From 61a7d6445206d81e83420d4f8b9aa2dacfe93a2d Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Fri, 14 Feb 2025 13:17:26 +0100
Subject: [PATCH] modules/backup: Migrate automatic backups to clerie-backup
 backend

---
 modules/backup/default.nix | 51 +++++++++++---------------------------
 1 file changed, 14 insertions(+), 37 deletions(-)

diff --git a/modules/backup/default.nix b/modules/backup/default.nix
index e63198a..cea7ca9 100644
--- a/modules/backup/default.nix
+++ b/modules/backup/default.nix
@@ -21,18 +21,11 @@ let
     ) cfg.jobs
   );
 
-  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
-    jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
-      config.sops.secrets."clerie-backup-job-${jobName}".path;
-    repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
-    targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
-      config.sops.secrets."clerie-backup-target-${targetName}".path;
-    targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
-  in
+  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:
     nameValuePair "clerie-backup-${jobName}-${targetName}" {
       requires = [ "network.target" "local-fs.target" ];
       after = [ "network.target" "local-fs.target" ];
-      path = [ pkgs.restic ];
+      path = [ pkgs.clerie-backup ];
 
       serviceConfig = {
         Type = "oneshot";
@@ -41,14 +34,7 @@ let
       script = ''
         set -euo pipefail
 
-        export RESTIC_PASSWORD_FILE=${jobPasswordFile}
-        export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
-        export RESTIC_PROGRESS_FPS=0.1
-        export RESTIC_CACHE_DIR=/var/cache/restic
-
-        restic snapshots --latest 1 || restic init
-
-        restic backup ${optionalString (jobOptions.exclude != []) "--exclude-file ${pkgs.writeText "clerie-backup-${jobName}-${targetName}-excludes" (concatStringsSep "\n" jobOptions.exclude)}"} ${escapeShellArgs jobOptions.paths}
+        clerie-backup "${jobName}-${targetName}" backup
 
         ${optionalString (config.clerie.monitoring.enable) ''
           echo "clerie_backup_last_successful_run_time{backup_job=\"${jobName}\", backup_target=\"${targetName}\"} $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/clerie-backup-${jobName}-${targetName}.prom
@@ -69,32 +55,22 @@ let
     }
   ) jobTargetPairs);
 
-  backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
+  backupConfigs = mergeAttrsList (map ({jobName, jobOptions, targetName, targetOptions}: let
       jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
         config.sops.secrets."clerie-backup-job-${jobName}".path;
       repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
       targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
         config.sops.secrets."clerie-backup-target-${targetName}".path;
       targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
-    in pkgs.writeShellApplication {
-      name = "clerie-backup-${jobName}-${targetName}";
-
-      runtimeInputs = [ pkgs.restic ];
-
-      text = ''
-        set -euo pipefail
-
-        export RESTIC_PASSWORD_FILE=${jobPasswordFile}
-        export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
-        export RESTIC_PROGRESS_FPS=0.1
-        export RESTIC_CACHE_DIR=/var/cache/restic
-
-        restic "$@"
-      '';
-
-      checkPhase = "";
+    in {
+      "clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;
+      "clerie-backup/${jobName}-${targetName}/repo_url".text = "https://${targetOptions.serverName}${repoPath}";
+      "clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;
+      "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
+      "clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;
+      "clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;
     }
-  ) jobTargetPairs;
+  ) jobTargetPairs);
 
   targetOptions = { ... }: {
     options = {
@@ -158,6 +134,7 @@ in
     systemd.tmpfiles.rules = [
       "d /var/cache/restic - - - - -"
     ];
-    environment.systemPackages = backupCommands;
+    environment.systemPackages = [ pkgs.clerie-backup ];
+    environment.etc = backupConfigs;
   };
 }