ryan.freumh.org / eilean-nix
Self-host your own digital island
fork atom
eilean-nix / modules / mailserver / borgbackup.nix
at adc7853f774398838c6f898a94a9b518839b11e3 3.2 kB view raw
1# nixos-mailserver: a simple mail server 2# Copyright (C) 2016-2018 Robin Raymond 3# 4# This program is free software: you can redistribute it and/or modify 5# it under the terms of the GNU General Public License as published by 6# the Free Software Foundation, either version 3 of the License, or 7# (at your option) any later version. 8# 9# This program is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with this program. If not, see <http://www.gnu.org/licenses/> 16 17{ config, pkgs, lib, ... }: 18 19let 20 cfg = config.mailserver.borgbackup; 21 22 methodFragment = lib.optional (cfg.compression.method != null) cfg.compression.method; 23 autoFragment = 24 if cfg.compression.auto && cfg.compression.method == null 25 then throw "compression.method must be set when using auto." 26 else lib.optional cfg.compression.auto "auto"; 27 levelFragment = 28 if cfg.compression.level != null && cfg.compression.method == null 29 then throw "compression.method must be set when using compression.level." 30 else lib.optional (cfg.compression.level != null) (toString cfg.compression.level); 31 compressionFragment = lib.concatStringsSep "," (lib.flatten [autoFragment methodFragment levelFragment]); 32 compression = lib.optionalString (compressionFragment != "") "--compression ${compressionFragment}"; 33 34 encryptionFragment = cfg.encryption.method; 35 passphraseFile = lib.escapeShellArg cfg.encryption.passphraseFile; 36 passphraseFragment = lib.optionalString (cfg.encryption.method != "none") 37 (if cfg.encryption.passphraseFile != null then ''env BORG_PASSPHRASE="$(cat ${passphraseFile})"'' 38 else throw "passphraseFile must be set when using encryption."); 39 40 locations = lib.escapeShellArgs cfg.locations; 41 name = lib.escapeShellArg cfg.name; 42 43 repoLocation = lib.escapeShellArg cfg.repoLocation; 44 45 extraInitArgs = lib.escapeShellArgs cfg.extraArgumentsForInit; 46 extraCreateArgs = lib.escapeShellArgs cfg.extraArgumentsForCreate; 47 48 cmdPreexec = lib.optionalString (cfg.cmdPreexec != null) cfg.cmdPreexec; 49 cmdPostexec = lib.optionalString (cfg.cmdPostexec != null) cfg.cmdPostexec; 50 51 borgScript = '' 52 export BORG_REPO=${repoLocation} 53 ${cmdPreexec} 54 ${passphraseFragment} ${pkgs.borgbackup}/bin/borg init ${extraInitArgs} --encryption ${encryptionFragment} || true 55 ${passphraseFragment} ${pkgs.borgbackup}/bin/borg create ${extraCreateArgs} ${compression} ::${name} ${locations} 56 ${cmdPostexec} 57 ''; 58in { 59 config = lib.mkIf (config.mailserver.enable && cfg.enable) { 60 environment.systemPackages = with pkgs; [ 61 borgbackup 62 ]; 63 64 systemd.services.borgbackup = { 65 description = "borgbackup"; 66 unitConfig.Documentation = "man:borgbackup"; 67 script = borgScript; 68 serviceConfig = { 69 User = cfg.user; 70 Group = cfg.group; 71 CPUSchedulingPolicy = "idle"; 72 IOSchedulingClass = "idle"; 73 ProtectSystem = "full"; 74 }; 75 startAt = cfg.startAt; 76 }; 77 }; 78}