blob: 3f5042bdea7198a764ec7b3e85ff6975d363e4e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
{
config,
lib,
...
}: let
inherit (builtins) elem readFile readDir;
inherit (lib) mkOption types mkIf hasSuffix removeSuffix hasAttr filterAttrs mapAttrs mapAttrs' nameValuePair mergeAttrsList recursiveUpdate;
servers = ["ridcully"]; # TODO "errol"
clients =
mapAttrs' (fname: _:
nameValuePair (removeSuffix ".pub" fname)
(readFile (config.personal-secrets + "/unencrypted/backup/${fname}")))
(filterAttrs (n: v: v == "regular" && hasSuffix ".pub" n)
(readDir (config.personal-secrets + "/unencrypted/backup")));
edpersonal = readFile (config.personal-secrets + "/unencrypted/edpersonal.pub");
in {
options.cynerd = {
borgjobs = mkOption {
type = with types; attrsOf anything;
description = "Job to be backed up for this ";
};
};
config = {
services.borgbackup = {
repos = mkIf (elem config.networking.hostName servers) (
mapAttrs (name: key: {
path = "/back/${name}";
authorizedKeys = [key edpersonal];
allowSubRepos = true;
})
clients
);
jobs = mkIf (hasAttr config.networking.hostName clients) (mergeAttrsList
(map (server: (mapAttrs' (n: v:
nameValuePair "${server}-${n}"
(recursiveUpdate
(recursiveUpdate {
encryption.mode = "none";
prune = {
keep = {
daily = 7;
weekly = 4;
monthly = -1;
};
prefix = n;
};
}
v)
{
repo = "borg@${server}:./${n}";
environment = {
BORG_RSH = "ssh -i /run/secrets/borgbackup.key";
};
archiveBaseName = null;
}))
config.cynerd.borgjobs))
servers));
};
};
}
|
