79 lines
2 KiB
Nix
79 lines
2 KiB
Nix
{ config, lib, ... }: {
|
|
|
|
options = {
|
|
backup.dirs = lib.mkOption {
|
|
default = [ ];
|
|
type = with lib.types; listOf str;
|
|
description = ''
|
|
folders to backup
|
|
'';
|
|
};
|
|
backup.exclude = lib.mkOption {
|
|
default = [ ];
|
|
type = with lib.types; listOf str;
|
|
description = ''
|
|
exclude files and folders matching a pattern.
|
|
Theses patterns effect all folders in `backup.dirs`.
|
|
see man borg pattern for more information
|
|
'';
|
|
example = [ ".git" "/home/*/.cache" ".stfolder" ];
|
|
};
|
|
};
|
|
|
|
config = let
|
|
|
|
servers = [
|
|
{
|
|
name = "workhorse";
|
|
host = "workhorse.private";
|
|
}
|
|
{
|
|
name = "pepe";
|
|
host = "pepe.private";
|
|
}
|
|
];
|
|
|
|
dirs = config.backup.dirs;
|
|
|
|
myHostname = config.networking.hostName;
|
|
|
|
setup = server: {
|
|
paths = config.backup.dirs;
|
|
exclude = config.backup.exclude;
|
|
doInit = true;
|
|
repo = "borg@${server}:./${myHostname}";
|
|
encryption = {
|
|
mode = "repokey-blake2";
|
|
# todo rename
|
|
# passCommand = "cat ${toString <secrets/backup/repo>}";
|
|
passCommand =
|
|
"cat ${config.sops.secrets.backup_repository_passphrase.path}";
|
|
};
|
|
environment.BORG_RSH =
|
|
"ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
|
|
compression = "auto,lzma";
|
|
startAt = "daily";
|
|
prune.keep = {
|
|
within = "10d"; # Keep all backups in the last 10 days.
|
|
weekly = 8; # Keep 8 additional end of week archives.
|
|
monthly = -1; # Keep end of month archive for every month
|
|
};
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
sops.secrets.backup_repository_passphrase = { };
|
|
sops.secrets.backup_ssh_rsa_private = { };
|
|
|
|
services.borgbackup.jobs = let
|
|
setups = map ({ name, host }: { "${name}" = setup host; }) servers;
|
|
setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups;
|
|
nonEmptySetups =
|
|
lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0)
|
|
setupAttrs;
|
|
in nonEmptySetups;
|
|
|
|
};
|
|
|
|
}
|