Update from updated-inputs-2025-02-15-02-03

2025-02-15 03:03:08 +01:00 · 2025-02-15 03:03:08 +01:00 · 790cd52cd9
commit 790cd52cd9
parent bb0ba232c7 36fbfac843
5 changed files with 120 additions and 37 deletions
--- a/flake.nix
+++ b/flake.nix
@ -132,6 +132,7 @@
      pkgs = localNixpkgs.${system};
    in {
      inherit (pkgs)
        clerie-backup
        clerie-keys
        clerie-system-upgrade
        clerie-merge-nixfiles-update
--- a/modules/backup/default.nix
+++ b/modules/backup/default.nix
@ -21,18 +21,11 @@ let
    ) cfg.jobs
  );
-  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
+  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:
    jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
      config.sops.secrets."clerie-backup-job-${jobName}".path;
    repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
    targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
      config.sops.secrets."clerie-backup-target-${targetName}".path;
    targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
  in
    nameValuePair "clerie-backup-${jobName}-${targetName}" {
      requires = [ "network.target" "local-fs.target" ];
      after = [ "network.target" "local-fs.target" ];
-      path = [ pkgs.restic ];
+      path = [ pkgs.clerie-backup ];
      serviceConfig = {
        Type = "oneshot";
@ -41,14 +34,7 @@ let
      script = ''
        set -euo pipefail
-        export RESTIC_PASSWORD_FILE=${jobPasswordFile}
+        clerie-backup "${jobName}-${targetName}" backup
        export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
        export RESTIC_PROGRESS_FPS=0.1
        export RESTIC_CACHE_DIR=/var/cache/restic
        restic snapshots --latest 1 || restic init
        restic backup ${optionalString (jobOptions.exclude != []) "--exclude-file ${pkgs.writeText "clerie-backup-${jobName}-${targetName}-excludes" (concatStringsSep "\n" jobOptions.exclude)}"} ${escapeShellArgs jobOptions.paths}
        ${optionalString (config.clerie.monitoring.enable) ''
          echo "clerie_backup_last_successful_run_time{backup_job=\"${jobName}\", backup_target=\"${targetName}\"} $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/clerie-backup-${jobName}-${targetName}.prom
@ -69,32 +55,22 @@ let
    }
  ) jobTargetPairs);
-  backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
+  backupConfigs = mergeAttrsList (map ({jobName, jobOptions, targetName, targetOptions}: let
      jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
        config.sops.secrets."clerie-backup-job-${jobName}".path;
      repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
      targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
        config.sops.secrets."clerie-backup-target-${targetName}".path;
      targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
-    in pkgs.writeShellApplication {
+    in {
-      name = "clerie-backup-${jobName}-${targetName}";
+      "clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;
-
+      "clerie-backup/${jobName}-${targetName}/repo_url".text = "https://${targetOptions.serverName}${repoPath}";
-      runtimeInputs = [ pkgs.restic ];
+      "clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;
-
+      "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
-      text = ''
+      "clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;
-        set -euo pipefail
+      "clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;
