about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2023-08-02 01:30:06 +0900
committersefidel <contact@sefidel.net>2023-08-02 02:01:58 +0900
commit7e98f50950d4296d9d662b53135af882f5c24ed0 (patch)
treee21f88bf03bab773c972be44d4bb465829fac63e
parent502882e92479e998387cd5ca05f326e161059b6a (diff)
downloadinfra-7e98f50950d4296d9d662b53135af882f5c24ed0.tar.gz
infra-7e98f50950d4296d9d662b53135af882f5c24ed0.zip
feat(modules/backup): init
-rw-r--r--modules/services/backup.nix75
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/services/backup.nix b/modules/services/backup.nix
new file mode 100644
index 0000000..a513d18
--- /dev/null
+++ b/modules/services/backup.nix
@@ -0,0 +1,75 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.backup;
+in
+{
+  options.modules.services.backup = {
+    enable = mkEnableOption "borg-based backup solution";
+    name = lib.mkOption {
+      type = lib.types.str;
+      default = "${config.networking.hostName}-rolling";
+      description = ''
+        Name of the backup job
+      '';
+    };
+
+    paths = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = ''
+        Paths to back up
+      '';
+    };
+    exclude = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = ''
+        Paths to exclude
+      '';
+    };
+    repo = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Path to the repository to back up to
+      '';
+    };
+    repoKeyPath = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Path to the repository key
+      '';
+    };
+    sshKeyPath = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        Path to the ssh key
+      '';
+    };
+    rsyncNet = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable rsync.net specific patches
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.borgbackup.jobs.${cfg.name} = {
+      inherit (cfg) paths exclude repo;
+
+
+      encryption.mode = "repokey-blake2";
+      encryption.passCommand = "cat ${cfg.repoKeyPath}";
+
+      environment.BORG_RSH = "ssh -i ${cfg.sshKeyPath}";
+      environment.BORG_REMOTE_PATH = lib.mkIf cfg.rsyncNet "/usr/local/bin/borg1/borg1";
+      # use borg 1.0+ on rsync.net
+      extraCreateArgs = "--verbose --stats --checkpoint-interval 600";
+      compression = "auto,zstd";
+      startAt = "daily";
+      persistentTimer = true;
+    };
+  };
+}