From fad740947d826c1c04c5162fb57a06ec64b7a449 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 10 Apr 2022 13:24:12 -0700 Subject: add a module for backup with restic Do a single backup for the host, instead of running multiple ones. --- modules/services/backup/default.nix | 83 +++++++++++++++++++++++++++++++++ modules/services/default.nix | 1 + modules/services/gitea/default.nix | 12 +---- modules/services/grafana/default.nix | 15 +----- modules/services/navidrome/default.nix | 13 +----- modules/services/prometheus/default.nix | 15 +----- modules/services/unifi/default.nix | 15 +----- 7 files changed, 89 insertions(+), 65 deletions(-) create mode 100644 modules/services/backup/default.nix (limited to 'modules') diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix new file mode 100644 index 0000000..52378d3 --- /dev/null +++ b/modules/services/backup/default.nix @@ -0,0 +1,83 @@ +{ config, pkgs, lib, ... }: +let cfg = config.my.services.backup; +in { + options.my.services.backup = with lib; { + enable = mkEnableOption "Enable backups for this host"; + + repository = mkOption { + type = types.str; + example = "/data/slow/backups/system"; + description = "The repository to back up to"; + }; + + passwordFile = mkOption { + type = types.str; + example = "/var/lib/restic/password.txt"; + description = "Read the repository's password from this path"; + }; + + paths = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ "/var/lib" "/home" ]; + description = "Paths to backup"; + }; + + exclude = mkOption { + type = with types; listOf str; + default = [ ]; + example = [ + # very large paths + "/var/lib/docker" + "/var/lib/systemd" + "/var/lib/libvirt" + + # temporary files created by `cargo` and `go build` + "**/target" + "/home/*/go/bin" + "/home/*/go/pkg" + ]; + description = "Paths to exclude from backup"; + }; + + pruneOpts = mkOption { + type = with types; listOf str; + default = [ + "--keep-last 10" + "--keep-hourly 24" + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 100" + ]; + example = [ "--keep-last 5" "--keep-weekly 2" ]; + description = '' + List of options to give to the `forget` subcommand after a backup. + ''; + }; + + timerConfig = mkOption { + # NOTE: I do not know how to cleanly set the type + default = { OnCalendar = "daily"; }; + example = { + OnCalendar = "00:05"; + RandomizedDelaySec = "5h"; + }; + description = '' + When to run the backup. See man systemd.timer for details. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + services.restic.backups = { + # Take care of included and excluded files + paths = cfg.paths; + extraBackupArgs = [ "--verbose=2" ] + ++ lib.optional (builtins.length cfg.exclude != 0) excludeArg; + # Take care of creating the repository if it doesn't exist + initialize = true; + inherit (cfg) passwordFile pruneOpts timerConfig repository; + }; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index a6219e0..24602cc 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -3,6 +3,7 @@ { imports = [ ./avahi + ./backup ./fwupd ./gitea ./gnome diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 47abd55..d232001 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -37,16 +37,6 @@ in { }; }; - services.restic.backups = { - gitea = { - paths = [ cfg.stateDir ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:15"; }; - initialize = true; - extraBackupArgs = [ "--tag gitea" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4 --keep-monthly 6" ]; - }; - }; + my.services.backup = { paths = [ cfg.stateDir ]; }; }; } diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 5d67bc1..8638660 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -29,19 +29,6 @@ in { }; }; - age.secrets.restic-repo-systems.file = - ../../../secrets/restic/repo-systems.age; - - services.restic.backups = { - grafana = { - paths = [ "/var/lib/grafana/data" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:05"; }; - initialize = true; - extraBackupArgs = [ "--tag grafana" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; + my.services.backup = { paths = [ "/var/lib/grafana/data" ]; }; }; } diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 1c3725b..98dd678 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -20,18 +20,7 @@ in { }; }; - services.restic.backups = { - navidrome = { - paths = [ "/var/lib/navidrome/" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - timerConfig = { OnCalendar = "00:35"; }; - initialize = true; - extraBackupArgs = [ "--tag navidrome" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; - + my.services.backup = { paths = [ "/var/lib/navidrome" ]; }; networking.firewall.allowedTCPPorts = [ 4533 ]; }; } diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index c7b80c2..e4fa897 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -170,19 +170,6 @@ in { ]; }; - age.secrets.restic-repo-systems.file = - ../../../secrets/restic/repo-systems.age; - - services.restic.backups = { - prometheus = { - paths = [ "/var/lib/prometheus2" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - initialize = true; - timerConfig = { OnCalendar = "00:25"; }; - extraBackupArgs = [ "--tag prometheus" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; + my.services.backup = { paths = [ "/var/lib/prometheus2" ]; }; }; } diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix index af7b059..c36860a 100644 --- a/modules/services/unifi/default.nix +++ b/modules/services/unifi/default.nix @@ -69,19 +69,6 @@ in { }; }; - age.secrets.restic-repo-systems.file = - ../../../secrets/restic/repo-systems.age; - - services.restic.backups = { - unifi = { - paths = [ "/var/lib/unifi" ]; - repository = "/data/slow/backups/systems"; - passwordFile = config.age.secrets.restic-repo-systems.path; - initialize = true; - timerConfig = { OnCalendar = "00:45"; }; - extraBackupArgs = [ "--tag unifi" ]; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" ]; - }; - }; + my.services.backup = { paths = [ "/var/lib/unifi" ]; }; }; } -- cgit 1.4.1