nixfiles/modules/backup/default.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.clerie.backup;

  jobTargetPairs = flatten (
    mapAttrsToList (jobName: jobOptions:
      let
        jobTargets = if jobOptions.targets == null then cfg.targets
        else
          filterAttrs (targetName: targetOptions:
            any (map (jobOptionTarget: jobOptionTarget == targetName) jobOptions.targets)
          ) cfg.targets;
      in mapAttrsToList (targetName: targetOptions:
        {
          inherit jobName jobOptions targetName targetOptions;
        }
      ) jobTargets
    ) cfg.jobs
  );

  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:
    nameValuePair "clerie-backup-${jobName}-${targetName}" {
      requires = [ "network.target" "local-fs.target" ];
      after = [ "network.target" "local-fs.target" ];
      path = [ pkgs.clerie-backup ];

      serviceConfig = {
        Type = "oneshot";
      };

      script = ''
        set -euo pipefail

        clerie-backup "${jobName}-${targetName}" backup

        ${optionalString (config.clerie.monitoring.enable) ''
          echo "clerie_backup_last_successful_run_time{backup_job=\"${jobName}\", backup_target=\"${targetName}\"} $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/clerie-backup-${jobName}-${targetName}.prom
        ''}
      '';
    }
  ) jobTargetPairs);

  backupServiceTimers = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:
    nameValuePair "clerie-backup-${jobName}-${targetName}" {
      wantedBy = [ "timers.target" ];
      timerConfig = {
        OnCalendar = "hourly";
        RandomizedDelaySec = "1h";
      };
      requires = [ "network-online.target" ];
      after = [ "network-online.target" ];
    }
  ) jobTargetPairs);

  backupConfigs = mergeAttrsList (map ({jobName, jobOptions, targetName, targetOptions}: let
      jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
        config.sops.secrets."clerie-backup-job-${jobName}".path;
      repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
      targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
        config.sops.secrets."clerie-backup-target-${targetName}".path;
      targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
    in {
      "clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;
      "clerie-backup/${jobName}-${targetName}/repo_url".text = "https://${targetOptions.serverName}${repoPath}";
      "clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;
      "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
      "clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;
      "clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;
    }
  ) jobTargetPairs);

  targetOptions = { ... }: {
    options = {
      passwordFile = mkOption {
        type = with types; nullOr str;
        default = null;
      };
      username = mkOption {
        type = with types; nullOr str;
        default = null;
      };
      serverName = mkOption {
        type = types.str;
      };
    };
  };

  jobOptions = { ... }: {
    options = {
      passwordFile = mkOption {
        type = with types; nullOr str;
        default = null;
      };
      repoPath = mkOption {
        type = with types; nullOr str;
        default = null;
      };
      targets = mkOption {
        type = with types; nullOr (listOf str);
        default = null;
      };
      paths = mkOption {
        type = with types; listOf str;
      };
      exclude = mkOption {
        type = with types; listOf str;
        default = [];
      };
    };
  };
in

{
  options = {
    clerie.backup = {
      enable = mkEnableOption "clerie's Backup";
      targets = mkOption {
        type = with types; attrsOf (submodule targetOptions);
        default = {};
      };
      jobs = mkOption {
        type = with types; attrsOf (submodule jobOptions);
        default = {};
      };
    };
  };

  config = mkIf cfg.enable {
    systemd.services = backupServiceUnits;
    systemd.timers = backupServiceTimers;
    systemd.tmpfiles.rules = [
      "d /var/cache/restic - - - - -"
    ];
    environment.systemPackages = [ pkgs.clerie-backup ];
    environment.etc = backupConfigs;
  };
}
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`
			`cfg = config.clerie.backup;`

			`jobTargetPairs = flatten (`
			`mapAttrsToList (jobName: jobOptions:`
			`let`
			`jobTargets = if jobOptions.targets == null then cfg.targets`
			`else`
			`filterAttrs (targetName: targetOptions:`
			`any (map (jobOptionTarget: jobOptionTarget == targetName) jobOptions.targets)`
			`) cfg.targets;`
			`in mapAttrsToList (targetName: targetOptions:`
			`{`
			`inherit jobName jobOptions targetName targetOptions;`
			`}`
			`) jobTargets`
			`) cfg.jobs`
			`);`

modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`nameValuePair "clerie-backup-${jobName}-${targetName}" {`
			`requires = [ "network.target" "local-fs.target" ];`
modules/backup: fix systemd unit deps 2024-03-19 18:51:17 +01:00			`after = [ "network.target" "local-fs.target" ];`
modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`path = [ pkgs.clerie-backup ];`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00
			`serviceConfig = {`
			`Type = "oneshot";`
			`};`

