diff options
Diffstat (limited to 'modules/services/backup.nix')
-rw-r--r-- | modules/services/backup.nix | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/services/backup.nix b/modules/services/backup.nix new file mode 100644 index 0000000..a513d18 --- /dev/null +++ b/modules/services/backup.nix @@ -0,0 +1,75 @@ +{ config, lib, ... }: + +with lib; +let + cfg = config.modules.services.backup; +in +{ + options.modules.services.backup = { + enable = mkEnableOption "borg-based backup solution"; + name = lib.mkOption { + type = lib.types.str; + default = "${config.networking.hostName}-rolling"; + description = '' + Name of the backup job + ''; + }; + + paths = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = '' + Paths to back up + ''; + }; + exclude = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = '' + Paths to exclude + ''; + }; + repo = lib.mkOption { + type = lib.types.str; + description = '' + Path to the repository to back up to + ''; + }; + repoKeyPath = lib.mkOption { + type = lib.types.str; + description = '' + Path to the repository key + ''; + }; + sshKeyPath = lib.mkOption { + type = lib.types.str; + description = '' + Path to the ssh key + ''; + }; + rsyncNet = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable rsync.net specific patches + ''; + }; + }; + + config = mkIf cfg.enable { + services.borgbackup.jobs.${cfg.name} = { + inherit (cfg) paths exclude repo; + + + encryption.mode = "repokey-blake2"; + encryption.passCommand = "cat ${cfg.repoKeyPath}"; + + environment.BORG_RSH = "ssh -i ${cfg.sshKeyPath}"; + environment.BORG_REMOTE_PATH = lib.mkIf cfg.rsyncNet "/usr/local/bin/borg1/borg1"; + # use borg 1.0+ on rsync.net + extraCreateArgs = "--verbose --stats --checkpoint-interval 600"; + compression = "auto,zstd"; + startAt = "daily"; + persistentTimer = true; + }; + }; +} |