X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fduply_backup%2Fdefault.nix;fp=modules%2Fduply_backup%2Fdefault.nix;h=0000000000000000000000000000000000000000;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hp=846b1d472a6c0fc8ca9c7c31034c0f77e2c28875;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix deleted file mode 100644 index 846b1d4..0000000 --- a/modules/duply_backup/default.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ lib, pkgs, config, name, ... }: - -let - cfg = config.myEnv.backup; - varDir = "/var/lib/duply"; - duplyProfile = profile: remote: prefix: '' - GPG_PW="${cfg.password}" - TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" - export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" - export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" - SOURCE="${profile.rootDir}" - FILENAME=".duplicity-ignore" - DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" - VERBOSITY=4 - ARCH_DIR="${varDir}/caches" - - # Do a full backup after 1 month - MAX_FULLBKP_AGE=1M - DUPL_PARAMS="$DUPL_PARAMS --allow-source-mismatch --exclude-other-filesystems --full-if-older-than $MAX_FULLBKP_AGE " - # Backups older than 2months are deleted - MAX_AGE=2M - # Keep 2 full backups - MAX_FULL_BACKUPS=2 - MAX_FULLS_WITH_INCRS=2 - ''; - action = "bkp_purge_purgeFull_purgeIncr"; - varName = k: remoteName: - if remoteName == "eriomem" then k else remoteName + "_" + k; -in -{ - options = { - services.duplyBackup.enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether to enable remote backups. - ''; - }; - services.duplyBackup.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options = { - rootDir = lib.mkOption { - type = lib.types.path; - description = '' - Path to backup - ''; - }; - bucket = lib.mkOption { - type = lib.types.str; - default = "immae-${name}"; - description = '' - Bucket to use - ''; - }; - remotes = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = ["eriomem"]; - description = '' - Remotes to use for backup - ''; - }; - excludeFile = lib.mkOption { - type = lib.types.lines; - default = ""; - description = '' - Content to put in exclude file - ''; - }; - }; - }); - }; - }; - - config = lib.mkIf config.services.duplyBackup.enable { - system.activationScripts.backup = '' - install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches - ''; - secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (k: v: - map (remote: [ - (lib.nameValuePair "backup/${varName k remote}/conf" { - permissions = "0400"; - text = duplyProfile v remote "${k}/"; - }) - (lib.nameValuePair "backup/${varName k remote}/exclude" { - permissions = "0400"; - text = v.excludeFile; - }) - (lib.nameValuePair "backup/${varName k remote}" { - permissions = "0500"; - isDir = true; - }) - ]) v.remotes) config.services.duplyBackup.profiles)); - - services.cron = { - enable = true; - systemCronJobs = let - backups = pkgs.writeScript "backups" '' - #!${pkgs.stdenv.shell} - - ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: - map (remote: [ - '' - touch ${varDir}/${varName k remote}.log - ${pkgs.duply}/bin/duply ${config.secrets.fullPaths."backup/${varName k remote}"}/ ${action} --force >> ${varDir}/${varName k remote}.log - [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 - '' - ]) v.remotes - ) config.services.duplyBackup.profiles))} - ''; - in - [ - "0 2 * * * root ${backups}" - ]; - - }; - - security.pki.certificateFiles = [ - (pkgs.fetchurl { - url = "http://downloads.e.eriomem.net/eriomemca.pem"; - sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh"; - }) - ]; - }; -}