commit 6b0b1559e918d4f7d1df398ee1d33aeac586d4d6 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2511.section.md

···

215
215

216
216

- Immich now has support for [VectorChord](https://github.com/tensorchord/VectorChord) when using the PostgreSQL configuration provided by `services.immich.database.enable`, which replaces `pgvecto-rs`. VectorChord support can be toggled with the option `services.immich.database.enableVectorChord`. Additionally, `pgvecto-rs` support is now disabled from NixOS 25.11 onwards using the option `services.immich.database.enableVectors`. This option will be removed fully in the future once Immich drops support for `pgvecto-rs` fully. See [Immich migration instructions](#module-services-immich-vectorchord-migration)

217
217

218
218
+
- `services.restic.backups` now includes a `command` option for passing a command to the [--stdin-from-command](https://github.com/restic/restic/pull/4410) flag.

219
219
+

218
220

- `services.postsrsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.postsrsd.configurePostfix](#opt-services.postsrsd.configurePostfix) option.

219
221

220
222

- `services.pfix-srsd` now automatically integrates with the local Postfix instance, when enabled. This behavior can disabled using the [services.pfix-srsd.configurePostfix](#opt-services.pfix-srsd.configurePostfix) option.

+65 -14

nixos/modules/services/backup/restic.nix

···

       146
       146
        
                     ];

     

       147
       147
        
                   };

     

       148
       148
        
       

     

       149
       149
       +
                   command = lib.mkOption {

     

       150
       150
       +
                     type = lib.types.listOf lib.types.str;

     

       151
       151
       +
                     default = [ ];

     

       152
       152
       +
                     description = ''

     

       153
       153
       +
                       Command to pass to --stdin-from-command. If null or an empty array, and `paths`/`dynamicFilesFrom`

     

       154
       154
       +
                       are also null, no backup command will be run.

     

       155
       155
       +
                     '';

     

       156
       156
       +
                     example = [

     

       157
       157
       +
                       "sudo"

     

       158
       158
       +
                       "-u"

     

       159
       159
       +
                       "postgres"

     

       160
       160
       +
                       "pg_dumpall"

     

       161
       161
       +
                     ];

     

       162
       162
       +
                   };

     

       163
       163
       +
       

     

       149
       164
        
                   exclude = lib.mkOption {

     

       150
       165
        
                     type = lib.types.listOf lib.types.str;

     

       151
       166
        
                     default = [ ];

     
···

       238
       253
        
       

     

       239
       254
        
                   runCheck = lib.mkOption {

     

       240
       255
        
                     type = lib.types.bool;

     

       241
       241
       -
                     default = (builtins.length config.services.restic.backups.${name}.checkOpts > 0);

     

       256
       256
       +
                     default = builtins.length config.services.restic.backups.${name}.checkOpts > 0;

     

       242
       257
        
                     defaultText = lib.literalExpression ''builtins.length config.services.backups.${name}.checkOpts > 0'';

     

       243
       258
        
                     description = "Whether to run the `check` command with the provided `checkOpts` options.";

     

       244
       259
        
                     example = true;

     
···

       327
       342
        
                 RandomizedDelaySec = "5h";

     

       328
       343
        
               };

     

       329
       344
        
             };

     

       345
       345
       +
             commandbackup = {

     

       346
       346
       +
               command = [

     

       347
       347
       +
                 "\${lib.getExe pkgs.sudo}"

     

       348
       348
       +
                 "-u postgres"

     

       349
       349
       +
                 "\${pkgs.postgresql}/bin/pg_dumpall"

     

       350
       350
       +
               ];

     

       351
       351
       +
               extraBackupArgs = [ "--tag database" ];

     

       352
       352
       +
               repository = "s3:example.com/mybucket";

     

       353
       353
       +
               passwordFile = "/etc/nixos/secrets/restic-password";

     

       354
       354
       +
               environmentFile = "/etc/nixos/secrets/restic-environment";

     

       355
       355
       +
               pruneOpts = [

     

       356
       356
       +
                 "--keep-daily 14"

     

       357
       357
       +
                 "--keep-weekly 4"

     

       358
       358
       +
                 "--keep-monthly 2"

     

       359
       359
       +
                 "--group-by tags"

     

       360
       360
       +
               ];

     

       361
       361
       +
             };

     

       330
       362
        
           };

     

       331
       363
        
         };

     

       332
       364
        
       

     

       333
       365
        
         config = {

     

       334
       334
       -
           assertions = lib.mapAttrsToList (n: v: {

     

       335
       335
       -
             assertion = (v.repository == null) != (v.repositoryFile == null);

     

