Refactor paste

[perso/Immae/Config/Nix.git] / modules / rsync_backup / default.nix

diff --git a/modules/rsync_backup/default.nix b/modules/rsync_backup/default.nix
index 2ff47aa48906df5429bd758750d212d8cac7ded9..f0df5a142d53bed4bb7f40fb5d8c21af53d8771b 100644 (file)
--- a/modules/rsync_backup/default.nix
+++ b/modules/rsync_backup/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig, ... }:
+{ lib, pkgs, config, ... }:
 let
   partModule = lib.types.submodule {
     options = {
@@ -41,6 +41,13 @@ let
           Number of backups to keep
           '';
       };
+      check_command = lib.mkOption {
+        type = lib.types.str;
+        default = "backup";
+        description = ''
+          command to check if backup needs to be done
+        '';
+      };
       login = lib.mkOption {
         type = lib.types.str;
         description = ''
@@ -84,19 +91,16 @@ let
 
   ssh_key = config.secrets.fullPaths."rsync_backup/identity";
 
-  backup_head = mailto: ''
+  backup_head = ''
     #!${pkgs.stdenv.shell}
     EXCL_FROM=`mktemp`
     FILES_FROM=`mktemp`
     TMP_STDERR=`mktemp`
 
     on_exit() {
-    ${lib.optionalString (mailto != null) ''
-      MAILTO="${mailto}"
       if [ -s "$TMP_STDERR" ]; then
-        cat "$TMP_STDERR" | ${pkgs.mailutils}/bin/mail -s "save_distant rsync error" "$MAILTO"
+        cat "$TMP_STDERR"
       fi
-    ''}
       rm -f $TMP_STDERR $EXCL_FROM $FILES_FROM
     }
 
@@ -127,9 +131,11 @@ let
           -o PreferredAuthentications=publickey \
           -o StrictHostKeyChecking=yes \
           -o ClearAllForwardings=yes \
+          -o UserKnownHostsFile=/dev/null \
+          -o CheckHostIP=no \
           -p $PORT \
           -i ${ssh_key} \
-          $DEST backup; then
+          $DEST ${profile.check_command}; then
         echo "Fichier de verrouillage backup sur $DEST ou impossible de se connecter" >&2
         skip=$DEST
       fi
@@ -147,7 +153,7 @@ let
     '';
 
     backup_profile_tail = name: profile: ''
-        ssh -i ${ssh_key} -p $PORT $DEST sh -c "date > .cache/last_backup"
+        ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -i ${ssh_key} -p $PORT $DEST sh -c "date > .cache/last_backup"
       fi # [ "$skip" != "$DEST" ]
       ##### End ${name} #####
     '';
@@ -169,7 +175,7 @@ let
       EOF
 
       OUT=$RSYNC_OUTPUT/$LOCAL
-      ${pkgs.rsync}/bin/rsync -XAavbrz --fake-super -e "ssh -i ${ssh_key} -p $PORT" --numeric-ids --delete \
+      ${pkgs.rsync}/bin/rsync --new-compress -XAavbr --fake-super -e "ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -i ${ssh_key} -p $PORT" --numeric-ids --delete \
         --backup-dir=$BAK_BASE/$LOCAL \${
         lib.optionalString (part.args != null) "\n  ${part.args} \\"}${
         lib.optionalString (builtins.length part.exclude_from > 0) "\n  --exclude-from=$EXCL_FROM \\"}${
@@ -184,11 +190,6 @@ in
       type = lib.types.path;
       description = "Path to the base folder for backups";
     };
-    mailto = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-      description = "E-mail to send the report to";
-    };
     profiles = lib.mkOption {
       type = lib.types.attrsOf profileModule;
       default = {};
@@ -207,7 +208,6 @@ in
   };
 
   config = lib.mkIf (builtins.length (builtins.attrNames cfg.profiles) > 0) {
-    # FIXME: monitoring to check that backup is less than 14h old
     users.users.backup = {
       isSystemUser = true;
       uid = config.ids.uids.backup;
@@ -221,7 +221,7 @@ in
 
     services.cron.systemCronJobs = let
       backup = pkgs.writeScript "backup.sh" (builtins.concatStringsSep "\n" ([
-        (backup_head cfg.mailto)
+        backup_head
       ] ++ lib.mapAttrsToList backup_profile cfg.profiles));
     in [
       ''