nixos-config/legacy/borg-jobs.nix
2024-06-07 22:56:52 +02:00

96 lines
2.6 KiB
Nix

{ config, lib, ... }:
# borg core setup
# ---------------
# provides an easy interface for all services
# to append it's files to be backuped
{
options = {
backup = {
enable = lib.mkEnableOption "enable borg backup";
dirs = lib.mkOption {
default = [ ];
type = with lib.types; listOf str;
description = ''
folders to backup
'';
};
exclude = lib.mkOption {
default = [ ];
type = with lib.types; listOf str;
description = ''
exclude files and folders matching a pattern.
Theses patterns effect all folders in `backup.dirs`.
see man borg pattern for more information
'';
example = [ ".git" "/home/*/.cache" ".stfolder" ];
};
servers = lib.mkOption {
default = {
robi.host = "144.76.13.147";
pepe.host = "pepe.private";
};
type = with lib.types; attrsOf (submodule {
options = {
host = lib.mkOption {
type = with lib.types; str;
};
user = lib.mkOption {
default = "borg";
type = with lib.types; str;
};
};
});
description = ''
servers to backup to
'';
};
};
};
config =
let
myHostname = config.networking.hostName;
setup = { user, host }: {
paths = config.backup.dirs;
exclude = config.backup.exclude;
doInit = true;
repo = "${user}@${host}:./${myHostname}";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
};
environment = {
BORG_RSH = "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
within = "10d"; # Keep all backups in the last 10 days.
weekly = 8; # Keep 8 additional end of week archives.
monthly = -1; # Keep end of month archive for every month
};
};
in
lib.mkIf config.backup.enable {
sops.secrets.backup_repository_passphrase = { };
sops.secrets.backup_ssh_rsa_private = { };
services.borgbackup.jobs =
lib.mapAttrs (_: target: setup target) config.backup.servers;
#systemd.services = lib.mapAttrs'
# (name: _: {
# name = "borgbackup-job-${name}";
# value = { enable = config.backup.dirs != [ ]; };
# })
# config.backup.servers;
};
}