diff options
Diffstat (limited to 'modules/duply_backup')
-rw-r--r-- | modules/duply_backup/default.nix | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix deleted file mode 100644 index 846b1d4..0000000 --- a/modules/duply_backup/default.nix +++ /dev/null | |||
@@ -1,124 +0,0 @@ | |||
1 | { lib, pkgs, config, name, ... }: | ||
2 | |||
3 | let | ||
4 | cfg = config.myEnv.backup; | ||
5 | varDir = "/var/lib/duply"; | ||
6 | duplyProfile = profile: remote: prefix: '' | ||
7 | GPG_PW="${cfg.password}" | ||
8 | TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" | ||
9 | export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" | ||
10 | export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" | ||
11 | SOURCE="${profile.rootDir}" | ||
12 | FILENAME=".duplicity-ignore" | ||
13 | DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" | ||
14 | VERBOSITY=4 | ||
15 | ARCH_DIR="${varDir}/caches" | ||
16 | |||
17 | # Do a full backup after 1 month | ||
18 | MAX_FULLBKP_AGE=1M | ||
19 | DUPL_PARAMS="$DUPL_PARAMS --allow-source-mismatch --exclude-other-filesystems --full-if-older-than $MAX_FULLBKP_AGE " | ||
20 | # Backups older than 2months are deleted | ||
21 | MAX_AGE=2M | ||
22 | # Keep 2 full backups | ||
23 | MAX_FULL_BACKUPS=2 | ||
24 | MAX_FULLS_WITH_INCRS=2 | ||
25 | ''; | ||
26 | action = "bkp_purge_purgeFull_purgeIncr"; | ||
27 | varName = k: remoteName: | ||
28 | if remoteName == "eriomem" then k else remoteName + "_" + k; | ||
29 | in | ||
30 | { | ||
31 | options = { | ||
32 | services.duplyBackup.enable = lib.mkOption { | ||
33 | type = lib.types.bool; | ||
34 | default = false; | ||
35 | description = '' | ||
36 | Whether to enable remote backups. | ||
37 | ''; | ||
38 | }; | ||
39 | services.duplyBackup.profiles = lib.mkOption { | ||
40 | type = lib.types.attrsOf (lib.types.submodule { | ||
41 | options = { | ||
42 | rootDir = lib.mkOption { | ||
43 | type = lib.types.path; | ||
44 | description = '' | ||
45 | Path to backup | ||
46 | ''; | ||
47 | }; | ||
48 | bucket = lib.mkOption { | ||
49 | type = lib.types.str; | ||
50 | default = "immae-${name}"; | ||
51 | description = '' | ||
52 | Bucket to use | ||
53 | ''; | ||
54 | }; | ||
55 | remotes = lib.mkOption { | ||
56 | type = lib.types.listOf lib.types.str; | ||
57 | default = ["eriomem"]; | ||
58 | description = '' | ||
59 | Remotes to use for backup | ||
60 | ''; | ||
61 | }; | ||
62 | excludeFile = lib.mkOption { | ||
63 | type = lib.types.lines; | ||
64 | default = ""; | ||
65 | description = '' | ||
66 | Content to put in exclude file | ||
67 | ''; | ||
68 | }; | ||
69 | }; | ||
70 | }); | ||
71 | }; | ||
72 | }; | ||
73 | |||
74 | config = lib.mkIf config.services.duplyBackup.enable { | ||
75 | system.activationScripts.backup = '' | ||
76 | install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches | ||
77 | ''; | ||
78 | secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (k: v: | ||
79 | map (remote: [ | ||
80 | (lib.nameValuePair "backup/${varName k remote}/conf" { | ||
81 | permissions = "0400"; | ||
82 | text = duplyProfile v remote "${k}/"; | ||
83 | }) | ||
84 | (lib.nameValuePair "backup/${varName k remote}/exclude" { | ||
85 | permissions = "0400"; | ||
86 | text = v.excludeFile; | ||
87 | }) | ||
88 | (lib.nameValuePair "backup/${varName k remote}" { | ||
89 | permissions = "0500"; | ||
90 | isDir = true; | ||
91 | }) | ||
92 | ]) v.remotes) config.services.duplyBackup.profiles)); | ||
93 | |||
94 | services.cron = { | ||
95 | enable = true; | ||
96 | systemCronJobs = let | ||
97 | backups = pkgs.writeScript "backups" '' | ||
98 | #!${pkgs.stdenv.shell} | ||
99 | |||
100 | ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: | ||
101 | map (remote: [ | ||
102 | '' | ||
103 | touch ${varDir}/${varName k remote}.log | ||
104 | ${pkgs.duply}/bin/duply ${config.secrets.fullPaths."backup/${varName k remote}"}/ ${action} --force >> ${varDir}/${varName k remote}.log | ||
105 | [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 | ||
106 | '' | ||
107 | ]) v.remotes | ||
108 | ) config.services.duplyBackup.profiles))} | ||
109 | ''; | ||
110 | in | ||
111 | [ | ||
112 | "0 2 * * * root ${backups}" | ||
113 | ]; | ||
114 | |||
115 | }; | ||
116 | |||
117 | security.pki.certificateFiles = [ | ||
118 | (pkgs.fetchurl { | ||
119 | url = "http://downloads.e.eriomem.net/eriomemca.pem"; | ||
120 | sha256 = "1ixx4c6j3m26j8dp9a3dkvxc80v1nr5aqgmawwgs06bskasqkvvh"; | ||
121 | }) | ||
122 | ]; | ||
123 | }; | ||
124 | } | ||