
yearly = 3;
|
|
};
|
|
};
|
|
};
|
|
|
|
in {
|
|
options.hardware-setup.backup-archive.enable =
|
|
lib.mkEnableOption "backup setup with BorgBackup";
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
assertions = [{
|
|
assertion = config.profiles.agenix.enable;
|
|
message = ''
|
|
Agenix module is not enabled. This is for the borgmatic configuration
|
|
we're using.
|
|
'';
|
|
}];
|
|
|
|
age.secrets.borg-password.file = lib.getSecret "archive/password";
|
|
age.secrets.borg-patterns.file = lib.getSecret "archive/borg-patterns";
|
|
age.secrets.borg-patterns-local.file =
|
|
lib.getSecret "archive/borg-patterns-local";
|
|
age.secrets.borg-ssh-key.file = lib.getSecret "archive/borg-ssh-key";
|
|
|
|
fileSystems."/mnt/external-storage" = {
|
|
device = "/dev/disk/by-uuid/665A391C5A38EB07";
|
|
fsType = "ntfs";
|
|
noCheck = true;
|
|
options = [
|
|
"nofail"
|
|
"noauto"
|
|
"user"
|
|
|
|
# See systemd.mount.5 and systemd.automount.5 manual page for more
|
|
# details.
|
|
"x-systemd.automount"
|
|
"x-systemd.device-timeout=2"
|
|
"x-systemd.idle-timeout=2"
|
|
];
|
|
};
|
|
|
|
services.borgbackup.jobs = {
|
|
local = borgJobCommonSetting {
|
|
patterns = [
|
|
config.age.secrets.borg-patterns-local.path
|
|
config.age.secrets.borg-patterns.path
|
|
];
|
|
} // {
|
|
doInit = true;
|
|
repo = "/archives/";
|
|
startAt = "04/5:00:00";
|
|
};
|
|
|
|
local-archive = borgJobCommonSetting {
|
|
patterns = [
|
|
config.age.secrets.borg-patterns-local.path
|
|
config.age.secrets.borg-patterns.path
|
|
];
|
|
} // {
|
|
doInit = false;
|
|
removableDevice = true;
|
|
repo = "/mnt/external-storage/backups";
|
|
startAt = "daily";
|
|
};
|
|
|
|
remote-borgbase = borgJobCommonSetting {
|
|
patterns = [ config.age.secrets.borg-patterns.path ];
|
|
} // {
|
|
doInit = false;
|
|
repo = "m9s7d92s@m9s7d92s.repo.borgbase.com:repo";
|
|
startAt = "daily";
|
|
environment.BORG_RSH = "ssh -i ${config.age.secrets.borg-ssh-key.path}";
|
|
};
|
|
};
|
|
|
|
programs.ssh.extraConfig = ''
|
|
Host *.repo.borgbase.com
|
|
IdentityFile ${config.age.secrets.borg-ssh-key.path}
|
|
'';
|
|
};
|
|
}
|