diff options
| author | sefidel <contact@sefidel.net> | 2023-08-02 01:30:06 +0900 |
|---|---|---|
| committer | sefidel <contact@sefidel.net> | 2023-08-02 02:01:58 +0900 |
| commit | 7e98f50950d4296d9d662b53135af882f5c24ed0 (patch) | |
| tree | e21f88bf03bab773c972be44d4bb465829fac63e /modules/services/backup.nix | |
| parent | 502882e92479e998387cd5ca05f326e161059b6a (diff) | |
| download | infra-7e98f50950d4296d9d662b53135af882f5c24ed0.tar.gz infra-7e98f50950d4296d9d662b53135af882f5c24ed0.zip | |
feat(modules/backup): init
Diffstat (limited to 'modules/services/backup.nix')
| -rw-r--r-- | modules/services/backup.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/services/backup.nix b/modules/services/backup.nix new file mode 100644 index 0000000..a513d18 --- /dev/null +++ b/modules/services/backup.nix @@ -0,0 +1,75 @@ +{ config, lib, ... }: + +with lib; +let + cfg = config.modules.services.backup; +in +{ + options.modules.services.backup = { + enable = mkEnableOption "borg-based backup solution"; + name = lib.mkOption { + type = lib.types.str; + default = "${config.networking.hostName}-rolling"; + description = '' + Name of the backup job + ''; + }; + + paths = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = '' + Paths to back up + ''; + }; + exclude = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Paths to exclude + ''; + }; + repo = lib.mkOption { + type = lib.types.str; + description = '' + Path to the repository to back up to + ''; + }; + repoKeyPath = lib.mkOption { + type = lib.types.str; + description = '' + Path to the repository key + ''; + }; + sshKeyPath = lib.mkOption { + type = lib.types.str; + description = '' + Path to the ssh key + ''; + }; + rsyncNet = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable rsync.net specific patches + ''; + }; + }; + + config = mkIf cfg.enable { + services.borgbackup.jobs.${cfg.name} = { + inherit (cfg) paths exclude repo; + + + encryption.mode = "repokey-blake2"; + encryption.passCommand = "cat ${cfg.repoKeyPath}"; + + environment.BORG_RSH = "ssh -i ${cfg.sshKeyPath}"; + environment.BORG_REMOTE_PATH = lib.mkIf cfg.rsyncNet "/usr/local/bin/borg1/borg1"; + # use borg 1.0+ on rsync.net + extraCreateArgs = "--verbose --stats --checkpoint-interval 600"; + compression = "auto,zstd"; + startAt = "daily"; + persistentTimer = true; + }; + }; +} |