nixos/fragments/backup.nix at ae3b51a875e3ee92c7194aa99c7d2c3e1d511ed9 · wiro.world/dotfiles

wiro.world / dotfiles
yep, more dotfiles
dotfiles / nixos / fragments / backup.nix
at ae3b51a875e3ee92c7194aa99c7d2c3e1d511ed9 2.9 kB view raw
 1{ config
 2, lib
 3, pkgs
 4, ...
 5}:
 6
 7let
 8  inherit (config.age) secrets;
 9
10  cfg = config.local.fragment.backup;
11
12  hostname = config.networking.hostName;
13  mainUsername = config.local.user.username;
14in
15{
16  options.local.fragment.backup.enable = lib.mkEnableOption ''
17    Backup related
18  '';
19
20  # TODO: fix module
21  config.assertions = lib.optional cfg.enable { assertion = false; message = "module is broken"; };
22  config.services.restic.backups = lib.mkIf cfg.enable {
23    # Backup documents and repos code
24    google-drive = {
25      repository = "rclone:googledrive:/Backups/${hostname}";
26      passwordFile = secrets.backup-restic-key.path;
27      rcloneConfigFile = secrets.backup-rclone-googledrive.path;
28      initialize = true;
29
30      paths = [
31        "/home/${mainUsername}/Documents"
32        # Equivalent of `~/Development` but needs extra handling as explained below
33        "/home/${mainUsername}/.local/backup/repos"
34      ];
35
36      # Extra handling for Development folder to respect `.gitignore` files.
37      #
38      # Backup folder should be stored somewhere to avoid changing ctimes
39      # which would cause otherwise unchanged files to be backed up again.
40      # Since `--link-dest` is used, file contents won't be duplicated on disk.
41      backupPrepareCommand = ''
42        # Remove stale Restic locks
43        ${lib.getExe pkgs.restic} unlock || true
44
45        ${lib.getExe pkgs.rsync} \
46          ${"\\" /* Archive mode and delete files that are not in the source directory. `--mkpath` is like `mkdir`'s `-p` option */}
47          --archive --delete --mkpath \
48          ${"\\" /* `:-` operator uses .gitignore files as exclude patterns */}
49          --filter=':- .gitignore' \
50          ${"\\" /* Exclude nixpkgs repository because they have some weird symlink test files that break rsync */}
51          --exclude 'nixpkgs' \
52          ${"\\" /* Hardlink files to avoid taking up more space */}
53          --link-dest=/home/${mainUsername}/Development \
54          /home/${mainUsername}/Development/ /home/${mainUsername}/.local/backup/repos
55      '';
56
57      pruneOpts = [
58        "--keep-daily 7"
59        "--keep-weekly 5"
60        "--keep-yearly 10"
61      ];
62
63
64      # TODO: fix config
65      timerConfig = null;
66      # timerConfig = {
67      #   OnCalendar = "00:05";
68      #   RandomizedDelaySec = "5h";
69      # };
70    };
71
72    # Backup documents and large files
73    archaic-bak = {
74      repository = "/run/media/${mainUsername}/ArchaicBak/Backups/${hostname}";
75      passwordFile = secrets.backup-restic-key.path;
76      initialize = true;
77
78      # this would fix issue that folder is created as root
79      # but we cannot access the backup key
80      user = config.local.user.username;
81
82      paths = [ "/home/${mainUsername}/Documents" ];
83
84      # Should only be ran manually when the backup Disk is attached
85      timerConfig = null;
86    };
87  };
88}