aboutsummaryrefslogtreecommitdiff
path: root/nixos/modules/backup.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/backup.nix')
-rw-r--r--nixos/modules/backup.nix63
1 files changed, 63 insertions, 0 deletions
diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
new file mode 100644
index 0000000..3f5042b
--- /dev/null
+++ b/nixos/modules/backup.nix
@@ -0,0 +1,63 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (builtins) elem readFile readDir;
+ inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate;
+
+ servers = ["ridcully"]; # TODO "errol"
+ clients =
+ mapAttrs' (fname: _:
+ nameValuePair (removeSuffix ".pub" fname)
+ (readFile (config.personal-secrets + "/unencrypted/backup/${fname}")))
+ (filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n)
+ (readDir (config.personal-secrets + "/unencrypted/backup")));
+ edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub");
+in {
+ options.cynerd = {
+ borgjobs = mkOption {
+ type = with types; attrsOf anything;
+ description = "Job to be backed up for this ";
+ };
+ };
+
+ config = {
+ services.borgbackup = {
+ repos = mkIf (elem config.networking.hostName servers) (
+ mapAttrs (name: key: {
+ path = "/back/${name}";
+ authorizedKeys = [key edpersonal];
+ allowSubRepos = true;
+ })
+ clients
+ );
+
+ jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList
+ (map (server: (mapAttrs' (n: v:
+ nameValuePair "${server}-${n}"
+ (recursiveUpdate
+ (recursiveUpdate {
+ encryption.mode = "none";
+ prune = {
+ keep = {
+ daily = 7;
+ weekly = 4;
+ monthly = -1;
+ };
+ prefix = n;
+ };
+ }
+ v)
+ {
+ repo = "borg@${server}:./${n}";
+ environment = {
+ BORG_RSH = "ssh -i /run/secrets/borgbackup.key";
+ };
+ archiveBaseName = null;
+ }))
+ config.cynerd.borgjobs))
+ servers));
+ };
+ };
+}