Add alternate cloud storage for daily backups

1 files changed, 41 insertions, 22 deletions

diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix
index bce4d65..73ac8f0 100644
--- a/modules/duply_backup/default.nix
+++ b/modules/duply_backup/default.nix
@@ -1,13 +1,13 @@
-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, name, ... }:
 
 let
   cfg = config.myEnv.backup;
   varDir = "/var/lib/duply";
-  duplyProfile = profile: prefix: ''
+  duplyProfile = profile: remote: prefix: ''
     GPG_PW="${cfg.password}"
-    TARGET="${cfg.remote}${prefix}"
-    export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}"
-    export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}"
+    TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}"
+    export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}"
+    export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}"
     SOURCE="${profile.rootDir}"
     FILENAME=".duplicity-ignore"
     DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'"
@@ -24,6 +24,8 @@ let
     MAX_FULLS_WITH_INCRS=2
   '';
   action = "bkp_purge_purgeFull_purgeIncr";
+  varName = k: remoteName:
+    if remoteName == "eriomem" then k else remoteName + "_" + k;
 in
 {
   options = {
@@ -43,6 +45,20 @@ in
               Path to backup
               '';
           };
+          bucket = lib.mkOption {
+            type = lib.types.str;
+            default = "immae-${name}";
+            description = ''
+              Bucket to use
+              '';
+          };
+          remotes = lib.mkOption {
+            type = lib.types.listOf lib.types.str;
+            default = ["eriomem"];
+            description = ''
+              Remotes to use for backup
+              '';
+          };
           excludeFile = lib.mkOption {
             type = lib.types.lines;
             default = "";
@@ -59,18 +75,19 @@ in
     system.activationScripts.backup = ''
       install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches
       '';
-    secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [
-      {
-        permissions = "0400";
-        dest = "backup/${k}/conf";
-        text = duplyProfile v "${k}/";
-      }
-      {
-        permissions = "0400";
-        dest = "backup/${k}/exclude";
-        text = v.excludeFile;
-      }
-    ]) config.services.duplyBackup.profiles);
+    secrets.keys = lib.flatten (lib.mapAttrsToList (k: v:
+      map (remote: [
+        {
+          permissions = "0400";
+          dest = "backup/${varName k remote}/conf";
+          text = duplyProfile v remote "${k}/";
+        }
+        {
+          permissions = "0400";
+          dest = "backup/${varName k remote}/exclude";
+          text = v.excludeFile;
+        }
+    ]) v.remotes) config.services.duplyBackup.profiles);
 
     services.cron = {
       enable = true;
@@ -78,13 +95,15 @@ in
         backups = pkgs.writeScript "backups" ''
           #!${pkgs.stdenv.shell}
 
-          ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v:
+          ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v:
+            map (remote: [
             ''
-              touch ${varDir}/${k}.log
-              ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log
-              [[ $? = 0 ]] || echo -e "Error when doing backup for ${k}, see above\n---------------------------------------" >&2
+              touch ${varDir}/${varName k remote}.log
+              ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${varName k remote}/ ${action} --force >> ${varDir}/${varName k remote}.log
+              [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2
             ''
-          ) config.services.duplyBackup.profiles)}
+            ]) v.remotes
+          ) config.services.duplyBackup.profiles))}
         '';
       in
         [