...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-07 20:51:39 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-11-07 20:51:39 +0100
commit: 0e9f1e85cd8c6f9d546ef88e971043b909017170 (patch)
tree: 5cb4d14df7594ef123f20d82cb2ec423b6bca744 /hosts/vidhar/borg/default.nix
parent: f563ddece04adfd8d80d4e984405f5c70a6c94f3 (diff)
download: nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.gz
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.bz2
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.xz
nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.zip
1 files changed, 39 insertions, 52 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 7672de18..80ce9c7e 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, flakeInputs, ... }:
+{ config, pkgs, lib, flakeInputs, utils, ... }:
 with lib;
@@ -21,60 +21,26 @@ let
      ServerAliveCountMax 30
  '';
-  copyService = { repo, repoEscaped }: let
+  checkBorgUnit = {
-    serviceName = "copy-borg@${repoEscaped}";
-  in nameValuePair serviceName {
    serviceConfig = {
      Type = "oneshot";
-      ExecStart = "${copyBorg}/bin/copy_borg --verbosity 3 ${escapeShellArg repo} yggdrasil.borgbase:repo";
+      ExecStart = "${pkgs.borgbackup}/bin/borg ${utils.escapeSystemdExecArgs [
-      TimeoutStartSec = "8h";
+        "--lock-wait" "3600"
-      # User = "borg";
+        "--progress"
-      # Group = "borg";
+        "check"
-      # StateDirectory = "borg";
+        "--verify-data"
-      RuntimeDirectory = "copy-borg";
+      ]} %I";
      Environment = [
-        "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\""
        "BORG_BASE_DIR=/var/lib/borg"
        "BORG_CONFIG_DIR=/var/lib/borg/config"
        "BORG_CACHE_DIR=/var/lib/borg/cache"
        "BORG_SECURITY_DIR=/var/lib/borg/security"
        "BORG_KEYS_DIR=/var/lib/borg/keys"
-        "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}"
-        "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
        "BORG_HOSTNAME_IS_UNIQUE=yes"
+        "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\""
      ];
-      LogRateLimitIntervalSec = 0;
    };
  };
-  copyBorg = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec {
-    pname = "copy-borg";
-    src = ./copy;
-    version = "0.0.0";
-    ignoreDataOutdated = true;
-    requirements = ''
-      humanize
-      tqdm
-      python-dateutil
-      xdg
-      python-unshare
-      pyprctl
-      halo
-    '';
-    postInstall = ''
-      wrapProgram $out/bin/copy_borg \
-        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
-    '';
-    providers.python-unshare = "nixpkgs";
-    overridesPre = [
-      (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); })
-    ];
-    # _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ];
-  };
 in {
  config = {
    services.borgsnap = {
@@ -85,7 +51,15 @@ in {
      keyfile = config.sops.secrets."yggdrasil.borgkey".path;
    };
-    systemd.services = listToAttrs (map copyService [{ repo = "/srv/backup/borg/jotnar"; repoEscaped = "srv-backup-borg-jotnar"; }]);
+    services.copyborg.jotnar = {
+      from = "/srv/backup/borg/jotnar";
+      to = "yggdrasil.borgbase:repo";
+      inherit sshConfig;
+      keyfile = config.sops.secrets."yggdrasil.borgkey".path;
+      timerOptions.timerConfig = {
+        OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin";
+      };
+    };
    services.borgbackup.repos.jotnar = {
      path = "/srv/backup/borg/jotnar";
@@ -95,6 +69,27 @@ in {
      in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));
    };
+    systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit;
+    systemd.services."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = recursiveUpdate checkBorgUnit {
+      serviceConfig = {
+        Environment = checkBorgUnit.serviceConfig.Environment ++ [
+          "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}"
+        ];
+      };
+    };
+    systemd.timers."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin";
+      };
+    };
+    systemd.timers."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin";
+      };
+    };
    boot.postBootCommands = mkBefore ''
      ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete
    '';
@@ -123,13 +118,5 @@ in {
      group = "borg";
      mode = "0400";
    };
-    systemd.timers."copy-borg@srv-backup-borg-jotnar" = {
-      wantedBy = ["multi-user.target"];
-      timerConfig = {
-        OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin";
-      };
-    };
  };
 }
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-07 20:51:39 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-11-07 20:51:39 +0100
commit	0e9f1e85cd8c6f9d546ef88e971043b909017170 (patch)
tree	5cb4d14df7594ef123f20d82cb2ec423b6bca744 /hosts/vidhar/borg/default.nix
parent	f563ddece04adfd8d80d4e984405f5c70a6c94f3 (diff)
download	nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.gz nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.bz2 nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.tar.xz nixos-0e9f1e85cd8c6f9d546ef88e971043b909017170.zip