X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fduply_backup%2Fdefault.nix;h=23de666cd243c2b94fe3bc91ca84dfefce6ae2e6;hb=f7c27d313296485fd5f6d76a9264c26beef2eeaa;hp=893137891e0c7ff7d84daaa45f45bc7d3274bc25;hpb=ab8f306d7c2c49b8116e1af7b355ed2384617ed9;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix index 8931378..23de666 100644 --- a/modules/duply_backup/default.nix +++ b/modules/duply_backup/default.nix @@ -1,13 +1,13 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, name, ... }: let cfg = config.myEnv.backup; varDir = "/var/lib/duply"; - duplyProfile = profile: prefix: '' + duplyProfile = profile: remote: prefix: '' GPG_PW="${cfg.password}" - TARGET="${cfg.remote}${prefix}" - export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}" - export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}" + TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" + export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" + export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" SOURCE="${profile.rootDir}" FILENAME=".duplicity-ignore" DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" @@ -16,7 +16,7 @@ let # Do a full backup after 1 month MAX_FULLBKP_AGE=1M - DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " + DUPL_PARAMS="$DUPL_PARAMS --exclude-other-filesystems --full-if-older-than $MAX_FULLBKP_AGE " # Backups older than 2months are deleted MAX_AGE=2M # Keep 2 full backups @@ -24,6 +24,8 @@ let MAX_FULLS_WITH_INCRS=2 ''; action = "bkp_purge_purgeFull_purgeIncr"; + varName = k: remoteName: + if remoteName == "eriomem" then k else remoteName + "_" + k; in { options = { @@ -43,6 +45,20 @@ in Path to backup ''; }; + bucket = lib.mkOption { + type = lib.types.str; + default = "immae-${name}"; + description = '' + Bucket to use + ''; + }; + remotes = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["eriomem"]; + description = '' + Remotes to use for backup + ''; + }; excludeFile = lib.mkOption { type = lib.types.lines; default = ""; @@ -59,18 +75,19 @@ in system.activationScripts.backup = '' install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches ''; - secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [ - { - permissions = "0400"; - dest = "backup/${k}/conf"; - text = duplyProfile v "${k}/"; - } - { - permissions = "0400"; - dest = "backup/${k}/exclude"; - text = v.excludeFile; - } - ]) config.services.duplyBackup.profiles); + secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ + { + permissions = "0400"; + dest = "backup/${varName k remote}/conf"; + text = duplyProfile v remote "${k}/"; + } + { + permissions = "0400"; + dest = "backup/${varName k remote}/exclude"; + text = v.excludeFile; + } + ]) v.remotes) config.services.duplyBackup.profiles); services.cron = { enable = true; @@ -78,12 +95,15 @@ in backups = pkgs.writeScript "backups" '' #!${pkgs.stdenv.shell} - ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: + ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ '' - touch ${varDir}/${k}.log - ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log + touch ${varDir}/${varName k remote}.log + ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${varName k remote}/ ${action} --force >> ${varDir}/${varName k remote}.log + [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 '' - ) config.services.duplyBackup.profiles)} + ]) v.remotes + ) config.services.duplyBackup.profiles))} ''; in [ @@ -92,13 +112,11 @@ in }; - security.pki.certificates = let - cert = pkgs.fetchurl { + security.pki.certificateFiles = [ + (pkgs.fetchurl { url = "http://downloads.e.eriomem.net/eriomemca.pem"; sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh"; - }; - in [ - (builtins.readFile cert) + }) ]; }; }