			`script = ''`
			`set -euo pipefail`

modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`clerie-backup "${jobName}-${targetName}" backup`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00
modules/backup: support excluding paths 2023-06-28 18:09:03 +02:00			`${optionalString (config.clerie.monitoring.enable) ''`
			`echo "clerie_backup_last_successful_run_time{backup_job=\"${jobName}\", backup_target=\"${targetName}\"} $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/clerie-backup-${jobName}-${targetName}.prom`
			`''}`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`'';`
			`}`
			`) jobTargetPairs);`

			`backupServiceTimers = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:`
			`nameValuePair "clerie-backup-${jobName}-${targetName}" {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnCalendar = "hourly";`
			`RandomizedDelaySec = "1h";`
			`};`
modules/backup: fix systemd unit deps 2024-03-19 18:51:17 +01:00			`requires = [ "network-online.target" ];`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`after = [ "network-online.target" ];`
			`}`
			`) jobTargetPairs);`

modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`backupConfigs = mergeAttrsList (map ({jobName, jobOptions, targetName, targetOptions}: let`
modules/backup: Lookups passwords in sops too 2024-04-28 12:04:29 +02:00			`jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else`
secrets.nix: Remove age secrets management 2024-05-10 16:23:41 +02:00			`config.sops.secrets."clerie-backup-job-${jobName}".path;`
modules/backup: add command for backup management 2023-07-04 09:02:44 +02:00			`repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;`
modules/backup: Lookups passwords in sops too 2024-04-28 12:04:29 +02:00			`targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else`
secrets.nix: Remove age secrets management 2024-05-10 16:23:41 +02:00			`config.sops.secrets."clerie-backup-target-${targetName}".path;`
modules/backup: add command for backup management 2023-07-04 09:02:44 +02:00			`targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;`
modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`in {`
			`"clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;`
			`"clerie-backup/${jobName}-${targetName}/repo_url".text = "https://${targetOptions.serverName}${repoPath}";`
			`"clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;`
			`"clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;`
			`"clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;`
			`"clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;`
modules/backup: add command for backup management 2023-07-04 09:02:44 +02:00			`}`
modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`) jobTargetPairs);`
modules/backup: add command for backup management 2023-07-04 09:02:44 +02:00
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`targetOptions = { ... }: {`
			`options = {`
			`passwordFile = mkOption {`
			`type = with types; nullOr str;`
			`default = null;`
			`};`
			`username = mkOption {`
			`type = with types; nullOr str;`
			`default = null;`
			`};`
			`serverName = mkOption {`
			`type = types.str;`
			`};`
			`};`
			`};`

			`jobOptions = { ... }: {`
			`options = {`
			`passwordFile = mkOption {`
			`type = with types; nullOr str;`
			`default = null;`
			`};`
			`repoPath = mkOption {`
			`type = with types; nullOr str;`
			`default = null;`
			`};`
			`targets = mkOption {`
			`type = with types; nullOr (listOf str);`
			`default = null;`
			`};`
			`paths = mkOption {`
			`type = with types; listOf str;`
			`};`
modules/backup: allow exclusion of paths 2023-06-20 20:35:37 +02:00			`exclude = mkOption {`
			`type = with types; listOf str;`
			`default = [];`
			`};`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`};`
			`};`
			`in`

			`{`
			`options = {`
			`clerie.backup = {`
			`enable = mkEnableOption "clerie's Backup";`
			`targets = mkOption {`
			`type = with types; attrsOf (submodule targetOptions);`
			`default = {};`
			`};`
			`jobs = mkOption {`
			`type = with types; attrsOf (submodule jobOptions);`
			`default = {};`
			`};`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`systemd.services = backupServiceUnits;`
			`systemd.timers = backupServiceTimers;`
modules/backup: add restic cache 2023-07-01 13:08:49 +02:00			`systemd.tmpfiles.rules = [`
			`"d /var/cache/restic - - - - -"`
			`];`
modules/backup: Migrate automatic backups to clerie-backup backend 2025-02-14 13:17:26 +01:00			`environment.systemPackages = [ pkgs.clerie-backup ];`
			`environment.etc = backupConfigs;`
modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`};`
			`}`