summaryrefslogtreecommitdiff
path: root/hosts/vidhar/borg/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/vidhar/borg/default.nix')
-rw-r--r--hosts/vidhar/borg/default.nix91
1 files changed, 39 insertions, 52 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 7672de18..80ce9c7e 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -1,4 +1,4 @@
1{ config, pkgs, lib, flakeInputs, ... }: 1{ config, pkgs, lib, flakeInputs, utils, ... }:
2 2
3with lib; 3with lib;
4 4
@@ -21,60 +21,26 @@ let
21 ServerAliveCountMax 30 21 ServerAliveCountMax 30
22 ''; 22 '';
23 23
24 copyService = { repo, repoEscaped }: let 24 checkBorgUnit = {
25 serviceName = "copy-borg@${repoEscaped}";
26 in nameValuePair serviceName {
27 serviceConfig = { 25 serviceConfig = {
28 Type = "oneshot"; 26 Type = "oneshot";
29 ExecStart = "${copyBorg}/bin/copy_borg --verbosity 3 ${escapeShellArg repo} yggdrasil.borgbase:repo"; 27 ExecStart = "${pkgs.borgbackup}/bin/borg ${utils.escapeSystemdExecArgs [
30 TimeoutStartSec = "8h"; 28 "--lock-wait" "3600"
31 # User = "borg"; 29 "--progress"
32 # Group = "borg"; 30 "check"
33 # StateDirectory = "borg"; 31 "--verify-data"
34 RuntimeDirectory = "copy-borg"; 32 ]} %I";
35 Environment = [ 33 Environment = [
36 "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\""
37 "BORG_BASE_DIR=/var/lib/borg" 34 "BORG_BASE_DIR=/var/lib/borg"
38 "BORG_CONFIG_DIR=/var/lib/borg/config" 35 "BORG_CONFIG_DIR=/var/lib/borg/config"
39 "BORG_CACHE_DIR=/var/lib/borg/cache" 36 "BORG_CACHE_DIR=/var/lib/borg/cache"
40 "BORG_SECURITY_DIR=/var/lib/borg/security" 37 "BORG_SECURITY_DIR=/var/lib/borg/security"
41 "BORG_KEYS_DIR=/var/lib/borg/keys" 38 "BORG_KEYS_DIR=/var/lib/borg/keys"
42 "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}"
43 "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
44 "BORG_HOSTNAME_IS_UNIQUE=yes" 39 "BORG_HOSTNAME_IS_UNIQUE=yes"
40 "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\""
45 ]; 41 ];
46
47 LogRateLimitIntervalSec = 0;
48 }; 42 };
49 }; 43 };
50
51 copyBorg = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec {
52 pname = "copy-borg";
53 src = ./copy;
54 version = "0.0.0";
55 ignoreDataOutdated = true;
56
57 requirements = ''
58 humanize
59 tqdm
60 python-dateutil
61 xdg
62 python-unshare
63 pyprctl
64 halo
65 '';
66 postInstall = ''
67 wrapProgram $out/bin/copy_borg \
68 --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
69 '';
70
71 providers.python-unshare = "nixpkgs";
72 overridesPre = [
73 (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); })
74 ];
75
76 # _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ];
77 };
78in { 44in {
79 config = { 45 config = {
80 services.borgsnap = { 46 services.borgsnap = {
@@ -85,7 +51,15 @@ in {
85 keyfile = config.sops.secrets."yggdrasil.borgkey".path; 51 keyfile = config.sops.secrets."yggdrasil.borgkey".path;
86 }; 52 };
87 53
88 systemd.services = listToAttrs (map copyService [{ repo = "/srv/backup/borg/jotnar"; repoEscaped = "srv-backup-borg-jotnar"; }]); 54 services.copyborg.jotnar = {
55 from = "/srv/backup/borg/jotnar";
56 to = "yggdrasil.borgbase:repo";
57 inherit sshConfig;
58 keyfile = config.sops.secrets."yggdrasil.borgkey".path;
59 timerOptions.timerConfig = {
60 OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin";
61 };
62 };
89 63
90 services.borgbackup.repos.jotnar = { 64 services.borgbackup.repos.jotnar = {
91 path = "/srv/backup/borg/jotnar"; 65 path = "/srv/backup/borg/jotnar";
@@ -95,6 +69,27 @@ in {
95 in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir)); 69 in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));
96 }; 70 };
97 71
72 systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit;
73 systemd.services."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = recursiveUpdate checkBorgUnit {
74 serviceConfig = {
75 Environment = checkBorgUnit.serviceConfig.Environment ++ [
76 "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}"
77 ];
78 };
79 };
80 systemd.timers."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = {
81 wantedBy = [ "timers.target" ];
82 timerConfig = {
83 OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin";
84 };
85 };
86 systemd.timers."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = {
87 wantedBy = [ "timers.target" ];
88 timerConfig = {
89 OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin";
90 };
91 };
92
98 boot.postBootCommands = mkBefore '' 93 boot.postBootCommands = mkBefore ''
99 ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete 94 ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete
100 ''; 95 '';
@@ -123,13 +118,5 @@ in {
123 group = "borg"; 118 group = "borg";
124 mode = "0400"; 119 mode = "0400";
125 }; 120 };
126
127 systemd.timers."copy-borg@srv-backup-borg-jotnar" = {
128 wantedBy = ["multi-user.target"];
129
130 timerConfig = {
131 OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin";
132 };
133 };
134 }; 121 };
135} 122}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-28 08:48:11 +0000