1 { lib, pkgs, config, name, ... }:
4 cfg = config.myEnv.backup;
5 varDir = "/var/lib/duply";
6 duplyProfile = profile: remote: prefix: ''
7 GPG_PW="${cfg.password}"
8 TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}"
9 export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}"
10 export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}"
11 SOURCE="${profile.rootDir}"
12 FILENAME=".duplicity-ignore"
13 DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'"
15 ARCH_DIR="${varDir}/caches"
17 # Do a full backup after 1 month
19 DUPL_PARAMS="$DUPL_PARAMS --allow-source-mismatch --exclude-other-filesystems --full-if-older-than $MAX_FULLBKP_AGE "
20 # Backups older than 2months are deleted
24 MAX_FULLS_WITH_INCRS=2
26 action = "bkp_purge_purgeFull_purgeIncr";
27 varName = k: remoteName:
28 if remoteName == "eriomem" then k else remoteName + "_" + k;
32 services.duplyBackup.enable = lib.mkOption {
33 type = lib.types.bool;
36 Whether to enable remote backups.
39 services.duplyBackup.profiles = lib.mkOption {
40 type = lib.types.attrsOf (lib.types.submodule {
42 rootDir = lib.mkOption {
43 type = lib.types.path;
48 bucket = lib.mkOption {
50 default = "immae-${name}";
55 remotes = lib.mkOption {
56 type = lib.types.listOf lib.types.str;
57 default = ["eriomem"];
59 Remotes to use for backup
62 excludeFile = lib.mkOption {
63 type = lib.types.lines;
66 Content to put in exclude file
74 config = lib.mkIf config.services.duplyBackup.enable {
75 system.activationScripts.backup = ''
76 install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches
78 secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (k: v:
80 (lib.nameValuePair "backup/${varName k remote}/conf" {
82 text = duplyProfile v remote "${k}/";
84 (lib.nameValuePair "backup/${varName k remote}/exclude" {
88 (lib.nameValuePair "backup/${varName k remote}" {
92 ]) v.remotes) config.services.duplyBackup.profiles));
97 backups = pkgs.writeScript "backups" ''
98 #!${pkgs.stdenv.shell}
100 ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v:
103 touch ${varDir}/${varName k remote}.log
104 ${pkgs.duply}/bin/duply ${config.secrets.fullPaths."backup/${varName k remote}"}/ ${action} --force >> ${varDir}/${varName k remote}.log
105 [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2
108 ) config.services.duplyBackup.profiles))}
112 "0 2 * * * root ${backups}"
117 security.pki.certificateFiles = [
119 url = "http://downloads.e.eriomem.net/eriomemca.pem";
120 sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh";