about summary refs log tree commit diff
path: root/modules/services
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-04-10 13:24:12 -0700
committerFranck Cuny <franck@fcuny.net>2022-04-10 13:25:48 -0700
commitfad740947d826c1c04c5162fb57a06ec64b7a449 (patch)
tree5b4946ffcbbac68d8462cd53e263e09aeb65640c /modules/services
parenttahoe: enable network with early boot (diff)
downloadworld-fad740947d826c1c04c5162fb57a06ec64b7a449.tar.gz
add a module for backup with restic
Do a single backup for the host, instead of running multiple ones.
Diffstat (limited to '')
-rw-r--r--modules/services/backup/default.nix83
-rw-r--r--modules/services/default.nix1
-rw-r--r--modules/services/gitea/default.nix12
-rw-r--r--modules/services/grafana/default.nix15
-rw-r--r--modules/services/navidrome/default.nix13
-rw-r--r--modules/services/prometheus/default.nix15
-rw-r--r--modules/services/unifi/default.nix15
7 files changed, 89 insertions, 65 deletions
diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix
new file mode 100644
index 0000000..52378d3
--- /dev/null
+++ b/modules/services/backup/default.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, lib, ... }:
+let cfg = config.my.services.backup;
+in {
+  options.my.services.backup = with lib; {
+    enable = mkEnableOption "Enable backups for this host";
+
+    repository = mkOption {
+      type = types.str;
+      example = "/data/slow/backups/system";
+      description = "The repository to back up to";
+    };
+
+    passwordFile = mkOption {
+      type = types.str;
+      example = "/var/lib/restic/password.txt";
+      description = "Read the repository's password from this path";
+    };
+
+    paths = mkOption {
+      type = with types; listOf str;
+      default = [ ];
+      example = [ "/var/lib" "/home" ];
+      description = "Paths to backup";
+    };
+
+    exclude = mkOption {
+      type = with types; listOf str;
+      default = [ ];
+      example = [
+        # very large paths
+        "/var/lib/docker"
+        "/var/lib/systemd"
+        "/var/lib/libvirt"
+
+        # temporary files created by `cargo` and `go build`
+        "**/target"
+        "/home/*/go/bin"
+        "/home/*/go/pkg"
+      ];
+      description = "Paths to exclude from backup";
+    };
+
+    pruneOpts = mkOption {
+      type = with types; listOf str;
+      default = [
+        "--keep-last 10"
+        "--keep-hourly 24"
+        "--keep-daily 7"
+        "--keep-weekly 5"
+        "--keep-monthly 12"
+        "--keep-yearly 100"
+      ];
+      example = [ "--keep-last 5" "--keep-weekly 2" ];
+      description = ''
+        List of options to give to the `forget` subcommand after a backup.
+      '';
+    };
+
+    timerConfig = mkOption {
+      # NOTE: I do not know how to cleanly set the type
+      default = { OnCalendar = "daily"; };
+      example = {
+        OnCalendar = "00:05";
+        RandomizedDelaySec = "5h";
+      };
+      description = ''
+        When to run the backup. See man systemd.timer for details.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.restic.backups = {
+      # Take care of included and excluded files
+      paths = cfg.paths;
+      extraBackupArgs = [ "--verbose=2" ]
+        ++ lib.optional (builtins.length cfg.exclude != 0) excludeArg;
+      # Take care of creating the repository if it doesn't exist
+      initialize = true;
+      inherit (cfg) passwordFile pruneOpts timerConfig repository;
+    };
+  };
+}
diff --git a/modules/services/default.nix b/modules/services/default.nix
index a6219e0..24602cc 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./avahi
+    ./backup
     ./fwupd
     ./gitea
     ./gnome
diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix
index 47abd55..d232001 100644
--- a/modules/services/gitea/default.nix
+++ b/modules/services/gitea/default.nix
@@ -37,16 +37,6 @@ in {
       };
     };
 
