jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

mkRestic modifications, will add mkBorg later and use that instead.

Browse source
This commit is contained in:
Joseph Hanson 2025-02-09 19:26:53 -06:00
parent 4a4cce4e94
commit f02407bfca
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
1 changed files with 107 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
nixos/modules/nixos/lib.nix
View file

@ -3,40 +3,39 @@
config, config,
pkgs, pkgs,
... ...
}: }: {
{
# container builder # container builder
lib.mySystem.mkContainer = lib.mySystem.mkContainer = options: (
options:
(
let let
containerExtraOptions = containerExtraOptions =
lib.optionals (lib.attrsets.attrByPath [ "caps" "privileged" ] false options) [ "--privileged" ] lib.optionals (lib.attrsets.attrByPath ["caps" "privileged"] false options) ["--privileged"]
++ lib.optionals (lib.attrsets.attrByPath [ "caps" "readOnly" ] false options) [ "--read-only" ] ++ lib.optionals (lib.attrsets.attrByPath ["caps" "readOnly"] false options) ["--read-only"]
++ lib.optionals (lib.attrsets.attrByPath [ "caps" "tmpfs" ] false options) ( ++ lib.optionals (lib.attrsets.attrByPath ["caps" "tmpfs"] false options) (
map (folders: "--tmpfs=${folders}") options.caps.tmpfsFolders map (folders: "--tmpfs=${folders}") options.caps.tmpfsFolders
) )
++ lib.optionals (lib.attrsets.attrByPath [ "caps" "noNewPrivileges" ] false options) [ ++ lib.optionals (lib.attrsets.attrByPath ["caps" "noNewPrivileges"] false options) [
"--security-opt=no-new-privileges" "--security-opt=no-new-privileges"
] ]
++ lib.optionals (lib.attrsets.attrByPath [ "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ]; ++ lib.optionals (lib.attrsets.attrByPath ["caps" "dropAll"] false options) ["--cap-drop=ALL"];
in in {
{
${options.app} = { ${options.app} = {
image = "${options.image}"; image = "${options.image}";
user = "${options.user}:${options.group}"; user = "${options.user}:${options.group}";
environment = { environment =
{
TZ = config.time.timeZone; TZ = config.time.timeZone;
} // lib.attrsets.attrByPath [ "env" ] { } options; }
dependsOn = lib.attrsets.attrByPath [ "dependsOn" ] [ ] options; // lib.attrsets.attrByPath ["env"] {} options;
entrypoint = lib.attrsets.attrByPath [ "entrypoint" ] null options; dependsOn = lib.attrsets.attrByPath ["dependsOn"] [] options;
cmd = lib.attrsets.attrByPath [ "cmd" ] [ ] options; entrypoint = lib.attrsets.attrByPath ["entrypoint"] null options;
environmentFiles = lib.attrsets.attrByPath [ "envFiles" ] [ ] options; cmd = lib.attrsets.attrByPath ["cmd"] [] options;
volumes = [ environmentFiles = lib.attrsets.attrByPath ["envFiles"] [] options;
volumes =
[
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
] ++ lib.attrsets.attrByPath [ "volumes" ] [ ] options; ]
ports = lib.attrsets.attrByPath [ "ports" ] [ ] options; ++ lib.attrsets.attrByPath ["volumes"] [] options;
ports = lib.attrsets.attrByPath ["ports"] [] options;
extraOptions = containerExtraOptions; extraOptions = containerExtraOptions;
}; };
} }
@ -76,25 +75,28 @@
# This creates two backup jobs: # This creates two backup jobs:
# - nextcloud-local: backs up to local storage # - nextcloud-local: backs up to local storage
# - nextcloud-remote: backs up to remote storage (e.g. S3) # - nextcloud-remote: backs up to remote storage (e.g. S3)
lib.mySystem.mkRestic = lib.mySystem.mkRestic = options: let
options:
let
# excludePaths is optional # excludePaths is optional
excludePaths = if builtins.hasAttr "excludePaths" options then options.excludePaths else [ ]; excludePaths =
if builtins.hasAttr "excludePaths" options
then options.excludePaths
else [];
# Decide which mutually exclusive options to use # Decide which mutually exclusive options to use
remoteResticTemplateFile = remoteResticTemplateFile =
if builtins.hasAttr "remoteResticTemplateFile" options then if builtins.hasAttr "remoteResticTemplateFile" options
options.remoteResticTemplateFile then options.remoteResticTemplateFile
else else null;
null;
remoteResticTemplate = remoteResticTemplate =
if builtins.hasAttr "remoteResticTemplate" options then options.remoteResticTemplate else null; if builtins.hasAttr "remoteResticTemplate" options
then options.remoteResticTemplate
else null;
# 2:05 daily backup with 3h random delay # 2:05 daily backup with 3h random delay
timerConfig = { timerConfig = null;
OnCalendar = "06:05"; # night snap is taken at 02:10 #{
Persistent = true; #OnCalendar = "00:20"; # night snap is taken at 02:10
RandomizedDelaySec = "30m"; #Persistent = true;
}; #RandomizedDelaySec = "30m";
#};
# 7 daily, 5 weekly, 12 monthly backups # 7 daily, 5 weekly, 12 monthly backups
pruneOpts = [ pruneOpts = [
"--keep-daily 7" "--keep-daily 7"
@ -108,8 +110,7 @@
# #
${pkgs.restic}/bin/restic unlock --remove-all || true ${pkgs.restic}/bin/restic unlock --remove-all || true
''; '';
in in {
{
# local backup # local backup
"${options.app}-local" = { "${options.app}-local" = {
inherit inherit
@ -121,9 +122,11 @@
inherit (options) user passwordFile environmentFile; inherit (options) user passwordFile environmentFile;
# Move the path to the zfs snapshot path # Move the path to the zfs snapshot path
paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths; paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
exclude = map ( exclude =
map (
x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}" x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
) options.excludePaths; )
options.excludePaths;
repository = "${options.localResticTemplate}"; repository = "${options.localResticTemplate}";
}; };
@ -140,9 +143,11 @@
paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths; paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
repository = remoteResticTemplate; repository = remoteResticTemplate;
repositoryFile = remoteResticTemplateFile; repositoryFile = remoteResticTemplateFile;
exclude = map ( exclude =
map (
x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}" x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
) options.excludePaths; )
options.excludePaths;
}; };
}; };
} }