       336
       336
       -
             message = "services.restic.backups.${n}: exactly one of repository or repositoryFile should be set";

     

       337
       337
       -
           }) config.services.restic.backups;

     

       366
       366
       +
           assertions = lib.flatten (

     

       367
       367
       +
             lib.mapAttrsToList (name: backup: [

     

       368
       368
       +
               {

     

       369
       369
       +
                 assertion = (backup.repository == null) != (backup.repositoryFile == null);

     

       370
       370
       +
                 message = "services.restic.backups.${name}: exactly one of repository or repositoryFile should be set";

     

       371
       371
       +
               }

     

       372
       372
       +
               {

     

       373
       373
       +
                 assertion =

     

       374
       374
       +
                   let

     

       375
       375
       +
                     fileBackup = (backup.paths != null && backup.paths != [ ]) || backup.dynamicFilesFrom != null;

     

       376
       376
       +
                     commandBackup = backup.command != [ ];

     

       377
       377
       +
                   in

     

       378
       378
       +
                   !(fileBackup && commandBackup);

     

       379
       379
       +
                 message = "services.restic.backups.${name}: cannot do both a command backup and a file backup at the same time.";

     

       380
       380
       +
               }

     

       381
       381
       +
             ]) config.services.restic.backups

     

       382
       382
       +
           );

     

       338
       383
        
           systemd.services = lib.mapAttrs' (

     

       339
       384
        
             name: backup:

     

       340
       385
        
             let

     
···

       351
       396
        
                 backup.exclude != [ ]

     

       352
       397
        
               ) "--exclude-file=${pkgs.writeText "exclude-patterns" (lib.concatStringsSep "\n" backup.exclude)}";

     

       353
       398
        
               filesFromTmpFile = "/run/restic-backups-${name}/includes";

     

       354
       354
       -
               doBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != [ ]);

     

       399
       399
       +
               fileBackup = (backup.dynamicFilesFrom != null) || (backup.paths != null && backup.paths != [ ]);

     

       400
       400
       +
               commandBackup = backup.command != [ ];

     

       401
       401
       +
               doBackup = fileBackup || commandBackup;

     

       355
       402
        
               pruneCmd = lib.optionals (builtins.length backup.pruneOpts > 0) [

     

       356
       403
        
                 (resticCmd + " unlock")

     

       357
       404
        
                 (resticCmd + " forget --prune " + (lib.concatStringsSep " " backup.pruneOpts))

     
···

       397
       444
        
                 serviceConfig = {

     

       398
       445
        
                   Type = "oneshot";

     

       399
       446
        
                   ExecStart =

     

       400
       400
       -
                     (lib.optionals doBackup [

     

       447
       447
       +
                     lib.optionals doBackup [

     

       401
       448
        
                       "${resticCmd} backup ${

     

       402
       402
       -
                         lib.concatStringsSep " " (backup.extraBackupArgs ++ excludeFlags)

     

       403
       403
       -
                       } --files-from=${filesFromTmpFile}"

     

       404
       404
       -
                     ])

     

       449
       449
       +
                         lib.concatStringsSep " " (

     

       450
       450
       +
                           backup.extraBackupArgs

     

       451
       451
       +
                           ++ lib.optionals fileBackup (excludeFlags ++ [ "--files-from=${filesFromTmpFile}" ])

     

       452
       452
       +
                           ++ lib.optionals commandBackup ([ "--stdin-from-command=true --" ] ++ backup.command)

     

       453
       453
       +
                         )

     

       454
       454
       +
                       }"

     

       455
       455
       +
                     ]

     

       405
       456
        
                     ++ pruneCmd

     

       406
       457
        
                     ++ checkCmd;

     

       407
       458
        
                   User = backup.user;

     
···

       419
       470
        
                   ${lib.optionalString (backup.backupPrepareCommand != null) ''

     

       420
       471
        
                     ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand}

     

       421
       472
        
                   ''}

     

       422
       422
       -
                   ${lib.optionalString (backup.initialize) ''

     

       473
       473
       +
                   ${lib.optionalString backup.initialize ''

     

       423
       474
        
                     ${resticCmd} cat config > /dev/null || ${resticCmd} init

     

       424
       475
        
                   ''}

     

       425
       476
        
                   ${lib.optionalString (backup.paths != null && backup.paths != [ ]) ''

     
···

       435
       486
        
                   ${lib.optionalString (backup.backupCleanupCommand != null) ''

     

       436
       487
        
                     ${pkgs.writeScript "backupCleanupCommand" backup.backupCleanupCommand}

     

       437
       488
        
                   ''}

     

