Move restic-client-server into options

2023-06-06 22:09:36 +02:00 · 2023-06-06 22:09:36 +02:00 · dbe21b3501
parent 30e08b8ccd
commit dbe21b3501
6 changed files with 78 additions and 53 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -39,6 +39,7 @@
    ./services/rclone-webdav
    ./services/rdp
    ./services/restic-client-desktop
+    ./restic-client-server
    ./services/syslog
    ./services/telegram-notifications
    ./services/tlp
--- a/modules/restic-client-server/default.nix
+++ b/modules/restic-client-server/default.nix
@ -1,42 +1,62 @@
-{ path
-, tag ? "home-dir"
-, time
-}: { config, inputs, pkgs, ... }:
+{ config, inputs, lib, pkgs, ... }:
+let
+  cfg = config.services.az-restic-client-server;
+in
 {
-  services.az-telegram-notifications.enable = true;
-
-  age.secrets.resticKey.file = "${inputs.self}/scrts/restic.key.age";
-
-  systemd.timers."restic-backups" = {
-    wantedBy = [ "timers.target" ];
-    partOf = [ "restic-backups.service" ];
-    timerConfig = {
-      OnCalendar = time;
+  options = {
+    services.az-restic-client-server = {
+      enable = lib.mkEnableOption "Enable restic backups on server systems.";
+      path = lib.mkOption {
+        type = lib.types.path;
+        description = "The directory to backup.";
+      };
+      tag = lib.mkOption {
+        type = lib.types.str;
+        description = "The tag to attach to the backups.";
+        default = "home-dir";
+      };
+      time = lib.mkOption {
+        type = lib.types.str;
+        description = "The time at which the backup runs.";
+      };
    };
  };
+  config = lib.mkIf cfg.enable {
+    services.az-telegram-notifications.enable = true;

-  systemd.services."restic-backups" = {
-    serviceConfig = {
-      User = "root";
-      Type = "oneshot";
-    };
-    environment = {
-      RESTIC_PASSWORD_FILE = config.age.secrets.resticKey.path;
-      RESTIC_REPOSITORY = "rest:http://10.7.89.30:8000";
-    };
-    onFailure = [ "unit-status-telegram@%n.service" ];
-    script = ''
-      ${pkgs.restic}/bin/restic backup \
-        --exclude-file=${inputs.self}/modules/misc/restic-client/excludes.txt \
-        --tag ${tag} ${path}
+    age.secrets.resticKey.file = "${inputs.self}/scrts/restic.key.age";

-      ${pkgs.restic}/bin/restic forget \
-        --tag home-dir \
-        --host ${config.networking.hostName} \
-        --keep-daily 7 \
-        --keep-weekly 5 \
-        --keep-monthly 12 \
-        --keep-yearly 75
-    '';
+    systemd.timers."restic-backups" = {
+      wantedBy = [ "timers.target" ];
+      partOf = [ "restic-backups.service" ];
+      timerConfig = {
+        OnCalendar = cfg.time;
+      };
+    };
+
+    systemd.services."restic-backups" = {
+      serviceConfig = {
+        User = "root";
+        Type = "oneshot";
+      };
+      environment = {
+        RESTIC_PASSWORD_FILE = config.age.secrets.resticKey.path;
+        RESTIC_REPOSITORY = "rest:http://10.7.89.30:8000";
+      };
+      onFailure = [ "unit-status-telegram@%n.service" ];
+      script = ''
+        ${pkgs.restic}/bin/restic backup \
+          --exclude-file=${inputs.self}/modules/misc/restic-client/excludes.txt \
+          --tag ${cfg.tag} ${cfg.path}
+
+        ${pkgs.restic}/bin/restic forget \
+          --tag home-dir \
+          --host ${config.networking.hostName} \
+          --keep-daily 7 \
+          --keep-weekly 5 \
+          --keep-monthly 12 \
+          --keep-yearly 75
+      '';
+    };
  };
 }
--- a/systems/mail/default.nix
+++ b/systems/mail/default.nix
@ -5,10 +5,6 @@
      ip = "10.7.89.123";
      inherit hostname;
    })
-    (import "${inputs.self}/modules/restic-client-server" {
-      path = "/home/andreas";
-      time = "01:00";
-    })
  ];
  services = {
    az-mailserver.enable = true;
@ -16,6 +12,11 @@
      enable = true;
      domain = "mail.zweili.org";
    };
+    az-restic-client-server = {
+      enable = true;
+      path = "/home/andreas";
+      time = "01:00";
+    };
  };
 }

--- a/systems/management/default.nix
+++ b/systems/management/default.nix
@ -5,11 +5,6 @@
      ip = "10.7.89.150";
      inherit hostname;
    })
-    (import "${inputs.self}/modules/restic-client-server" {
-      path = "/home/andreas";
-      tag = "management";
-      time = "23:30";
-    })
  ];
  fileSystems = {
    "/mnt/external" = {
@ -25,6 +20,12 @@
    az-docker.enable = true;
    az-logs-share.enable = true;
    az-rclone-webdav.enable = true;
+    az-restic-client-server = {
+      enable = true;
+      path = "/home/andreas";
+      tag = "management";
+      time = "23:30";
+    };
  };
  # Enable dictionaries
  programs = {
--- a/systems/plex/default.nix
+++ b/systems/plex/default.nix
@ -5,14 +5,15 @@
      ip = "10.7.89.112";
      inherit hostname;
    })
-    (import "${inputs.self}/modules/restic-client-server" {
-      path = "/var/lib/plex";
-      tag = "plex";
-      time = "02:30";
-    })
  ];
  services = {
    az-media-share.enable = true;
    az-plex.enable = true;
+    az-restic-client-server = {
+      enable = true;
+      path = "/var/lib/plex";
+      tag = "plex";
+      time = "02:30";
+    };
  };
 }
--- a/systems/proxy/default.nix
+++ b/systems/proxy/default.nix
@ -5,10 +5,6 @@
      ip = "10.7.89.99";
      inherit hostname;
    })
-    (import "${inputs.self}/modules/restic-client-server" {
-      path = "/home/andreas";
-      time = "00:00";
-    })
  ];

  services = {
@ -16,6 +12,11 @@
    az-grav.enable = true;
    az-haproxy.enable = true;
    az-heimdall.enable = true;
+    az-restic-client-server = {
+      enable = true;
+      path = "/home/andreas";
+      time = "00:00";
+    };
    nginx = {
      commonHttpConfig = ''
        # Add HSTS header with preloading to HTTPS requests.