...

1 files changed, 106 insertions, 0 deletions

diff --git a/modules/borgsnap/default.nix b/modules/borgsnap/default.nix
new file mode 100644
index 00000000..f4c0eec4
--- /dev/null
+++ b/modules/borgsnap/default.nix
@@ -0,0 +1,106 @@
+{ config, pkgs, lib, flakeInputs, hostName, ... }:
+
+with lib;
+
+let
+  borgsnap = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec {
+    pname = "borgsnap";
+    src = ./borgsnap;
+    version = "0.0.0";
+    ignoreDataOutdated = true;
+
+    requirements = ''
+      atomicwrites
+      pyprctl
+      python-unshare
+      python-dateutil
+    '';
+    postInstall = ''
+      wrapProgram $out/bin/borgsnap \
+        --prefix PATH : ${makeBinPath (with pkgs; [config.boot.zfs.package util-linux borgbackup])}:${config.security.wrapperDir}
+    '';
+
+    providers.python-unshare = "nixpkgs";
+    overridesPre = [
+      (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); })
+    ];
+
+    _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ];
+  };
+
+  cfg = config.services.borgsnap;
+in {
+  options = {
+    services.borgsnap = {
+      enable = mkEnableOption "borgsnap service";
+
+      target = mkOption {
+        type = types.str;
+      };
+
+      archive-prefix = mkOption {
+        type = types.str;
+        default = "yggdrasil.${hostName}.";
+      };
+
+      extraConfig = mkOption {
+        type = with types; attrsOf str;
+        default = {
+          halfweekly = "8";
+          monthly = "-1";
+        };
+      };
+
+      verbosity = mkOption {
+        type = types.int;
+        default = config.services.zfssnap.verbosity;
+      };
+
+      sshConfig = mkOption {
+        type = with types; nullOr str;
+        default = null;
+      };
+
+      keyfile = mkOption {
+        type = with types; nullOr str;
+        default = null;
+      };
+
+      extraCreateArgs = mkOption {
+        type = with types; listOf str;
+        default = [];
+      };
+      extraCheckArgs = mkOption {
+        type = with types; listOf str;
+        default = [];
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    warnings = mkIf (!config.services.zfssnap.enable) [
+      "borgsnap will do nothing if zfssnap is not enabled"
+    ];
+
+    services.zfssnap.config.exec = {
+      check = "${borgsnap}/bin/borgsnap --verbosity=${toString cfg.verbosity} --target ${escapeShellArg cfg.target} --archive-prefix ${escapeShellArg cfg.archive-prefix} check --cache-file /run/zfssnap-prune/archives-cache.json ${escapeShellArgs cfg.extraCheckArgs}";
+      cmd = "${borgsnap}/bin/borgsnap --verbosity=${toString cfg.verbosity} --target ${escapeShellArg cfg.target} --archive-prefix ${escapeShellArg cfg.archive-prefix} create ${escapeShellArgs cfg.extraCreateArgs}";
+    } // cfg.extraConfig;
+
+    systemd.services."zfssnap-prune" = {
+      serviceConfig = {
+        Environment = [
+          "BORG_BASE_DIR=/var/lib/borg"
+          "BORG_CONFIG_DIR=/var/lib/borg/config"
+          "BORG_CACHE_DIR=/var/lib/borg/cache"
+          "BORG_SECURITY_DIR=/var/lib/borg/security"
+          "BORG_KEYS_DIR=/var/lib/borg/keys"
+          "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
+          "BORG_HOSTNAME_IS_UNIQUE=yes"
+        ] ++ optional (!(isNull cfg.sshConfig)) "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" cfg.sshConfig}\""
+        ++ optional (!(isNull cfg.keyfile)) "BORG_KEY_FILE=${cfg.keyfile}";
+        RuntimeDirectory = "zfssnap-prune";
+      };
+    };
+  };
+}