nixos-config/system/all/restic.nix

62 lines
1.4 KiB
Nix
Raw Normal View History

2019-12-20 05:54:26 +01:00
{ config, lib, ... }: {
2019-10-24 02:20:38 +02:00
options = {
backup.all.restic.dirs = lib.mkOption {
2019-12-20 05:54:26 +01:00
default = [ ];
2019-10-24 02:20:38 +02:00
type = with lib.types; listOf str;
};
};
2019-10-28 18:33:40 +01:00
config = let
2020-04-29 20:27:49 +02:00
servers = [
"porani.insecure"
"workhorse.private"
"workout.private"
"pepe.private"
];
2019-10-28 18:33:40 +01:00
dirs = config.backup.all.restic.dirs;
setup = server: {
2020-04-29 20:27:49 +02:00
enable = lib.mkDefault true;
2019-10-28 18:33:40 +01:00
passwordFile = toString <secrets/backup/restic-repo>;
repo = "sftp::backup/remote-${config.networking.hostName}";
2019-12-20 05:54:26 +01:00
requires = [ ];
2019-10-28 18:33:40 +01:00
extraArguments = [
2019-12-20 05:54:26 +01:00
"sftp.command='ssh backup@${server} -i ${
toString <secrets/backup/sftp-user_rsa>
} -s sftp'"
2019-10-28 18:33:40 +01:00
];
initialize = true;
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
2019-10-24 02:20:38 +02:00
};
2019-10-28 18:33:40 +01:00
dirs = dirs;
};
hostname = config.networking.hostName;
infoEntry = server: {
restic = {
folders = dirs;
from = hostname;
2019-10-28 19:01:17 +01:00
to = {
server = server;
repo = config.backup.services.restic."on-${server}".repo;
};
enable = config.backup.services.restic."on-${server}".enable;
2019-10-28 18:33:40 +01:00
};
};
in {
2019-12-20 05:54:26 +01:00
backup.services.restic = lib.zipAttrsWith (name: vals: lib.head vals)
2020-01-17 10:35:43 +01:00
(map (server: { "on-${server}" = setup server; }) servers);
2019-10-28 18:33:40 +01:00
environment.etc."info/restic-${hostname}.json" = {
enable = true;
text = builtins.toJSON (map infoEntry servers);
2019-10-24 02:20:38 +02:00
};
};
2019-10-28 18:33:40 +01:00
2019-10-24 02:20:38 +02:00
}