diff options
Diffstat (limited to 'hosts/vidhar/borg/default.nix')
-rw-r--r-- | hosts/vidhar/borg/default.nix | 91 |
1 files changed, 39 insertions, 52 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 7672de18..80ce9c7e 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { config, pkgs, lib, flakeInputs, ... }: | 1 | { config, pkgs, lib, flakeInputs, utils, ... }: |
2 | 2 | ||
3 | with lib; | 3 | with lib; |
4 | 4 | ||
@@ -21,60 +21,26 @@ let | |||
21 | ServerAliveCountMax 30 | 21 | ServerAliveCountMax 30 |
22 | ''; | 22 | ''; |
23 | 23 | ||
24 | copyService = { repo, repoEscaped }: let | 24 | checkBorgUnit = { |
25 | serviceName = "copy-borg@${repoEscaped}"; | ||
26 | in nameValuePair serviceName { | ||
27 | serviceConfig = { | 25 | serviceConfig = { |
28 | Type = "oneshot"; | 26 | Type = "oneshot"; |
29 | ExecStart = "${copyBorg}/bin/copy_borg --verbosity 3 ${escapeShellArg repo} yggdrasil.borgbase:repo"; | 27 | ExecStart = "${pkgs.borgbackup}/bin/borg ${utils.escapeSystemdExecArgs [ |
30 | TimeoutStartSec = "8h"; | 28 | "--lock-wait" "3600" |
31 | # User = "borg"; | 29 | "--progress" |
32 | # Group = "borg"; | 30 | "check" |
33 | # StateDirectory = "borg"; | 31 | "--verify-data" |
34 | RuntimeDirectory = "copy-borg"; | 32 | ]} %I"; |
35 | Environment = [ | 33 | Environment = [ |
36 | "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\"" | ||
37 | "BORG_BASE_DIR=/var/lib/borg" | 34 | "BORG_BASE_DIR=/var/lib/borg" |
38 | "BORG_CONFIG_DIR=/var/lib/borg/config" | 35 | "BORG_CONFIG_DIR=/var/lib/borg/config" |
39 | "BORG_CACHE_DIR=/var/lib/borg/cache" | 36 | "BORG_CACHE_DIR=/var/lib/borg/cache" |
40 | "BORG_SECURITY_DIR=/var/lib/borg/security" | 37 | "BORG_SECURITY_DIR=/var/lib/borg/security" |
41 | "BORG_KEYS_DIR=/var/lib/borg/keys" | 38 | "BORG_KEYS_DIR=/var/lib/borg/keys" |
42 | "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}" | ||
43 | "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes" | ||
44 | "BORG_HOSTNAME_IS_UNIQUE=yes" | 39 | "BORG_HOSTNAME_IS_UNIQUE=yes" |
40 | "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\"" | ||
45 | ]; | 41 | ]; |
46 | |||
47 | LogRateLimitIntervalSec = 0; | ||
48 | }; | 42 | }; |
49 | }; | 43 | }; |
50 | |||
51 | copyBorg = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec { | ||
52 | pname = "copy-borg"; | ||
53 | src = ./copy; | ||
54 | version = "0.0.0"; | ||
55 | ignoreDataOutdated = true; | ||
56 | |||
57 | requirements = '' | ||
58 | humanize | ||
59 | tqdm | ||
60 | python-dateutil | ||
61 | xdg | ||
62 | python-unshare | ||
63 | pyprctl | ||
64 | halo | ||
65 | ''; | ||
66 | postInstall = '' | ||
67 | wrapProgram $out/bin/copy_borg \ | ||
68 | --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} | ||
69 | ''; | ||
70 | |||
71 | providers.python-unshare = "nixpkgs"; | ||
72 | overridesPre = [ | ||
73 | (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); }) | ||
74 | ]; | ||
75 | |||
76 | # _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ]; | ||
77 | }; | ||
78 | in { | 44 | in { |
79 | config = { | 45 | config = { |
80 | services.borgsnap = { | 46 | services.borgsnap = { |
@@ -85,7 +51,15 @@ in { | |||
85 | keyfile = config.sops.secrets."yggdrasil.borgkey".path; | 51 | keyfile = config.sops.secrets."yggdrasil.borgkey".path; |
86 | }; | 52 | }; |
87 | 53 | ||
88 | systemd.services = listToAttrs (map copyService [{ repo = "/srv/backup/borg/jotnar"; repoEscaped = "srv-backup-borg-jotnar"; }]); | 54 | services.copyborg.jotnar = { |
55 | from = "/srv/backup/borg/jotnar"; | ||
56 | to = "yggdrasil.borgbase:repo"; | ||
57 | inherit sshConfig; | ||
58 | keyfile = config.sops.secrets."yggdrasil.borgkey".path; | ||
59 | timerOptions.timerConfig = { | ||
60 | OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin"; | ||
61 | }; | ||
62 | }; | ||
89 | 63 | ||
90 | services.borgbackup.repos.jotnar = { | 64 | services.borgbackup.repos.jotnar = { |
91 | path = "/srv/backup/borg/jotnar"; | 65 | path = "/srv/backup/borg/jotnar"; |
@@ -95,6 +69,27 @@ in { | |||
95 | in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir)); | 69 | in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir)); |
96 | }; | 70 | }; |
97 | 71 | ||
72 | systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit; | ||
73 | systemd.services."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = recursiveUpdate checkBorgUnit { | ||
74 | serviceConfig = { | ||
75 | Environment = checkBorgUnit.serviceConfig.Environment ++ [ | ||
76 | "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}" | ||
77 | ]; | ||
78 | }; | ||
79 | }; | ||
80 | systemd.timers."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = { | ||
81 | wantedBy = [ "timers.target" ]; | ||
82 | timerConfig = { | ||
83 | OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin"; | ||
84 | }; | ||
85 | }; | ||
86 | systemd.timers."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = { | ||
87 | wantedBy = [ "timers.target" ]; | ||
88 | timerConfig = { | ||
89 | OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin"; | ||
90 | }; | ||
91 | }; | ||
92 | |||
98 | boot.postBootCommands = mkBefore '' | 93 | boot.postBootCommands = mkBefore '' |
99 | ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete | 94 | ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete |
100 | ''; | 95 | ''; |
@@ -123,13 +118,5 @@ in { | |||
123 | group = "borg"; | 118 | group = "borg"; |
124 | mode = "0400"; | 119 | mode = "0400"; |
125 | }; | 120 | }; |
126 | |||
127 | systemd.timers."copy-borg@srv-backup-borg-jotnar" = { | ||
128 | wantedBy = ["multi-user.target"]; | ||
129 | |||
130 | timerConfig = { | ||
131 | OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin"; | ||
132 | }; | ||
133 | }; | ||
134 | }; | 121 | }; |
135 | } | 122 | } |