From 5a61f6ad5164a735be26e016c59e72252ffb49b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 16 Jul 2020 01:10:17 +0200 Subject: Add alternate cloud storage for daily backups --- modules/duply_backup/default.nix | 63 ++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 22 deletions(-) (limited to 'modules/duply_backup') diff --git a/modules/duply_backup/default.nix b/modules/duply_backup/default.nix index bce4d65..73ac8f0 100644 --- a/modules/duply_backup/default.nix +++ b/modules/duply_backup/default.nix @@ -1,13 +1,13 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, name, ... }: let cfg = config.myEnv.backup; varDir = "/var/lib/duply"; - duplyProfile = profile: prefix: '' + duplyProfile = profile: remote: prefix: '' GPG_PW="${cfg.password}" - TARGET="${cfg.remote}${prefix}" - export AWS_ACCESS_KEY_ID="${cfg.accessKeyId}" - export AWS_SECRET_ACCESS_KEY="${cfg.secretAccessKey}" + TARGET="${cfg.remotes.${remote}.remote profile.bucket}${prefix}" + export AWS_ACCESS_KEY_ID="${cfg.remotes.${remote}.accessKeyId}" + export AWS_SECRET_ACCESS_KEY="${cfg.remotes.${remote}.secretAccessKey}" SOURCE="${profile.rootDir}" FILENAME=".duplicity-ignore" DUPL_PARAMS="$DUPL_PARAMS --exclude-if-present '$FILENAME'" @@ -24,6 +24,8 @@ let MAX_FULLS_WITH_INCRS=2 ''; action = "bkp_purge_purgeFull_purgeIncr"; + varName = k: remoteName: + if remoteName == "eriomem" then k else remoteName + "_" + k; in { options = { @@ -43,6 +45,20 @@ in Path to backup ''; }; + bucket = lib.mkOption { + type = lib.types.str; + default = "immae-${name}"; + description = '' + Bucket to use + ''; + }; + remotes = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["eriomem"]; + description = '' + Remotes to use for backup + ''; + }; excludeFile = lib.mkOption { type = lib.types.lines; default = ""; @@ -59,18 +75,19 @@ in system.activationScripts.backup = '' install -m 0700 -o root -g root -d ${varDir} ${varDir}/caches ''; - secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: [ - { - permissions = "0400"; - dest = "backup/${k}/conf"; - text = duplyProfile v "${k}/"; - } - { - permissions = "0400"; - dest = "backup/${k}/exclude"; - text = v.excludeFile; - } - ]) config.services.duplyBackup.profiles); + secrets.keys = lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ + { + permissions = "0400"; + dest = "backup/${varName k remote}/conf"; + text = duplyProfile v remote "${k}/"; + } + { + permissions = "0400"; + dest = "backup/${varName k remote}/exclude"; + text = v.excludeFile; + } + ]) v.remotes) config.services.duplyBackup.profiles); services.cron = { enable = true; @@ -78,13 +95,15 @@ in backups = pkgs.writeScript "backups" '' #!${pkgs.stdenv.shell} - ${builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: + ${builtins.concatStringsSep "\n" (lib.flatten (lib.mapAttrsToList (k: v: + map (remote: [ '' - touch ${varDir}/${k}.log - ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${k}/ ${action} --force >> ${varDir}/${k}.log - [[ $? = 0 ]] || echo -e "Error when doing backup for ${k}, see above\n---------------------------------------" >&2 + touch ${varDir}/${varName k remote}.log + ${pkgs.duply}/bin/duply ${config.secrets.location}/backup/${varName k remote}/ ${action} --force >> ${varDir}/${varName k remote}.log + [[ $? = 0 ]] || echo -e "Error when doing backup for ${varName k remote}, see above\n---------------------------------------" >&2 '' - ) config.services.duplyBackup.profiles)} + ]) v.remotes + ) config.services.duplyBackup.profiles))} ''; in [ -- cgit v1.2.3