borg: add exclude parameter and scripts

2020-09-05 14:37:49 +02:00 · 2020-09-05 14:37:49 +02:00 · e268ca6912
parent 7f4b6863d1
commit e268ca6912
5 changed files with 47 additions and 3 deletions
--- a/configs/pepe/borg.nix
+++ b/configs/pepe/borg.nix
@ -8,6 +8,7 @@
      authorizedKeys = [
        # todo rename
        (lib.fileContents <common_secrets/backup/ssh_rsa.pub>)
+        (lib.fileContents <assets/ssh/card_rsa.pub>)
      ];
    };
  };
--- a/configs/workhorse/borg.nix
+++ b/configs/workhorse/borg.nix
@ -7,6 +7,7 @@
      authorizedKeys = [
        # todo rename
        (lib.fileContents <common_secrets/backup/ssh_rsa.pub>)
+        (lib.fileContents <assets/ssh/card_rsa.pub>)
      ];
    };
  };
--- a/system/all/borg-jobs.nix
+++ b/system/all/borg-jobs.nix
@ -4,6 +4,19 @@
    backup.dirs = lib.mkOption {
      default = [ ];
      type = with lib.types; listOf str;
+      description = ''
+        folders to backup
+      '';
+    };
+    backup.exclude = lib.mkOption {
+      default = [ ];
+      type = with lib.types; listOf str;
+      description = ''
+        exclude files and folders matching a pattern.
+        Theses patterns effect all folders in `backup.dirs`.
+        see man borg pattern for more information
+      '';
+      example = [ ".git" "/home/*/.cache" ".stfolder" ];
    };
  };

@ -24,7 +37,8 @@
    myHostname = config.networking.hostName;

    setup = server: {
-      paths = dirs;
+      paths = config.backup.dirs;
+      exclude = config.backup.exclude;
      doInit = true;
      repo = "borg@${server}:./${myHostname}";
      encryption = {
@ -32,10 +46,14 @@
        # todo rename
        passCommand = "cat ${toString <secrets/backup/repo>}";
      };
-      environment.BORG_RSH =
-        "ssh -i ${toString <secrets/backup/ssh_rsa>}";
+      environment.BORG_RSH = "ssh -i ${toString <secrets/backup/ssh_rsa>}";
      compression = "auto,lzma";
      startAt = "daily";
+      prune.keep = {
+        within = "10d"; # Keep all backups in the last 10 days.
+        weekly = 8; # Keep 8 additional end of week archives.
+        monthly = -1; # Keep end of month archive for every month
+      };

    };

--- a/system/all/borg-scripts.nix
+++ b/system/all/borg-scripts.nix
@ -0,0 +1,20 @@
+{ pkgs, lib, ... }: {
+
+  environment.systemPackages = let
+    createScript = command: host: repository:
+      pkgs.writers.writeBashBin
+      "borg-${command}-on-${host}-for-${repository}" ''
+        ${pkgs.borgbackup}/bin/borg \
+          ${command} \
+          --rsh='ssh -i ~/.ssh/card_rsa.pub' borg@${host}.private:${repository}/. \
+          "$@"
+      '';
+    hosts = [ "workhorse" "pepe" ];
+    repositories = [ "workhorse" "pepe" "sterni" "workout" ];
+    commands = [ "list" ];
+  in lib.flatten (map (command:
+    map
+    (host: map (repository: createScript command host repository) repositories)
+    hosts) commands);
+
+}
--- a/system/all/default.nix
+++ b/system/all/default.nix
@ -18,6 +18,7 @@
    ./nginx.nix
    ./packages.nix
    ./borg-jobs.nix
+    ./borg-scripts.nix
    ./sshd-known-hosts-bootup.nix
    ./sshd-known-hosts-private.nix
    ./sshd-known-hosts-public.nix
@ -29,6 +30,9 @@

  ];

+  # default backup excludes
+  backup.exclude = [ ".git" ".stfolder" ".stversions" ];
+
  # provide overlays
  # -----------------
  nixpkgs.overlays = [ (import <pkgs>) (import <nix-writers/pkgs>) ];