diff options
Diffstat (limited to '')
-rw-r--r-- | hosts/tahoe/services.nix | 14 | ||||
-rw-r--r-- | modules/services/backup/default.nix | 83 | ||||
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/gitea/default.nix | 12 | ||||
-rw-r--r-- | modules/services/grafana/default.nix | 15 | ||||
-rw-r--r-- | modules/services/navidrome/default.nix | 13 | ||||
-rw-r--r-- | modules/services/prometheus/default.nix | 15 | ||||
-rw-r--r-- | modules/services/unifi/default.nix | 15 |
8 files changed, 93 insertions, 75 deletions
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index a8badea..535eb8d 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -21,17 +21,11 @@ traefik = { enable = true; }; transmission = { enable = true; }; metrics-exporter = { enable = true; }; - }; - - services.restic.backups = { - media = { - paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ]; + backup = { repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:55"; }; - initialize = true; - extraBackupArgs = [ "--tag media" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 12" ]; + timerConfig = { oncalendar = "00:15"; }; + passwordFile = config.age.secrets.restic-repo-systemms.path; + paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ]; }; }; } diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix new file mode 100644 index 0000000..52378d3 --- /dev/null +++ b/modules/services/backup/default.nix @@ -0,0 +1,83 @@ +{ config, pkgs, lib, ... }: +let cfg = config.my.services.backup; +in { + options.my.services.backup = with lib; { + enable = mkEnableOption "Enable backups for this host"; + + repository = mkOption { + type = types.str; + example = "/data/slow/backups/system"; + description = "The repository to back up to"; + }; + + passwordFile = mkOption { + type = types.str; + example = "/var/lib/restic/password.txt"; + description = "Read the repository's password from this path"; + }; + + paths = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "/var/lib" "/home" ]; + description = "Paths to backup"; + }; + + exclude = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ + # very large paths + "/var/lib/docker" + "/var/lib/systemd" + "/var/lib/libvirt" + + # temporary files created by `cargo` and `go build` + "**/target" + "/home/*/go/bin" + "/home/*/go/pkg" + ]; + description = "Paths to exclude from backup"; + }; + + pruneOpts = mkOption { + type = with types; listOf str; + default = [ + "--keep-last 10" + "--keep-hourly 24" + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 100" + ]; + example = [ "--keep-last 5" "--keep-weekly 2" ]; + description = '' + List of options to give to the `forget` subcommand after a backup. + ''; + }; + + timerConfig = mkOption { + # NOTE: I do not know how to cleanly set the type + default = { OnCalendar = "daily"; }; + example = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + description = '' + When to run the backup. See man systemd.timer for details. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.restic.backups = { + # Take care of included and excluded files + paths = cfg.paths; + extraBackupArgs = [ "--verbose=2" ] + ++ lib.optional (builtins.length cfg.exclude != 0) excludeArg; + # Take care of creating the repository if it doesn't exist + initialize = true; + inherit (cfg) passwordFile pruneOpts timerConfig repository; + }; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index a6219e0..24602cc 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -3,6 +3,7 @@ { imports = [ ./avahi + ./backup ./fwupd ./gitea ./gnome diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 47abd55..d232001 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -37,16 +37,6 @@ in { }; }; - services.restic.backups = { - gitea = { - paths = [ cfg.stateDir ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:15"; }; - initialize = true; - extraBackupArgs = [ "--tag gitea" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4 --keep-monthly 6" ]; - }; - }; + my.services.backup = { paths = [ cfg.stateDir ]; }; }; } diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 5d67bc1..8638660 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -29,19 +29,6 @@ in { }; }; - age.secrets.restic-repo-systems.file = - ../../../secrets/restic/repo-systems.age; - - services.restic.backups = { - grafana = { - paths = [ "/var/lib/grafana/data" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:05"; }; - initialize = true; - extraBackupArgs = [ "--tag grafana" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; + my.services.backup = { paths = [ "/var/lib/grafana/data" ]; }; }; } diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 1c3725b..98dd678 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -20,18 +20,7 @@ in { }; }; - services.restic.backups = { - navidrome = { - paths = [ "/var/lib/navidrome/" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:35"; }; - initialize = true; - extraBackupArgs = [ "--tag navidrome" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; - + my.services.backup = { paths = [ "/var/lib/navidrome" ]; }; networking.firewall.allowedTCPPorts = [ 4533 ]; }; } diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index c7b80c2..e4fa897 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -170,19 +170,6 @@ in { ]; }; - age.secrets.restic-repo-systems.file = - ../../../secrets/restic/repo-systems.age; - - services.restic.backups = { - prometheus = { - paths = [ "/var/lib/prometheus2" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - initialize = true; - timerConfig = { OnCalendar = "00:25"; }; - extraBackupArgs = [ "--tag prometheus" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; + my.services.backup = { paths = [ "/var/lib/prometheus2" ]; }; }; } diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix index af7b059..c36860a 100644 --- a/modules/services/unifi/default.nix +++ b/modules/services/unifi/default.nix @@ -69,19 +69,6 @@ in { }; }; - age.secrets.restic-repo-systems.file = - ../../../secrets/restic/repo-systems.age; - - services.restic.backups = { - unifi = { - paths = [ "/var/lib/unifi" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - initialize = true; - timerConfig = { OnCalendar = "00:45"; }; - extraBackupArgs = [ "--tag unifi" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; + my.services.backup = { paths = [ "/var/lib/unifi" ]; }; }; } |