maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/ops/modules/restic.nix
Vincent Ambo aa122cbae7 style: format entire depot with nixpkgs-fmt 
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).

Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
2022-01-31 16:11:53 +00:00

62 lines
1.9 KiB
Nix
Raw Blame History

# Configure restic backups to S3-compatible storage, in our case
# GleSYS object storage.
#
# Conventions:
# - restic's cache lives in /var/backup/restic/cache
# - repository password lives in /var/backup/restic/secret
# - object storage credentials in /var/backup/restic/glesys-key
{ config, lib, pkgs, ... }:
let
cfg = config.services.depot.restic;
description = "Restic backups to GleSYS";
mkStringOption = default: lib.mkOption {
inherit default;
type = lib.types.str;
};
in
{
options.services.depot.restic = {
enable = lib.mkEnableOption description;
bucketEndpoint = mkStringOption "objects.dc-sto1.glesys.net";
bucketName = mkStringOption "aged-resonance";
bucketCredentials = mkStringOption "/var/backup/restic/glesys-key";
repository = mkStringOption config.networking.hostName;
interval = mkStringOption "hourly";
paths = with lib; mkOption {
description = "Directories that should be backed up";
type = types.listOf types.str;
};
exclude = with lib; mkOption {
description = "Files that should be excluded from backups";
type = types.listOf types.str;
};
};
config = lib.mkIf cfg.enable {
systemd.services.restic = {
description = "Backups to GleSYS";
script = "${pkgs.restic}/bin/restic backup ${lib.concatStringsSep " " cfg.paths}";
environment = {
RESTIC_REPOSITORY = "s3:${cfg.bucketEndpoint}/${cfg.bucketName}/${cfg.repository}";
AWS_SHARED_CREDENTIALS_FILE = cfg.bucketCredentials;
RESTIC_PASSWORD_FILE = "/var/backup/restic/secret";
RESTIC_CACHE_DIR = "/var/backup/restic/cache";
RESTIC_EXCLUDE_FILE =
builtins.toFile "exclude-files" (lib.concatStringsSep "\n" cfg.exclude);
};
};
systemd.timers.restic = {
wantedBy = [ "multi-user.target" ];
timerConfig.OnCalendar = cfg.interval;
};
environment.systemPackages = [ pkgs.restic ];
};
}
Reference in a new issue View git blame Copy permalink