2022-11-03 10:31:37 +01:00
|
|
|
{ custom, hostname, inputs }: { pkgs, ... }:
|
2022-03-01 15:01:50 +01:00
|
|
|
let
|
2022-11-03 23:30:28 +01:00
|
|
|
# TODO: encrypt key file with agenix
|
2022-03-01 15:01:50 +01:00
|
|
|
password_file = "/home/${custom.username}/.nixos/secrets/passwords/restic.key";
|
|
|
|
|
repository = "rest:http://10.7.89.30:8000";
|
2022-08-23 20:54:23 +02:00
|
|
|
|
2022-08-23 21:27:27 +02:00
|
|
|
restic-mount = pkgs.writeShellScriptBin "restic-mount" ''
|
2022-08-23 20:54:23 +02:00
|
|
|
mkdir -p /tmp/restic &&
|
|
|
|
|
${pkgs.restic}/bin/restic \
|
|
|
|
|
--repo ${repository} \
|
|
|
|
|
--password-file ${password_file} \
|
2022-09-06 23:03:29 +02:00
|
|
|
--host ${hostname} \
|
2022-08-23 20:54:23 +02:00
|
|
|
mount /tmp/restic'';
|
|
|
|
|
|
2022-08-23 21:27:27 +02:00
|
|
|
restic-mount-all = pkgs.writeShellScriptBin "restic-mount-all" ''
|
2022-08-23 20:54:23 +02:00
|
|
|
mkdir -p /tmp/restic &&
|
|
|
|
|
${pkgs.restic}/bin/restic \
|
|
|
|
|
--repo ${repository} \
|
|
|
|
|
--password-file ${password_file} \
|
|
|
|
|
mount /tmp/restic'';
|
|
|
|
|
|
2022-11-03 23:30:28 +01:00
|
|
|
# TODO: encrypt key file with agenix
|
2022-08-23 20:54:23 +02:00
|
|
|
infomaniak-env = "/home/${custom.username}/.nixos/secrets/passwords/infomaniak-env";
|
2022-08-23 21:27:40 +02:00
|
|
|
infomaniak-repo = "swift:default:/";
|
2022-08-23 20:54:23 +02:00
|
|
|
infomaniak-auth-url = "https://swiss-backup02.infomaniak.com/identity/v3";
|
|
|
|
|
|
2022-08-23 21:27:27 +02:00
|
|
|
restic-infomaniak-list = pkgs.writeShellScriptBin "restic-infomaniak-list" ''
|
2022-08-23 20:54:23 +02:00
|
|
|
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
|
|
|
|
|
export RESTIC_REPOSITORY="${infomaniak-repo}"
|
|
|
|
|
export OS_AUTH_URL="${infomaniak-auth-url}"
|
|
|
|
|
export OS_USER_DOMAIN_NAME=default
|
|
|
|
|
|
|
|
|
|
mkdir -p /tmp/restic &&
|
|
|
|
|
|
2022-08-23 21:27:57 +02:00
|
|
|
${pkgs.restic}/bin/restic --password-file ${password_file} snapshots'';
|
2022-08-23 20:54:23 +02:00
|
|
|
|
2022-08-23 21:27:27 +02:00
|
|
|
restic-infomaniak-mount = pkgs.writeShellScriptBin "restic-infomaniak-mount" ''
|
2022-08-23 20:54:23 +02:00
|
|
|
export $(${pkgs.gnugrep}/bin/grep -v '^#' ${infomaniak-env} | ${pkgs.findutils}/bin/xargs)
|
|
|
|
|
export RESTIC_REPOSITORY="${infomaniak-repo}"
|
|
|
|
|
export OS_AUTH_URL="${infomaniak-auth-url}"
|
|
|
|
|
export OS_USER_DOMAIN_NAME=default
|
|
|
|
|
|
|
|
|
|
mkdir -p /tmp/restic &&
|
|
|
|
|
|
2022-08-23 21:31:19 +02:00
|
|
|
${pkgs.restic}/bin/restic --password-file ${password_file} mount /tmp/restic'';
|
2022-03-01 15:23:39 +01:00
|
|
|
in
|
2021-11-28 12:00:58 +01:00
|
|
|
{
|
2022-08-27 17:15:05 +02:00
|
|
|
imports = [
|
2022-11-04 13:06:15 +01:00
|
|
|
(import "${inputs.self}/modules/telegram-notifications" { inherit inputs; })
|
2022-08-27 17:15:05 +02:00
|
|
|
];
|
|
|
|
|
