backups: add clanCore backup & clan borgbackup module
This commit is contained in:
parent
c39eb24318
commit
640430075a
7
checks/borgbackup/borg_test
Normal file
7
checks/borgbackup/borg_test
Normal file
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACASG8CFZy8vrqA2erivzgnNUCuOkiBngt5lXPOXai2EMAAAAJAOOON0Djjj
|
||||
dAAAAAtzc2gtZWQyNTUxOQAAACASG8CFZy8vrqA2erivzgnNUCuOkiBngt5lXPOXai2EMA
|
||||
AAAEDTjUOWSYeU3Xu+Ol1731b9rXeEVXSdrhVOraA+7/35JBIbwIVnLy+uoDZ6uK/OCc1Q
|
||||
K46SIGeC3mVc85dqLYQwAAAADGxhc3NAaWduYXZpYQE=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
1
checks/borgbackup/borg_test.pub
Normal file
1
checks/borgbackup/borg_test.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIbwIVnLy+uoDZ6uK/OCc1QK46SIGeC3mVc85dqLYQw lass@ignavia
|
36
checks/borgbackup/default.nix
Normal file
36
checks/borgbackup/default.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
(import ../lib/container-test.nix) ({ ... }: {
|
||||
name = "borgbackup";
|
||||
|
||||
nodes.machine = { self, ... }: {
|
||||
imports = [
|
||||
self.clanModules.borgbackup
|
||||
self.nixosModules.clanCore
|
||||
{
|
||||
services.openssh.enable = true;
|
||||
services.borgbackup.repos.testrepo = {
|
||||
authorizedKeys = [
|
||||
(builtins.readFile ./borg_test.pub)
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
clanCore.machineName = "machine";
|
||||
clanCore.clanDir = ./.;
|
||||
clanCore.state."/etc/state" = { };
|
||||
environment.etc.state.text = "hello world";
|
||||
clan.borgbackup = {
|
||||
enable = true;
|
||||
destinations.test = {
|
||||
repo = "borg@localhost:.";
|
||||
rsh = "ssh -i ${./borg_test} -o StrictHostKeyChecking=no";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
testScript = ''
|
||||
start_all()
|
||||
machine.systemctl("start --wait borgbackup-job-test.service")
|
||||
assert "machine-test" in machine.succeed("BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes /run/current-system/sw/bin/borg-job-test list")
|
||||
'';
|
||||
})
|
|
@ -17,6 +17,7 @@
|
|||
container = import ./container nixosTestArgs;
|
||||
deltachat = import ./deltachat nixosTestArgs;
|
||||
meshnamed = import ./meshnamed nixosTestArgs;
|
||||
borgbackup = import ./borgbackup nixosTestArgs;
|
||||
};
|
||||
schemaTests = pkgs.callPackages ./schemas.nix {
|
||||
inherit self;
|
||||
|
|
73
clanModules/borgbackup.nix
Normal file
73
clanModules/borgbackup.nix
Normal file
|
@ -0,0 +1,73 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.clan.borgbackup;
|
||||
in
|
||||
{
|
||||
options.clan.borgbackup = {
|
||||
enable = lib.mkEnableOption "backups with borgbackup";
|
||||
destinations = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
description = "the name of the backup job";
|
||||
};
|
||||
repo = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "the borgbackup repository to backup to";
|
||||
};
|
||||
rsh = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "";
|
||||
description = "the rsh to use for the backup";
|
||||
};
|
||||
|
||||
};
|
||||
}));
|
||||
description = ''
|
||||
destinations where the machine should be backuped to
|
||||
'';
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.borgbackup.jobs = lib.mapAttrs
|
||||
(_: dest: {
|
||||
paths = map (state: state.folder) (lib.attrValues config.clanCore.state);
|
||||
exclude = [
|
||||
"*.pyc"
|
||||
];
|
||||
repo = dest.repo;
|
||||
environment.BORG_RSH = dest.rsh;
|
||||
encryption.mode = "none";
|
||||
compression = "auto,zstd";
|
||||
startAt = "*-*-* 01:00:00";
|
||||
preHook = ''
|
||||
set -x
|
||||
'';
|
||||
|
||||
prune.keep = {
|
||||
within = "1d"; # Keep all archives from the last day
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 0;
|
||||
};
|
||||
})
|
||||
cfg.destinations;
|
||||
|
||||
clanCore.backups.providers.borgbackup = {
|
||||
list = ''
|
||||
${lib.concatMapStringsSep "\n" (dest: ''
|
||||
echo listing backups for ${dest}
|
||||
borg-job-${dest} list
|
||||
'') cfg.destinations}
|
||||
'';
|
||||
start = ''
|
||||
${lib.concatMapStringsSep "\n" (dest: ''
|
||||
systemctl start borgbackup-job-${dest}
|
||||
'') cfg.destinations}
|
||||
'';
|
||||
|
||||
};
|
||||
};
|
||||
}
|
|
@ -8,5 +8,6 @@
|
|||
};
|
||||
deltachat = ./deltachat.nix;
|
||||
xfce = ./xfce.nix;
|
||||
borgbackup = ./borgbackup.nix;
|
||||
};
|
||||
}
|
||||
|
|
55
nixosModules/clanCore/backups.nix
Normal file
55
nixosModules/clanCore/backups.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
options.clanCore.state = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.attrsOf
|
||||
(lib.types.submodule ({ name, ... }: {
|
||||
options = {
|
||||
folder = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
description = ''
|
||||
Folder where state resides in
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
options.clanCore.backups = {
|
||||
providers = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
description = ''
|
||||
Name of the backup provider
|
||||
'';
|
||||
};
|
||||
list = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
script to list backups
|
||||
'';
|
||||
};
|
||||
delete = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
script to delete a backup
|
||||
'';
|
||||
};
|
||||
start = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
script to start a backup
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = [ ];
|
||||
description = ''
|
||||
Configured backup providers which are used by this machine
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ self, inputs, lib, ... }: {
|
||||
flake.nixosModules.clanCore = { config, pkgs, options, ... }: {
|
||||
imports = [
|
||||
./backups.nix
|
||||
./clan-imports
|
||||
./secrets
|
||||
./zerotier
|
||||
|
|
Loading…
Reference in New Issue
Block a user