nixos-config/system/all/borg-jobs.nix
2021-09-25 15:17:07 +02:00

79 lines
2 KiB
Nix

{ config, lib, ... }: {
options = {
backup.dirs = lib.mkOption {
default = [ ];
type = with lib.types; listOf str;
description = ''
folders to backup
'';
};
backup.exclude = lib.mkOption {
default = [ ];
type = with lib.types; listOf str;
description = ''
exclude files and folders matching a pattern.
Theses patterns effect all folders in `backup.dirs`.
see man borg pattern for more information
'';
example = [ ".git" "/home/*/.cache" ".stfolder" ];
};
};
config = let
servers = [
{
name = "workhorse";
host = "workhorse.private";
}
{
name = "pepe";
host = "pepe.private";
}
];
dirs = config.backup.dirs;
myHostname = config.networking.hostName;
setup = server: {
paths = config.backup.dirs;
exclude = config.backup.exclude;
doInit = true;
repo = "borg@${server}:./${myHostname}";
encryption = {
mode = "repokey-blake2";
# todo rename
# passCommand = "cat ${toString <secrets/backup/repo>}";
passCommand =
"cat ${config.sops.secrets.backup_repository_passphrase.path}";
};
environment.BORG_RSH =
"ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
compression = "auto,lzma";
startAt = "daily";
prune.keep = {
within = "10d"; # Keep all backups in the last 10 days.
weekly = 8; # Keep 8 additional end of week archives.
monthly = -1; # Keep end of month archive for every month
};
};
in {
sops.secrets.backup_repository_passphrase = { };
sops.secrets.backup_ssh_rsa_private = { };
services.borgbackup.jobs = let
setups = map ({ name, host }: { "${name}" = setup host; }) servers;
setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups;
nonEmptySetups =
lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0)
setupAttrs;
in nonEmptySetups;
};
}