nixos/fragments/backup.nix at main · wiro.world/dotfiles

wiro.world / dotfiles
yep, more dotfiles
dotfiles / nixos / fragments / backup.nix
at main 3.1 kB view raw
 1{ config
 2, lib
 3, pkgs
 4, ...
 5}:
 6
 7let
 8  inherit (config.age) secrets;
 9
10  cfg = config.local.fragment.backup;
11
12  hostname = config.networking.hostName;
13  mainUsername = config.local.user.username;
14in
15{
16  options.local.fragment.backup.enable = lib.mkEnableOption ''
17    Backup related
18  '';
19
20
21  config = lib.mkIf cfg.enable {
22    # TODO: fix module
23    assertions = [{ assertion = false; message = "module is broken"; }];
24
25    age.secrets.backup-restic-key.file = ../../secrets/backup/restic-key.age;
26    age.secrets.backup-rclone-google-drive.file = ../../secrets/backup/rclone-googledrive.age;
27
28    services.restic.backups = {
29      # Backup documents and repos code
30      google-drive = {
31        repository = "rclone:googledrive:/Backups/${hostname}";
32        passwordFile = secrets.backup-restic-key.path;
33        rcloneConfigFile = secrets.backup-rclone-googledrive.path;
34        initialize = true;
35
36        paths = [
37          "/home/${mainUsername}/Documents"
38          # Equivalent of `~/Development` but needs extra handling as explained below
39          "/home/${mainUsername}/.local/backup/repos"
40        ];
41
42        # Extra handling for Development folder to respect `.gitignore` files.
43        #
44        # Backup folder should be stored somewhere to avoid changing ctimes
45        # which would cause otherwise unchanged files to be backed up again.
46        # Since `--link-dest` is used, file contents won't be duplicated on disk.
47        backupPrepareCommand = ''
48          # Remove stale Restic locks
49          ${lib.getExe pkgs.restic} unlock || true
50
51          ${lib.getExe pkgs.rsync} \
52            ${"\\" /* Archive mode and delete files that are not in the source directory. `--mkpath` is like `mkdir`'s `-p` option */}
53            --archive --delete --mkpath \
54            ${"\\" /* `:-` operator uses .gitignore files as exclude patterns */}
55            --filter=':- .gitignore' \
56            ${"\\" /* Exclude nixpkgs repository because they have some weird symlink test files that break rsync */}
57            --exclude 'nixpkgs' \
58            ${"\\" /* Hardlink files to avoid taking up more space */}
59            --link-dest=/home/${mainUsername}/Development \
60            /home/${mainUsername}/Development/ /home/${mainUsername}/.local/backup/repos
61        '';
62
63        pruneOpts = [
64          "--keep-daily 7"
65          "--keep-weekly 5"
66          "--keep-yearly 10"
67        ];
68
69
70        # TODO: fix config
71        timerConfig = null;
72        # timerConfig = {
73        #   OnCalendar = "00:05";
74        #   RandomizedDelaySec = "5h";
75        # };
76      };
77
78      # Backup documents and large files
79      archaic-bak = {
80        repository = "/run/media/${mainUsername}/ArchaicBak/Backups/${hostname}";
81        passwordFile = secrets.backup-restic-key.path;
82        initialize = true;
83
84        # this would fix issue that folder is created as root
85        # but we cannot access the backup key
86        user = config.local.user.username;
87
88        paths = [ "/home/${mainUsername}/Documents" ];
89
90        # Should only be ran manually when the backup Disk is attached
91        timerConfig = null;
92      };
93    };
94  };
95}