        export RESTIC_PASSWORD_FILE=${jobPasswordFile}
        export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
        export RESTIC_PROGRESS_FPS=0.1
        export RESTIC_CACHE_DIR=/var/cache/restic
        restic "$@"
      '';
      checkPhase = "";
    }
-  ) jobTargetPairs;
+  ) jobTargetPairs);
  targetOptions = { ... }: {
    options = {
@ -158,6 +134,7 @@ in
    systemd.tmpfiles.rules = [
      "d /var/cache/restic - - - - -"
    ];
-    environment.systemPackages = backupCommands;
+    environment.systemPackages = [ pkgs.clerie-backup ];
    environment.etc = backupConfigs;
  };
 }
--- a/pkgs/clerie-backup/clerie-backup.sh
+++ b/pkgs/clerie-backup/clerie-backup.sh
@ -0,0 +1,95 @@
 #!/usr/bin/env bash
 set -euo pipefail
 REPO=
 ACTION=
 if [[ $# -lt 2 ]]; then
 	echo "Command not specified"
 	echo
 	echo "clerie-backup REPO ACTION"
 	echo
 	echo "ACTION: restic,backup"
 	echo
 	echo "Available REPOs (/etc/clerie-backup/):"
 	echo
 	if [[ -d "/etc/clerie-backup" ]]; then
 		find "/etc/clerie-backup/" -mindepth 1 -maxdepth 1 -type d -printf "%f\n" | sort -d
 	fi
 	exit 1
 fi
 REPO="$1"
 shift
 ACTION="$1"
 shift
 CONFIG_DIR="/etc/clerie-backup/${REPO}"
 if [[ ! -d "${CONFIG_DIR}" ]]; then
 	echo "Config dir ${CONFIG_DIR} for ${REPO} does not exist"
 	exit 1
 fi
 ISSUE_EXIST=
 if [[ ! -f "${CONFIG_DIR}/repo_password" ]]; then
 	echo "File ${CONFIG_DIR}/repo_password not found"
 	ISSUE_EXIST=1
 fi
 if [[ ! -f "${CONFIG_DIR}/repo_url" ]]; then
 	echo "File ${CONFIG_DIR}/repo_url not found"
 	ISSUE_EXIST=1
 fi
 if [[ ! -f "${CONFIG_DIR}/auth_username" ]]; then
 	echo "File ${CONFIG_DIR}/auth_username not found"
 	ISSUE_EXIST=1
 fi
 if [[ ! -f "${CONFIG_DIR}/auth_password" ]]; then
 	echo "File ${CONFIG_DIR}/auth_password not found"
 	ISSUE_EXIST=1
 fi
 if [[ -n "${ISSUE_EXIST}" ]]; then
 	exit 1
 fi
 RESTIC_PASSWORD_FILE="${CONFIG_DIR}/repo_password"
 export RESTIC_PASSWORD_FILE
 RESTIC_REPOSITORY="rest:$(cat "${CONFIG_DIR}/repo_url")"
 export RESTIC_REPOSITORY
 RESTIC_REST_USERNAME="$(cat "${CONFIG_DIR}/auth_username")"
 export RESTIC_REST_USERNAME
 RESTIC_REST_PASSWORD="$(cat "${CONFIG_DIR}/auth_password")"
 export RESTIC_REST_PASSWORD
 RESTIC_PROGRESS_FPS="0.1"
 export RESTIC_PROGRESS_FPS
 RESTIC_CACHE_DIR="/var/cache/restic"
 export RESTIC_CACHE_DIR
 case "${ACTION}" in
 restic)
 	restic "$@"
 	;;
 backup)
 	ISSUE_EXIST=
 	if [[ ! -f "${CONFIG_DIR}/excludes" ]]; then
 		echo "File ${CONFIG_DIR}/excludes not found"
 		ISSUE_EXIST=1
 	fi
 	if [[ ! -f "${CONFIG_DIR}/files" ]]; then
 		echo "File ${CONFIG_DIR}/files not found"
 		ISSUE_EXIST=1
 	fi
 	if [[ -n "${ISSUE_EXIST}" ]]; then
 		exit 1
 	fi
        restic snapshots --latest 1 || restic init
        restic backup --exclude-file "${CONFIG_DIR}/excludes" --files-from "${CONFIG_DIR}/files"
 	;;
 *)
 	echo "Unsupported ACTION: ${ACTION}"
 	exit 1
 	;;
 esac
--- a/pkgs/clerie-backup/default.nix
+++ b/pkgs/clerie-backup/default.nix
@ -0,0 +1,9 @@
 { pkgs, ... }:
 pkgs.writeShellApplication {
  name = "clerie-backup";
  text = builtins.readFile ./clerie-backup.sh;
  runtimeInputs = with pkgs; [
    restic
  ];
 }
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -1,4 +1,5 @@
 final: prev: {
  clerie-backup = final.callPackage ./clerie-backup {};
  clerie-keys = final.callPackage ./clerie-keys {};
  clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
  clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};