X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fduply_backup%2Fdefault.nix;h=88245a2a023f1933d5452732f38c9383e1f19602;hb=a1a2455f53bde1235b221a842d3c888c51fcecac;hp=32fa9414324bac0117492e225a3bcd8c0a1c6fd2;hpb=d2e703c560bc029c3d607058de2935bbf1cb0559;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix index 32fa941..88245a2 100644 --- a/modules/duply_backup/default.nix +++ b/modules/duply_backup/default.nix @@ -1,13 +1,13 @@ -{ lib, pkgs, myconfig, config, ... }: +{ lib, pkgs, config, name, ... }: let - cfg = myconfig.env.backup; + cfg = config.myEnv.backup; varDir = "/var/lib/duply"; - duplyProfile = profile: prefix: '' + duplyProfile = profile: remote: prefix: '' GPG_PW="${cfg.password}" - TARGET="${cfg.remote}${prefix}" - export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}" - export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}" + TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" + export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" + export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" SOURCE="${profile.rootDir}" FILENAME=".duplicity-ignore" DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" @@ -16,7 +16,7 @@ let # Do a full backup after 1 month MAX_FULLBKP_AGE=1M - DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " + DUPL_PARAMS="$DUPL_PARAMS --allow-source-mismatch --exclude-other-filesystems --full-if-older-than $MAX_FULLBKP_AGE " # Backups older than 2months are deleted MAX_AGE=2M # Keep 2 full backups @@ -24,6 +24,8 @@ let MAX_FULLS_WITH_INCRS=2 ''; action = "bkp_purge_purgeFull_purgeIncr"; + varName = k: remoteName: + if remoteName == "eriomem" then k else remoteName + "_" + k; in { options = { @@ -43,6 +45,20 @@ in Path to backup ''; }; + bucket = lib.mkOption { + type = lib.types.str; + default = "immae-${name}"; + description = '' + Bucket to use + ''; + }; + remotes = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["eriomem"]; + description = '' + Remotes to use for backup + ''; + }; excludeFile = lib.mkOption { type = lib.types.lines; default = ""; @@ -59,18 +75,19 @@ in system.activationScripts.backup = '' install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches ''; - secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [ - { - permissions = "0400"; - dest = "backup/${k}/conf"; - text = duplyProfile v "${k}/"; - } - { - permissions = "0400"; - dest = "backup/${k}/exclude"; - text = v.excludeFile; - } - ]) config.services.duplyBackup.profiles); + secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ + { + permissions = "0400"; + dest = "backup/${varName k remote}/conf"; + text = duplyProfile v remote "${k}/"; + } + { + permissions = "0400"; + dest = "backup/${varName k remote}/exclude"; + text = v.excludeFile; + } + ]) v.remotes) config.services.duplyBackup.profiles); services.cron = { enable = true; @@ -78,12 +95,15 @@ in backups = pkgs.writeScript "backups" '' #!${pkgs.stdenv.shell} - ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: + ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ '' - touch ${varDir}/${k}.log - ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log + touch ${varDir}/${varName k remote}.log + ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${varName k remote}/ ${action} --force >> ${varDir}/${varName k remote}.log + [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 '' - ) config.services.duplyBackup.profiles)} + ]) v.remotes + ) config.services.duplyBackup.profiles))} ''; in [ @@ -92,13 +112,11 @@ in }; - security.pki.certificates = let - cert = pkgs.fetchurl { + security.pki.certificateFiles = [ + (pkgs.fetchurl { url = "http://downloads.e.eriomem.net/eriomemca.pem"; sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh"; - }; - in [ - (builtins.readFile cert) + }) ]; }; }