2020-12-05 14:19:34 +01:00
|
|
|
{ pkgs, config, lib, options, ... }:
|
2020-08-22 17:44:39 +02:00
|
|
|
let
|
2020-12-05 14:19:34 +01:00
|
|
|
cfg = config.sbruder.restic;
|
|
|
|
|
|
2020-10-17 09:58:44 +02:00
|
|
|
name = "${config.networking.hostName}-system";
|
2020-12-21 12:50:30 +01:00
|
|
|
repository = "s3:https://s3.eu-central-1.wasabisys.com/sbruder-restic";
|
2020-08-22 17:44:39 +02:00
|
|
|
excludes = [
|
|
|
|
|
# General
|
|
|
|
|
"/home/*/Downloads/"
|
|
|
|
|
"/home/*/.cache/"
|
|
|
|
|
"/home/*/**/cache/"
|
|
|
|
|
"/home/*/.claws-mail/imapcache"
|
|
|
|
|
"/home/*/.local/share/Trash"
|
|
|
|
|
"/home/*/.local/share/nvim/"
|
|
|
|
|
|
|
|
|
|
# Rust
|
|
|
|
|
"/home/*/**/target/debug/"
|
|
|
|
|
"/home/*/**/target/doc/"
|
|
|
|
|
"/home/*/**/target/release/"
|
|
|
|
|
"/home/*/**/target/rls/"
|
|
|
|
|
"/home/*/**/target/tarpaulin/"
|
|
|
|
|
"/home/*/**/target/wasm32-unknown-unknown/"
|
|
|
|
|
"/home/*/.rustup/toolchains/"
|
|
|
|
|
"/home/*/.cargo"
|
|
|
|
|
|
|
|
|
|
# Python
|
|
|
|
|
"/home/*/.local/share/pyppeteer"
|
|
|
|
|
"/home/*/.local/share/virtualenvs/"
|
|
|
|
|
"/home/*/.platformio/"
|
|
|
|
|
|
|
|
|
|
# Node
|
|
|
|
|
"/home/*/**/.local-chromium"
|
|
|
|
|
|
|
|
|
|
# Project related
|
|
|
|
|
"/home/*/mount"
|
|
|
|
|
"/home/*/projects/vapoursynth/data/"
|
|
|
|
|
"/home/*/projects/vapoursynth/out/"
|
|
|
|
|
"/home/*/projects/vapoursynth/src/"
|
|
|
|
|
|
|
|
|
|
# Docker
|
|
|
|
|
"/var/lib/docker/"
|
2020-10-22 21:59:05 +02:00
|
|
|
|
|
|
|
|
# Stuff I do not want to back up
|
|
|
|
|
"/data/cache/"
|
2020-08-22 17:44:39 +02:00
|
|
|
];
|
|
|
|
|
excludesFile = pkgs.writeText "exludes.txt" (builtins.concatStringsSep "\n" excludes);
|
|
|
|
|
maybePath = path: (lib.optional (builtins.pathExists path) (toString path));
|
2020-12-21 12:54:33 +01:00
|
|
|
|
|
|
|
|
# script to use restic as user without dealing with authentication
|
|
|
|
|
authScript = pkgs.writeShellScriptBin "restic-auth" ''
|
|
|
|
|
. <(pass nixos/machines/${config.networking.hostName}/restic-s3 | sed 's/^/export /')
|
|
|
|
|
${pkgs.restic}/bin/restic \
|
|
|
|
|
--password-command="pass nixos/machines/${config.networking.hostName}/restic-password" \
|
|
|
|
|
--repo "${repository}" \
|
|
|
|
|
$@
|
|
|
|
|
'';
|
2020-08-22 17:44:39 +02:00
|
|
|
in
|
|
|
|
|
{
|
2020-12-05 14:19:34 +01:00
|
|
|
options.sbruder.restic = {
|
|
|
|
|
enable = lib.mkEnableOption "restic";
|
2020-12-21 12:33:46 +01:00
|
|
|
timerConfig = lib.recursiveUpdate
|
|
|
|
|
((builtins.elemAt
|
|
|
|
|
(builtins.elemAt
|
|
|
|
|
options.services.restic.backups.type.getSubModules
|
|
|
|
|
0
|
|
|
|
|
).imports
|
|
|
|
|
0)
|
|
|
|
|
{ name = ""; }).options.timerConfig
|
|
|
|
|
{
|
|
|
|
|
default = {
|
|
|
|
|
OnCalendar = "20:00";
|
|
|
|
|
RandomizedDelaySec = "2h";
|
2020-12-05 14:19:34 +01:00
|
|
|
};
|
2020-12-21 12:33:46 +01:00
|
|
|
};
|
2020-08-22 17:44:39 +02:00
|
|
|
};
|
2020-10-17 09:58:44 +02:00
|
|
|
|
2020-12-05 14:19:34 +01:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.restic.backups."${name}" = {
|
2020-12-21 12:50:30 +01:00
|
|
|
inherit repository;
|
2020-12-12 16:50:25 +01:00
|
|
|
passwordFile = toString <secrets/restic-password>;
|
|
|
|
|
s3CredentialsFile = toString <secrets/restic-s3>;
|
2020-12-05 14:19:34 +01:00
|
|
|
paths = lib.mkDefault (
|
|
|
|
|
[ ]
|
|
|
|
|
++ maybePath /data
|
|
|
|
|
++ maybePath /home
|
|
|
|
|
++ maybePath /srv
|
|
|
|
|
++ maybePath /var
|
|
|
|
|
);
|
|
|
|
|
initialize = true;
|
|
|
|
|
extraBackupArgs = [
|
|
|
|
|
"--exclude-caches"
|
|
|
|
|
"--exclude-file=${excludesFile}"
|
|
|
|
|
"--verbose"
|
|
|
|
|
];
|
|
|
|
|
timerConfig = cfg.timerConfig;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services."restic-backups-${name}".serviceConfig = {
|
|
|
|
|
"Nice" = 10;
|
|
|
|
|
"IOSchedulingClass" = "best-effort";
|
|
|
|
|
"IOSchedulingPriority" = 7;
|
|
|
|
|
};
|
2020-12-21 12:54:33 +01:00
|
|
|
|
|
|
|
|
environment.systemPackages = [
|
|
|
|
|
authScript
|
|
|
|
|
];
|
2020-10-17 09:58:44 +02:00
|
|
|
};
|
2020-08-22 17:44:39 +02:00
|
|
|
}
|
