path: root/modules/borgsnap/default.nix

{ config, pkgs, lib, flakeInputs, hostName, ... }:

with lib;

let
  borgsnap = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage rec {
    pname = "borgsnap";
    src = ./borgsnap;
    version = "0.0.0";
    ignoreDataOutdated = true;

    requirements = ''
      atomicwrites
      pyprctl
      python-unshare
      python-dateutil
    '';
    postInstall = ''
      wrapProgram $out/bin/borgsnap \
        --prefix PATH : ${makeBinPath (with pkgs; [config.boot.zfs.package util-linux borgbackup])}:${config.security.wrapperDir}
    '';

    providers.python-unshare = "nixpkgs";
    overridesPre = [
      (self: super: { python-unshare = super.python-unshare.overrideAttrs (oldAttrs: { name = "python-unshare-0.2.1"; version = "0.2.1"; }); })
    ];

    _.tomli.buildInputs.add = with pkgs."python3Packages"; [ flit-core ];
  };

  cfg = config.services.borgsnap;
in {
  options = {
    services.borgsnap = {
      enable = mkEnableOption "borgsnap service";

      target = mkOption {
        type = types.str;
      };

      archive-prefix = mkOption {
        type = types.str;
        default = "yggdrasil.${hostName}.";
      };

      extraConfig = mkOption {
        type = with types; attrsOf str;
        default = {
          halfweekly = "8";
          monthly = "-1";
        };
      };

      verbosity = mkOption {
        type = types.int;
        default = config.services.zfssnap.verbosity;
      };

      sshConfig = mkOption {
        type = with types; nullOr str;
        default = null;
      };

      keyfile = mkOption {
        type = with types; nullOr str;
        default = null;
      };

      extraCreateArgs = mkOption {
        type = with types; listOf str;
        default = [];
      };
      extraCheckArgs = mkOption {
        type = with types; listOf str;
        default = [];
      };

      unknownUnencryptedRepoAccessOk = mkOption {
        type = types.bool;
        default = false;
      };
      hostnameIsUnique = mkOption {
        type = types.bool;
        default = true;
      };
    };
  };

  config = mkIf cfg.enable {
    warnings = mkIf (!config.services.zfssnap.enable) [
      "borgsnap will do nothing if zfssnap is not enabled"
    ];

    services.zfssnap.config.exec = {
      check = "${borgsnap}/bin/borgsnap --verbosity=${toString cfg.verbosity} --target ${escapeShellArg cfg.target} --archive-prefix ${escapeShellArg cfg.archive-prefix} check --cache-file /run/zfssnap-prune/archives-cache.json ${escapeShellArgs cfg.extraCheckArgs}";
      cmd = "${borgsnap}/bin/borgsnap --verbosity=${toString cfg.verbosity} --target ${escapeShellArg cfg.target} --archive-prefix ${escapeShellArg cfg.archive-prefix} create ${escapeShellArgs cfg.extraCreateArgs}";
    } // cfg.extraConfig;

    systemd.services."zfssnap-prune" = {
      serviceConfig = {
        Environment = [
          "BORG_BASE_DIR=/var/lib/borg"
          "BORG_CONFIG_DIR=/var/lib/borg/config"
          "BORG_CACHE_DIR=/var/lib/borg/cache"
          "BORG_SECURITY_DIR=/var/lib/borg/security"
          "BORG_KEYS_DIR=/var/lib/borg/keys"
        ]
        ++ optional cfg.unknownUnencryptedRepoAccessOk "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
        ++ optional cfg.hostnameIsUnique "BORG_HOSTNAME_IS_UNIQUE=yes"
        ++ optional (!(isNull cfg.sshConfig)) "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" cfg.sshConfig}\""
        ++ optional (!(isNull cfg.keyfile)) "BORG_KEY_FILE=${cfg.keyfile}";
        RuntimeDirectory = "zfssnap-prune";
      };
    };
  };
}