       438
       438
       -
                   ${lib.optionalString doBackup ''

     

       489
       489
       +
                   ${lib.optionalString fileBackup ''

     

       439
       490
        
                     rm ${filesFromTmpFile}

     

       440
       491
        
                   ''}

     

       441
       492
        
                 '';

     
···

       446
       497
        
             name: backup:

     

       447
       498
        
             lib.nameValuePair "restic-backups-${name}" {

     

       448
       499
        
               wantedBy = [ "timers.target" ];

     

       449
       449
       -
               timerConfig = backup.timerConfig;

     

       500
       500
       +
               inherit (backup) timerConfig;

     

       450
       501
        
             }

     

       451
       502
        
           ) (lib.filterAttrs (_: backup: backup.timerConfig != null) config.services.restic.backups);

     

       452
       503
        
       

     
···

       464
       515
        
               ${lib.pipe config.systemd.services."restic-backups-${name}".environment [

     

       465
       516
        
                 (lib.filterAttrs (n: v: v != null && n != "PATH"))

     

       466
       517
        
                 (lib.mapAttrs (_: v: "${v}"))

     

       467
       467
       -
                 (lib.toShellVars)

     

       518
       518
       +
                 lib.toShellVars

     

       468
       519
        
               ]}

     

       469
       520
        
               PATH=${config.systemd.services."restic-backups-${name}".environment.PATH}:$PATH

     

       470
       521

+21 -1

nixos/tests/restic.nix

···

       1
       1
        
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       2
        
       let

     

       4
       3
        
         inherit (import ./ssh-keys.nix pkgs)

     

       5
       4
        
           snakeOilEd25519PrivateKey

     
···

       8
       7
        
       

     

       9
       8
        
         remoteRepository = "/root/restic-backup";

     

       10
       9
        
         remoteFromFileRepository = "/root/restic-backup-from-file";

     

       10
       10
       +
         remoteFromCommandRepository = "/root/restic-backup-from-command";

     

       11
       11
        
         remoteInhibitTestRepository = "/root/restic-backup-inhibit-test";

     

       12
       12
        
         remoteNoInitRepository = "/root/restic-backup-no-init";

     

       13
       13
        
         rcloneRepository = "rclone:local:/root/restic-rclone-backup";

     
···

       44
       44
        
           "--keep-weekly 1"

     

       45
       45
        
           "--keep-monthly 1"

     

       46
       46
        
           "--keep-yearly 99"

     

       47
       47
       +
         ];

     

       48
       48
       +
         commandString = "testing";

     

       49
       49
       +
         command = [

     

       50
       50
       +
           "echo"

     

       51
       51
       +
           "-n"

     

       52
       52
       +
           commandString

     

       47
       53
        
         ];

     

       48
       54
        
       in

     

       49
       55
        
       {

     
···

       127
       133
        
                     find /opt -mindepth 1 -maxdepth 1 ! -name a_dir # all files in /opt except for a_dir

     

       128
       134
        
                   '';

     

       129
       135
        
                 };

     

       136
       136
       +
                 remote-from-command-backup = {

     

       137
       137
       +
                   inherit

     

       138
       138
       +
                     passwordFile

     

       139
       139
       +
                     pruneOpts

     

       140
       140
       +
                     command

     

       141
       141
       +
                     ;

     

       142
       142
       +
                   initialize = true;

     

       143
       143
       +
                   repository = remoteFromCommandRepository;

     

       144
       144
       +
                 };

     

       130
       145
        
                 inhibit-test = {

     

       131
       146
        
                   inherit

     

       132
       147
        
                     passwordFile

     
···

       266
       281
        
               "mkdir /tmp/restore-3",

     

       267
       282
        
               "${pkgs.restic}/bin/restic -r ${remoteRepository} -p ${passwordFile} restore latest -t /tmp/restore-3",

     

       268
       283
        
               "diff -ru ${testDir} /tmp/restore-3/opt",

     

       284
       284
       +
       

     

       285
       285
       +
               # test that remote-from-command-backup produces a snapshot, with the expected contents

     

       286
       286
       +
               "systemctl start restic-backups-remote-from-command-backup.service",

     

       287
       287
       +
               'restic-remote-from-command-backup snapshots --json | ${pkgs.jq}/bin/jq "length | . == 1"',

     

       288
       288
       +
               '[[ $(restic-remote-from-command-backup dump --path /stdin latest stdin) == ${commandString} ]]',

     

       269
       289
        
       

     

       270
       290
        
               # test that rclonebackup produces a snapshot

     

       271
       291
        
               "systemctl start restic-backups-rclonebackup.service",