borbackup-static: impl

Implements sane defaults implementing borgbackup Fixes: #1551
2024-06-03 16:58:24 +02:00 · 2024-06-03 16:58:24 +02:00 · 193d54153d
commit 193d54153d
parent 510634bc04
4 changed files with 112 additions and 1 deletions
--- a/clanModules/borgbackup-static/README.md
+++ b/clanModules/borgbackup-static/README.md
@ -0,0 +1,10 @@
+Statically configure borgbackup with sane defaults.
+---
+This module implements the `borgbackup` backend and implements sane defaults 
+for backup management through `borgbackup` for members of the clan.
+
+Configure target machines where the backups should be sent to through `targets`.
+
+Configure machines that should be backuped either through `includeMachines`
+which will exclusively add the included machines to be backuped, or through 
+`excludeMachines`, which will add every machine except the excluded machine to the backup.
--- a/clanModules/borgbackup-static/default.nix
+++ b/clanModules/borgbackup-static/default.nix
@ -0,0 +1,99 @@
+{ lib, config, ... }:
+let
+  clanDir = config.clanCore.clanDir;
+  machineDir = clanDir + "/machines/";
+in
+{
+  imports = [ ../borgbackup ];
+
+  options.clan.borgbackup-static = {
+    excludeMachines = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      example = [ config.clanCore.machineName ];
+      default = [ ];
+      description = ''
+        Machines that should not be backuped.
+        Mutually exclusive with includeMachines.
+        If this is not empty, every other machine except the targets in the clan will be backuped by this module.
+        If includeMachines is set, only the included machines will be backuped.
+      '';
+    };
+    includeMachines = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      example = [ config.clanCore.machineName ];
+      default = [ ];
+      description = ''
+        Machines that should be backuped.
+        Mutually exclusive with excludeMachines.
+      '';
+    };
+    targets = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = ''
+        Machines that should act as target machines for backups.
+      '';
+    };
+  };
+
+  config.services.borgbackup.repos =
+    let
+      machines = builtins.readDir machineDir;
+      borgbackupIpMachinePath = machines: machineDir + machines + "/facts/borgbackup.ssh.pub";
+      filteredMachines =
+        if ((builtins.length config.clan.borgbackup-static.includeMachines) != 0) then
+          lib.filterAttrs (name: _: (lib.elem name config.clan.borgbackup-static.includeMachines)) machines
+        else
+          lib.filterAttrs (name: _: !(lib.elem name config.clan.borgbackup-static.excludeMachines)) machines;
+      machinesMaybeKey = lib.mapAttrsToList (
+        machine: _:
+        let
+          fullPath = borgbackupIpMachinePath machine;
+        in
+        if builtins.pathExists fullPath then machine else null
+      ) filteredMachines;
+      machinesWithKey = lib.filter (x: x != null) machinesMaybeKey;
+      hosts = builtins.map (machine: {
+        name = machine;
+        value = {
+          path = "/var/lib/borgbackup/${machine}";
+          authorizedKeys = [ (builtins.readFile (borgbackupIpMachinePath machine)) ];
+        };
+      }) machinesWithKey;
+    in
+    lib.mkIf
+      (builtins.any (target: target == config.clanCore.machineName) config.clan.borgbackup-static.targets)
+      (if (builtins.listToAttrs hosts) != null then builtins.listToAttrs hosts else { });
+
+  config.clan.borgbackup.destinations =
+    let
+      destinations = builtins.map (d: {
+        name = d;
+        value = {
+          repo = "borg@${d}:/var/lib/borgbackup/${config.clanCore.machineName}";
+        };
+      }) config.clan.borgbackup-static.targets;
+    in
+    lib.mkIf (builtins.any (
+      target: target == config.clanCore.machineName
+    ) config.clan.borgbackup-static.includeMachines) (builtins.listToAttrs destinations);
+
+  config.assertions = [
+    {
+      assertion =
+        !(
+          ((builtins.length config.clan.borgbackup-static.excludeMachines) != 0)
+          && ((builtins.length config.clan.borgbackup-static.includeMachines) != 0)
+        );
+      message = ''
+        The options:
+        config.clan.borgbackup-static.excludeMachines = [${builtins.toString config.clan.borgbackup-static.excludeMachines}]
+        and
+        config.clan.borgbackup-static.includeMachines = [${builtins.toString config.clan.borgbackup-static.includeMachines}]
+        are mutually exclusive.
+        Use excludeMachines to exclude certain machines and backup the other clan machines.
+        Use include machines to only backup certain machines.
+      '';
+    }
+  ];
+}
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@ -5,6 +5,7 @@
      imports = [ ./disk-layouts ];
    };
    borgbackup = ./borgbackup;
+    borgbackup-static = ./borgbackup-static;
    deltachat = ./deltachat;
    ergochat = ./ergochat;
    localbackup = ./localbackup;
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@ -51,6 +51,7 @@ nav:
      - Flake-parts: getting-started/flake-parts.md
  - Modules:
      - Clan Modules:
+          - reference/clanModules/borgbackup-static.md
          - reference/clanModules/borgbackup.md
          - reference/clanModules/deltachat.md
          - reference/clanModules/disk-layouts.md
@ -61,9 +62,9 @@ nav:
          - reference/clanModules/moonlight.md
          - reference/clanModules/root-password.md
          - reference/clanModules/sshd.md
+          - reference/clanModules/static-hosts.md
          - reference/clanModules/sunshine.md
          - reference/clanModules/syncthing.md
-          - reference/clanModules/static-hosts.md
          - reference/clanModules/thelounge.md
          - reference/clanModules/trusted-nix-caches.md
          - reference/clanModules/user-password.md