X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fduply_backup%2Fdefault.nix;h=7034a91fe0dc4b3d96e49eae5c987e1c91e1fe7f;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=bce4d658332c99bbb0915859ecdca9ae8051fcae;hpb=171d8e1a8861e5844f6cb8d1623b93b0e86aabea;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix index bce4d65..7034a91 100644 --- a/modules/duply_backup/default.nix +++ b/modules/duply_backup/default.nix @@ -1,13 +1,13 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, name, ... }: let cfg = config.myEnv.backup; varDir = "/var/lib/duply"; - duplyProfile = profile: prefix: '' + duplyProfile = profile: remote: prefix: '' GPG_PW="${cfg.password}" - TARGET="${cfg.remote}${prefix}" - export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}" - export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}" + TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" + export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" + export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" SOURCE="${profile.rootDir}" FILENAME=".duplicity-ignore" DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" @@ -16,7 +16,7 @@ let # Do a full backup after 1 month MAX_FULLBKP_AGE=1M - DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " + DUPL_PARAMS="$DUPL_PARAMS --allow-source-mismatch --exclude-other-filesystems --full-if-older-than $MAX_FULLBKP_AGE " # Backups older than 2months are deleted MAX_AGE=2M # Keep 2 full backups @@ -24,6 +24,8 @@ let MAX_FULLS_WITH_INCRS=2 ''; action = "bkp_purge_purgeFull_purgeIncr"; + varName = k: remoteName: + if remoteName == "eriomem" then k else remoteName + "_" + k; in { options = { @@ -43,6 +45,20 @@ in Path to backup ''; }; + bucket = lib.mkOption { + type = lib.types.str; + default = "immae-${name}"; + description = '' + Bucket to use + ''; + }; + remotes = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["eriomem"]; + description = '' + Remotes to use for backup + ''; + }; excludeFile = lib.mkOption { type = lib.types.lines; default = ""; @@ -59,18 +75,24 @@ in system.activationScripts.backup = '' install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches ''; - secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [ - { - permissions = "0400"; - dest = "backup/${k}/conf"; - text = duplyProfile v "${k}/"; - } - { - permissions = "0400"; - dest = "backup/${k}/exclude"; - text = v.excludeFile; - } - ]) config.services.duplyBackup.profiles); + secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ + { + permissions = "0400"; + dest = "backup/${varName k remote}/conf"; + text = duplyProfile v remote "${k}/"; + } + { + permissions = "0400"; + dest = "backup/${varName k remote}/exclude"; + text = v.excludeFile; + } + { + permissions = "0500"; + dest = "backup/${varName k remote}"; + isDir = true; + } + ]) v.remotes) config.services.duplyBackup.profiles); services.cron = { enable = true; @@ -78,13 +100,15 @@ in backups = pkgs.writeScript "backups" '' #!${pkgs.stdenv.shell} - ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: + ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ '' - touch ${varDir}/${k}.log - ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log - [[ $? = 0 ]] || echo -e "Error when doing backup for ${k}, see above\n---------------------------------------" >&2 + touch ${varDir}/${varName k remote}.log + ${pkgs.duply}/bin/duply ${config.secrets.fullPaths."backup/${varName k remote}"}/ ${action} --force >> ${varDir}/${varName k remote}.log + [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 '' - ) config.services.duplyBackup.profiles)} + ]) v.remotes + ) config.services.duplyBackup.profiles))} ''; in [