Update from updated-inputs-2025-02-15-02-03

2025-02-15 03:03:08 +01:00 · 2025-02-15 03:03:08 +01:00 · 790cd52cd9
commit 790cd52cd9
parent bb0ba232c7 36fbfac843
5 changed files with 120 additions and 37 deletions
--- a/flake.nix
+++ b/flake.nix
@ -132,6 +132,7 @@
      pkgs = localNixpkgs.${system};
    in {
      inherit (pkgs)
+        clerie-backup
        clerie-keys
        clerie-system-upgrade
        clerie-merge-nixfiles-update
--- a/modules/backup/default.nix
+++ b/modules/backup/default.nix
@ -21,18 +21,11 @@ let
    ) cfg.jobs
  );

-  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}: let
-    jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
-      config.sops.secrets."clerie-backup-job-${jobName}".path;
-    repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
-    targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
-      config.sops.secrets."clerie-backup-target-${targetName}".path;
-    targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
-  in
+  backupServiceUnits = listToAttrs (map ({jobName, jobOptions, targetName, targetOptions}:
    nameValuePair "clerie-backup-${jobName}-${targetName}" {
      requires = [ "network.target" "local-fs.target" ];
      after = [ "network.target" "local-fs.target" ];
-      path = [ pkgs.restic ];
+      path = [ pkgs.clerie-backup ];

      serviceConfig = {
        Type = "oneshot";
@ -41,14 +34,7 @@ let
      script = ''
        set -euo pipefail

-        export RESTIC_PASSWORD_FILE=${jobPasswordFile}
-        export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
-        export RESTIC_PROGRESS_FPS=0.1
-        export RESTIC_CACHE_DIR=/var/cache/restic
-
-        restic snapshots --latest 1 || restic init
-
-        restic backup ${optionalString (jobOptions.exclude != []) "--exclude-file ${pkgs.writeText "clerie-backup-${jobName}-${targetName}-excludes" (concatStringsSep "\n" jobOptions.exclude)}"} ${escapeShellArgs jobOptions.paths}
+        clerie-backup "${jobName}-${targetName}" backup

        ${optionalString (config.clerie.monitoring.enable) ''
          echo "clerie_backup_last_successful_run_time{backup_job=\"${jobName}\", backup_target=\"${targetName}\"} $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/clerie-backup-${jobName}-${targetName}.prom
@ -69,32 +55,22 @@ let
    }
  ) jobTargetPairs);

-  backupCommands = map ({jobName, jobOptions, targetName, targetOptions}: let
+  backupConfigs = mergeAttrsList (map ({jobName, jobOptions, targetName, targetOptions}: let
      jobPasswordFile = if jobOptions.passwordFile != null then jobOptions.passwordFile else
        config.sops.secrets."clerie-backup-job-${jobName}".path;
      repoPath = if jobOptions.repoPath == null then "/${config.networking.hostName}/${jobName}" else jobOptions.repoPath;
      targetPasswordFile = if targetOptions.passwordFile != null then targetOptions.passwordFile else
        config.sops.secrets."clerie-backup-target-${targetName}".path;
      targetUsername = if targetOptions.username == null then config.networking.hostName else targetOptions.username;
-    in pkgs.writeShellApplication {
-      name = "clerie-backup-${jobName}-${targetName}";
-
-      runtimeInputs = [ pkgs.restic ];
-
-      text = ''
-        set -euo pipefail
-
-        export RESTIC_PASSWORD_FILE=${jobPasswordFile}
-        export RESTIC_REPOSITORY="rest:https://${targetUsername}:$(cat ${targetPasswordFile})@${targetOptions.serverName}${repoPath}"
-        export RESTIC_PROGRESS_FPS=0.1
-        export RESTIC_CACHE_DIR=/var/cache/restic
-
-        restic "$@"
-      '';
-
-      checkPhase = "";
+    in {
+      "clerie-backup/${jobName}-${targetName}/repo_password".source = jobPasswordFile;
+      "clerie-backup/${jobName}-${targetName}/repo_url".text = "https://${targetOptions.serverName}${repoPath}";
+      "clerie-backup/${jobName}-${targetName}/auth_username".text = targetUsername;
+      "clerie-backup/${jobName}-${targetName}/auth_password".source = targetPasswordFile;
+      "clerie-backup/${jobName}-${targetName}/files".text = concatStringsSep "\n" jobOptions.paths;
+      "clerie-backup/${jobName}-${targetName}/excludes".text = concatStringsSep "\n" jobOptions.exclude;
    }
-  ) jobTargetPairs;
+  ) jobTargetPairs);