|
2022-02-28 18:13:09 +01:00
|
|
|
systemd.timers."restic-backups-${custom.username}" = {
|
2022-02-28 18:11:11 +01:00
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
|
partOf = [ "restic-backups-${custom.username}.service" ];
|
2022-01-29 16:01:27 +01:00
|
|
|
timerConfig = {
|
|
|
|
|
OnCalendar = "hourly";
|
|
|
|
|
RandomizedDelaySec = "15min";
|
|
|
|
|
};
|
2021-11-28 12:00:58 +01:00
|
|
|
};
|
2022-02-28 16:23:03 +01:00
|
|
|
|
2022-02-28 18:13:09 +01:00
|
|
|
systemd.services."restic-backups-${custom.username}" = {
|
2022-03-18 16:51:39 +01:00
|
|
|
unitConfig.ConditionACPower = true;
|
2022-02-28 17:15:14 +01:00
|
|
|
serviceConfig = {
|
|
|
|
|
User = custom.username;
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
};
|
2022-02-28 18:11:11 +01:00
|
|
|
environment = {
|
2022-03-01 15:01:50 +01:00
|
|
|
RESTIC_PASSWORD_FILE = password_file;
|
|
|
|
|
RESTIC_REPOSITORY = repository;
|
2022-02-28 18:11:11 +01:00
|
|
|
};
|
2022-08-27 17:15:05 +02:00
|
|
|
onFailure = [ "unit-status-telegram@%n.service" ];
|
2022-02-28 16:23:03 +01:00
|
|
|
script = ''
|
|
|
|
|
${pkgs.restic}/bin/restic \
|
2022-08-23 21:28:37 +02:00
|
|
|
--exclude-file=${inputs.self}/modules/restic/excludes.txt \
|
|
|
|
|
--tag home-dir \
|
|
|
|
|
backup /home/${custom.username}
|
2022-02-28 18:11:11 +01:00
|
|
|
|
|
|
|
|
${pkgs.restic}/bin/restic \
|
2022-02-28 16:23:03 +01:00
|
|
|
forget \
|
2022-09-06 23:03:29 +02:00
|
|
|
--host ${hostname} \
|
2022-08-23 21:28:37 +02:00
|
|
|
--tag home-dir \
|
2022-02-28 16:23:03 +01:00
|
|
|
--keep-hourly 25 \
|
|
|
|
|
--keep-daily 7 \
|
|
|
|
|
--keep-weekly 5 \
|
|
|
|
|
--keep-monthly 12 \
|
|
|
|
|
--keep-yearly 75 \
|
|
|
|
|
'';
|
|
|
|
|
};
|
2022-08-23 20:13:31 +02:00
|
|
|
|
2022-03-01 15:01:50 +01:00
|
|
|
environment.shellAliases = {
|
|
|
|
|
restic-list = ''
|
2022-08-23 20:54:23 +02:00
|
|
|
${pkgs.restic}/bin/restic \
|
2022-03-01 15:23:39 +01:00
|
|
|
--repo ${repository} \
|
|
|
|
|
--password-file ${password_file} \
|
2022-09-06 23:03:29 +02:00
|
|
|
snapshots --host ${hostname}'';
|
2022-04-16 15:44:53 +02:00
|
|
|
restic-unlock = ''
|
2022-08-23 20:54:23 +02:00
|
|
|
${pkgs.restic}/bin/restic \
|
2022-04-16 15:44:53 +02:00
|
|
|
--repo ${repository} \
|
|
|
|
|
--password-file ${password_file} \
|
2022-08-23 20:13:31 +02:00
|
|
|
unlock'';
|
2022-08-23 20:13:21 +02:00
|
|
|
restic-forget = ''
|
2022-08-23 20:54:23 +02:00
|
|
|
${pkgs.restic}/bin/restic --repo ${repository} \
|
2022-08-23 20:13:21 +02:00
|
|
|
--password-file ${password_file} \
|
|
|
|
|
forget $1'';
|
2022-03-01 15:01:50 +01:00
|
|
|
};
|
2022-08-23 20:54:23 +02:00
|
|
|
environment.systemPackages = with pkgs;
|
|
|
|
|
[
|
|
|
|
|
restic
|
|
|
|
|
restic-mount
|
|
|
|
|
restic-mount-all
|
|
|
|
|
restic-infomaniak-list
|
|
|
|
|
restic-infomaniak-mount
|
|
|
|
|
];
|
|
|
|
|
|
2021-11-28 12:00:58 +01:00
|
|
|
}
|
