diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-07-16 01:10:17 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-07-16 01:10:17 +0200 |
commit | 5a61f6ad5164a735be26e016c59e72252ffb49b7 (patch) | |
tree | 6acc3c8199d7f25c039c6c6686005436d1fb49d7 /modules/duply_backup | |
parent | ca367c14902ab1bf869976dc5dca52d07e308c15 (diff) | |
download | Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.tar.gz Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.tar.zst Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.zip |
Add alternate cloud storage for daily backups
Diffstat (limited to 'modules/duply_backup')
-rw-r--r-- | modules/duply_backup/default.nix | 63 |
1 files changed, 41 insertions, 22 deletions
diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix index bce4d65..73ac8f0 100644 --- a/modules/duply_backup/default.nix +++ b/modules/duply_backup/default.nix | |||
@@ -1,13 +1,13 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, name, ... }: |
2 | 2 | ||
3 | let | 3 | let |
4 | cfg = config.myEnv.backup; | 4 | cfg = config.myEnv.backup; |
5 | varDir = "/var/lib/duply"; | 5 | varDir = "/var/lib/duply"; |
6 | duplyProfile = profile: prefix: '' | 6 | duplyProfile = profile: remote: prefix: '' |
7 | GPG_PW="${cfg.password}" | 7 | GPG_PW="${cfg.password}" |
8 | TARGET="${cfg.remote}${prefix}" | 8 | TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" |
9 | export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}" | 9 | export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" |
10 | export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}" | 10 | export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" |
11 | SOURCE="${profile.rootDir}" | 11 | SOURCE="${profile.rootDir}" |
12 | FILENAME=".duplicity-ignore" | 12 | FILENAME=".duplicity-ignore" |
13 | DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" | 13 | DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" |
@@ -24,6 +24,8 @@ let | |||
24 | MAX_FULLS_WITH_INCRS=2 | 24 | MAX_FULLS_WITH_INCRS=2 |
25 | ''; | 25 | ''; |
26 | action = "bkp_purge_purgeFull_purgeIncr"; | 26 | action = "bkp_purge_purgeFull_purgeIncr"; |
27 | varName = k: remoteName: | ||
28 | if remoteName == "eriomem" then k else remoteName + "_" + k; | ||
27 | in | 29 | in |
28 | { | 30 | { |
29 | options = { | 31 | options = { |
@@ -43,6 +45,20 @@ in | |||
43 | Path to backup | 45 | Path to backup |
44 | ''; | 46 | ''; |
45 | }; | 47 | }; |
48 | bucket = lib.mkOption { | ||
49 | type = lib.types.str; | ||
50 | default = "immae-${name}"; | ||
51 | description = '' | ||
52 | Bucket to use | ||
53 | ''; | ||
54 | }; | ||
55 | remotes = lib.mkOption { | ||
56 | type = lib.types.listOf lib.types.str; | ||
57 | default = ["eriomem"]; | ||
58 | description = '' | ||
59 | Remotes to use for backup | ||
60 | ''; | ||
61 | }; | ||
46 | excludeFile = lib.mkOption { | 62 | excludeFile = lib.mkOption { |
47 | type = lib.types.lines; | 63 | type = lib.types.lines; |
48 | default = ""; | 64 | default = ""; |
@@ -59,18 +75,19 @@ in | |||
59 | system.activationScripts.backup = '' | 75 | system.activationScripts.backup = '' |
60 | install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches | 76 | install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches |
61 | ''; | 77 | ''; |
62 | secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [ | 78 | secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: |
63 | { | 79 | map (remote: [ |
64 | permissions = "0400"; | 80 | { |
65 | dest = "backup/${k}/conf"; | 81 | permissions = "0400"; |
66 | text = duplyProfile v "${k}/"; | 82 | dest = "backup/${varName k remote}/conf"; |
67 | } | 83 | text = duplyProfile v remote "${k}/"; |
68 | { | 84 | } |
69 | permissions = "0400"; | 85 | { |
70 | dest = "backup/${k}/exclude"; | 86 | permissions = "0400"; |
71 | text = v.excludeFile; | 87 | dest = "backup/${varName k remote}/exclude"; |
72 | } | 88 | text = v.excludeFile; |
73 | ]) config.services.duplyBackup.profiles); | 89 | } |
90 | ]) v.remotes) config.services.duplyBackup.profiles); | ||
74 | 91 | ||
75 | services.cron = { | 92 | services.cron = { |
76 | enable = true; | 93 | enable = true; |
@@ -78,13 +95,15 @@ in | |||
78 | backups = pkgs.writeScript "backups" '' | 95 | backups = pkgs.writeScript "backups" '' |
79 | #!${pkgs.stdenv.shell} | 96 | #!${pkgs.stdenv.shell} |
80 | 97 | ||
81 | ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: | 98 | ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: |
99 | map (remote: [ | ||
82 | '' | 100 | '' |
83 | touch ${varDir}/${k}.log | 101 | touch ${varDir}/${varName k remote}.log |
84 | ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log | 102 | ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${varName k remote}/ ${action} --force >> ${varDir}/${varName k remote}.log |
85 | [[ $? = 0 ]] || echo -e "Error when doing backup for ${k}, see above\n---------------------------------------" >&2 | 103 | [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 |
86 | '' | 104 | '' |
87 | ) config.services.duplyBackup.profiles)} | 105 | ]) v.remotes |
106 | ) config.services.duplyBackup.profiles))} | ||
88 | ''; | 107 | ''; |
89 | in | 108 | in |
90 | [ | 109 | [ |