  targetOptions = { ... }: {
    options = {
@ -158,6 +134,7 @@ in
    systemd.tmpfiles.rules = [
      "d /var/cache/restic - - - - -"
    ];
-    environment.systemPackages = backupCommands;
+    environment.systemPackages = [ pkgs.clerie-backup ];
+    environment.etc = backupConfigs;
  };
 }
--- a/pkgs/clerie-backup/clerie-backup.sh
+++ b/pkgs/clerie-backup/clerie-backup.sh
@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+REPO=
+ACTION=
+
+if [[ $# -lt 2 ]]; then
+	echo "Command not specified"
+	echo
+	echo "clerie-backup REPO ACTION"
+	echo
+	echo "ACTION: restic,backup"
+	echo
+	echo "Available REPOs (/etc/clerie-backup/):"
+	echo
+	if [[ -d "/etc/clerie-backup" ]]; then
+		find "/etc/clerie-backup/" -mindepth 1 -maxdepth 1 -type d -printf "%f\n" | sort -d
+	fi
+	exit 1
+fi
+
+REPO="$1"
+shift
+
+ACTION="$1"
+shift
+
+CONFIG_DIR="/etc/clerie-backup/${REPO}"
+if [[ ! -d "${CONFIG_DIR}" ]]; then
+	echo "Config dir ${CONFIG_DIR} for ${REPO} does not exist"
+	exit 1
+fi
+
+ISSUE_EXIST=
+if [[ ! -f "${CONFIG_DIR}/repo_password" ]]; then
+	echo "File ${CONFIG_DIR}/repo_password not found"
+	ISSUE_EXIST=1
+fi
+if [[ ! -f "${CONFIG_DIR}/repo_url" ]]; then
+	echo "File ${CONFIG_DIR}/repo_url not found"
+	ISSUE_EXIST=1
+fi
+if [[ ! -f "${CONFIG_DIR}/auth_username" ]]; then
+	echo "File ${CONFIG_DIR}/auth_username not found"
+	ISSUE_EXIST=1
+fi
+if [[ ! -f "${CONFIG_DIR}/auth_password" ]]; then
+	echo "File ${CONFIG_DIR}/auth_password not found"
+	ISSUE_EXIST=1
+fi
+if [[ -n "${ISSUE_EXIST}" ]]; then
+	exit 1
+fi
+
+RESTIC_PASSWORD_FILE="${CONFIG_DIR}/repo_password"
+export RESTIC_PASSWORD_FILE
+RESTIC_REPOSITORY="rest:$(cat "${CONFIG_DIR}/repo_url")"
+export RESTIC_REPOSITORY
+RESTIC_REST_USERNAME="$(cat "${CONFIG_DIR}/auth_username")"
+export RESTIC_REST_USERNAME
+RESTIC_REST_PASSWORD="$(cat "${CONFIG_DIR}/auth_password")"
+export RESTIC_REST_PASSWORD
+RESTIC_PROGRESS_FPS="0.1"
+export RESTIC_PROGRESS_FPS
+RESTIC_CACHE_DIR="/var/cache/restic"
+export RESTIC_CACHE_DIR
+
+case "${ACTION}" in
+restic)
+	restic "$@"
+	;;
+backup)
+	ISSUE_EXIST=
+	if [[ ! -f "${CONFIG_DIR}/excludes" ]]; then
+		echo "File ${CONFIG_DIR}/excludes not found"
+		ISSUE_EXIST=1
+	fi
+	if [[ ! -f "${CONFIG_DIR}/files" ]]; then
+		echo "File ${CONFIG_DIR}/files not found"
+		ISSUE_EXIST=1
+	fi
+	if [[ -n "${ISSUE_EXIST}" ]]; then
+		exit 1
+	fi
+
+        restic snapshots --latest 1 || restic init
+
+        restic backup --exclude-file "${CONFIG_DIR}/excludes" --files-from "${CONFIG_DIR}/files"
+	;;
+*)
+	echo "Unsupported ACTION: ${ACTION}"
+	exit 1
+	;;
+esac
--- a/pkgs/clerie-backup/default.nix
+++ b/pkgs/clerie-backup/default.nix
@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+pkgs.writeShellApplication {
+  name = "clerie-backup";
+  text = builtins.readFile ./clerie-backup.sh;
+  runtimeInputs = with pkgs; [
+    restic
+  ];
+}
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@ -1,4 +1,5 @@
 final: prev: {
+  clerie-backup = final.callPackage ./clerie-backup {};
  clerie-keys = final.callPackage ./clerie-keys {};
  clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
  clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};