nixos-config/nixos/system/all/borg-jobs.nix

85 lines
2.2 KiB
Nix
Raw Normal View History

2022-01-13 13:40:18 +01:00
{ config, lib, ... }:
# borg core setup
# ---------------
# provides an easy interface for all services
# to append it's files to be backuped
{
2020-09-04 00:49:35 +02:00
options = {
backup.dirs = lib.mkOption {
default = [ ];
type = with lib.types; listOf str;
description = ''
folders to backup
'';
};
backup.exclude = lib.mkOption {
default = [ ];
type = with lib.types; listOf str;
description = ''
exclude files and folders matching a pattern.
Theses patterns effect all folders in `backup.dirs`.
see man borg pattern for more information
'';
example = [ ".git" "/home/*/.cache" ".stfolder" ];
2020-09-04 00:49:35 +02:00
};
};
2021-11-01 09:20:42 +01:00
config =
let
2021-11-01 09:20:42 +01:00
servers = [
2022-01-13 13:40:18 +01:00
#{
# name = "robi";
# host = "robi.private";
#}
2021-11-01 09:20:42 +01:00
{
name = "pepe";
host = "pepe.private";
}
];
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
dirs = config.backup.dirs;
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
myHostname = config.networking.hostName;
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
setup = server: {
paths = config.backup.dirs;
exclude = config.backup.exclude;
doInit = true;
repo = "borg@${server}:./${myHostname}";
encryption = {
mode = "repokey-blake2";
2022-01-13 13:40:18 +01:00
passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
2021-11-01 09:20:42 +01:00
};
2022-01-13 13:40:18 +01:00
environment.BORG_RSH = "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
2021-11-01 09:20:42 +01:00
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
within = "10d"; # Keep all backups in the last 10 days.
weekly = 8; # Keep 8 additional end of week archives.
monthly = -1; # Keep end of month archive for every month
};
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
};
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
in
{
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
sops.secrets.backup_repository_passphrase = { };
sops.secrets.backup_ssh_rsa_private = { };
2021-11-01 09:20:42 +01:00
services.borgbackup.jobs =
let
setups = map ({ name, host }: { "${name}" = setup host; }) servers;
setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups;
nonEmptySetups =
lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0)
setupAttrs;
in
nonEmptySetups;
2020-09-04 00:49:35 +02:00
2021-11-01 09:20:42 +01:00
};
2020-09-04 00:49:35 +02:00
}