-    services.restic.backups = {
-      gitea = {
-        paths = [ cfg.stateDir ];
-        repository = "/data/slow/backups/systems";
-        passwordFile = config.age.secrets.restic-repo-systems.path;
-        timerConfig = { OnCalendar = "00:15"; };
-        initialize = true;
-        extraBackupArgs = [ "--tag gitea" ];
-        pruneOpts = [ "--keep-daily 7" "--keep-weekly 4 --keep-monthly 6" ];
-      };
-    };
+    my.services.backup = { paths = [ cfg.stateDir ]; };
   };
 }
diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix
index 5d67bc1..8638660 100644
--- a/modules/services/grafana/default.nix
+++ b/modules/services/grafana/default.nix
@@ -29,19 +29,6 @@ in {
       };
     };
 
-    age.secrets.restic-repo-systems.file =
-      ../../../secrets/restic/repo-systems.age;
-
-    services.restic.backups = {
-      grafana = {
-        paths = [ "/var/lib/grafana/data" ];
-        repository = "/data/slow/backups/systems";
-        passwordFile = config.age.secrets.restic-repo-systems.path;
-        timerConfig = { OnCalendar = "00:05"; };
-        initialize = true;
-        extraBackupArgs = [ "--tag grafana" ];
-        pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ];
-      };
-    };
+    my.services.backup = { paths = [ "/var/lib/grafana/data" ]; };
   };
 }
diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix
index 1c3725b..98dd678 100644
--- a/modules/services/navidrome/default.nix
+++ b/modules/services/navidrome/default.nix
@@ -20,18 +20,7 @@ in {
       };
     };
 
-    services.restic.backups = {
-      navidrome = {
-        paths = [ "/var/lib/navidrome/" ];
-        repository = "/data/slow/backups/systems";
-        passwordFile = config.age.secrets.restic-repo-systems.path;
-        timerConfig = { OnCalendar = "00:35"; };
-        initialize = true;
-        extraBackupArgs = [ "--tag navidrome" ];
-        pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ];
-      };
-    };
-
+    my.services.backup = { paths = [ "/var/lib/navidrome" ]; };
     networking.firewall.allowedTCPPorts = [ 4533 ];
   };
 }
diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix
index c7b80c2..e4fa897 100644
--- a/modules/services/prometheus/default.nix
+++ b/modules/services/prometheus/default.nix
@@ -170,19 +170,6 @@ in {
       ];
     };
 
-    age.secrets.restic-repo-systems.file =
-      ../../../secrets/restic/repo-systems.age;
-
-    services.restic.backups = {
-      prometheus = {
-        paths = [ "/var/lib/prometheus2" ];
-        repository = "/data/slow/backups/systems";
-        passwordFile = config.age.secrets.restic-repo-systems.path;
-        initialize = true;
-        timerConfig = { OnCalendar = "00:25"; };
-        extraBackupArgs = [ "--tag prometheus" ];
-        pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ];
-      };
-    };
+    my.services.backup = { paths = [ "/var/lib/prometheus2" ]; };
   };
 }
diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix
index af7b059..c36860a 100644
--- a/modules/services/unifi/default.nix
+++ b/modules/services/unifi/default.nix
@@ -69,19 +69,6 @@ in {
       };
     };
 
-    age.secrets.restic-repo-systems.file =
-      ../../../secrets/restic/repo-systems.age;
-
-    services.restic.backups = {
-      unifi = {
-        paths = [ "/var/lib/unifi" ];
-        repository = "/data/slow/backups/systems";
-        passwordFile = config.age.secrets.restic-repo-systems.path;
-        initialize = true;
-        timerConfig = { OnCalendar = "00:45"; };
-        extraBackupArgs = [ "--tag unifi" ];
-        pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ];
-      };
-    };
+    my.services.backup = { paths = [ "/var/lib/unifi" ]; };
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 17:15:50 +0000