From 0e9f1e85cd8c6f9d546ef88e971043b909017170 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 7 Nov 2022 20:51:39 +0100
Subject: ...

---
 hosts/vidhar/borg/default.nix | 91 +++++++++++++++++++------------------------
 1 file changed, 39 insertions(+), 52 deletions(-)

(limited to 'hosts/vidhar/borg/default.nix')

diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index 7672de18..80ce9c7e 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, flakeInputs, ... }:
+{ config, pkgs, lib, flakeInputs, utils, ... }:
 
 with lib;
 
@@ -21,60 +21,26 @@ let
       ServerAliveCountMax 30
   '';
 
-  copyService = { repo, repoEscaped }: let
-    serviceName = "copy-borg@${repoEscaped}";
-  in nameValuePair serviceName {
+  checkBorgUnit = {
     serviceConfig = {
       Type = "oneshot";
-      ExecStart = "${copyBorg}/bin/copy_borg --verbosity 3 ${escapeShellArg repo} yggdrasil.borgbase:repo";
-      TimeoutStartSec = "8h";
-      # User = "borg";
-      # Group = "borg";
-      # StateDirectory = "borg";
-      RuntimeDirectory = "copy-borg";
+      ExecStart = "${pkgs.borgbackup}/bin/borg ${utils.escapeSystemdExecArgs [
+        "--lock-wait" "3600"
+        "--progress"
+        "check"
+        "--verify-data"
+      ]} %I";
       Environment = [
-        "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\""
         "BORG_BASE_DIR=/var/lib/borg"
         "BORG_CONFIG_DIR=/var/lib/borg/config"
         "BORG_CACHE_DIR=/var/lib/borg/cache"
         "BORG_SECURITY_DIR=/var/lib/borg/security"
         "BORG_KEYS_DIR=/var/lib/borg/keys"
-        "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}"
-        "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
         "BORG_HOSTNAME_IS_UNIQUE=yes"
+        "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" sshConfig}\""
       ];
-
-      LogRateLimitIntervalSec = 0;
     };
   };
-
-  copyBorg = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec {
-    pname = "copy-borg";
-    src = ./copy;
-    version = "0.0.0";
-    ignoreDataOutdated = true;
-
-    requirements = ''
-      humanize
-      tqdm
-      python-dateutil
-      xdg
-      python-unshare
-      pyprctl
-      halo
-    '';
-    postInstall = ''
-      wrapProgram $out/bin/copy_borg \
-        --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir}
-    '';
-
-    providers.python-unshare = "nixpkgs";
-    overridesPre = [
-      (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); })
-    ];
-
-    # _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ];
-  };
 in {
   config = {
     services.borgsnap = {
@@ -85,7 +51,15 @@ in {
       keyfile = config.sops.secrets."yggdrasil.borgkey".path;
     };
 
-    systemd.services = listToAttrs (map copyService [{ repo = "/srv/backup/borg/jotnar"; repoEscaped = "srv-backup-borg-jotnar"; }]);
+    services.copyborg.jotnar = {
+      from = "/srv/backup/borg/jotnar";
+      to = "yggdrasil.borgbase:repo";
+      inherit sshConfig;
+      keyfile = config.sops.secrets."yggdrasil.borgkey".path;
+      timerOptions.timerConfig = {
+        OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin";
+      };
+    };
 
     services.borgbackup.repos.jotnar = {
       path = "/srv/backup/borg/jotnar";
@@ -95,6 +69,27 @@ in {
       in filter (v: v != null) (mapAttrsToList toAuthKey (builtins.readDir dir));
     };
 
+    systemd.services."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = checkBorgUnit;
+    systemd.services."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = recursiveUpdate checkBorgUnit {
+      serviceConfig = {
+        Environment = checkBorgUnit.serviceConfig.Environment ++ [
+          "BORG_KEY_FILE=${config.sops.secrets."yggdrasil.borgkey".path}"
+        ];
+      };
+    };
+    systemd.timers."check-borg@${utils.escapeSystemdPath "/srv/backup/borg/jotnar"}" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin";
+      };
+    };
+    systemd.timers."check-borg@${utils.escapeSystemdPath "yggdrasil.borgbase:repo"}" = {
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "Sun *-*-02..08 01:30:00 Europe/Berlin";
+      };
+    };
+
     boot.postBootCommands = mkBefore ''
       ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete
     '';
@@ -123,13 +118,5 @@ in {
       group = "borg";
       mode = "0400";
     };
-
-    systemd.timers."copy-borg@srv-backup-borg-jotnar" = {
-      wantedBy = ["multi-user.target"];
-
-      timerConfig = {
-        OnCalendar = "*-*-* 00/4:00:00 Europe/Berlin";
-      };
-    };
   };
 }
-- 
cgit v1.2.3