clerie/nixfiles
1
0
Fork 0
Code

modules/backup: Migrate automatic backups to clerie-backup backend

Browse Source
This commit is contained in:
clerie 2025-02-14 13:17:26 +01:00
parent d17c2855ac
commit 61a7d64452
1 changed files with 14 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
modules/backup/default.nix
View File

@ -21,18 +21,11 @@ let
) cfg.jobs
);
backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
config.sops.secrets."clerie-backup-job-${jobName}".path;
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
config.sops.secrets."clerie-backup-target-${targetName}".path;
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
in
backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:
nameValuePair "clerie-backup-${jobName}-${targetName}" {
requires = [ "network.target" "local-fs.target" ];
after = [ "network.target" "local-fs.target" ];
path = [ pkgs.restic ];
path = [ pkgs.clerie-backup ];
serviceConfig = {
Type = "oneshot";
@ -41,14 +34,7 @@ let
script = ''
set -euo pipefail
export RESTIC_PASSWORD_FILE=${jobPasswordFile}
export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
export RESTIC_PROGRESS_FPS=0.1
export RESTIC_CACHE_DIR=/var/cache/restic
restic snapshots --latest 1 || restic init
restic backup ${optionalString (jobOptions.exclude != []) "--exclude-file ${pkgs.writeText "clerie-backup-${jobName}-${targetName}-excludes" (concatStringsSep "\n" jobOptions.exclude)}"} ${escapeShellArgs jobOptions.paths}
clerie-backup "${jobName}-${targetName}" backup
${optionalString (config.clerie.monitoring.enable) ''
echo "clerie_backup_last_successful_run_time{backup_job=\"${jobName}\", backup_target=\"${targetName}\"} $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/clerie-backup-${jobName}-${targetName}.prom
@ -69,32 +55,22 @@ let
}
) jobTargetPairs);
backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
backupConfigs = mergeAttrsList (map ({jobName, jobOptions, targetName, targetOptions}: let
jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
config.sops.secrets."clerie-backup-job-${jobName}".path;
repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
config.sops.secrets."clerie-backup-target-${targetName}".path;
targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
in pkgs.writeShellApplication {
name = "clerie-backup-${jobName}-${targetName}";
runtimeInputs = [ pkgs.restic ];
text = ''
set -euo pipefail
export RESTIC_PASSWORD_FILE=${jobPasswordFile}
export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
export RESTIC_PROGRESS_FPS=0.1
export RESTIC_CACHE_DIR=/var/cache/restic
restic "$@"
'';
checkPhase = "";
in {
"clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;
"clerie-backup/${jobName}-${targetName}/repo_url".text = "https://${targetOptions.serverName}${repoPath}";
"clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;
"clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
"clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;
"clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;
}
) jobTargetPairs;
) jobTargetPairs);
targetOptions = { ... }: {
options = {
@ -158,6 +134,7 @@ in
systemd.tmpfiles.rules = [
"d /var/cache/restic - - - - -"
];
environment.systemPackages = backupCommands;
environment.systemPackages = [ pkgs.clerie-backup ];
environment.etc = backupConfigs;
};
}