jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

mkRestic modifications, will add mkBorg later and use that instead.

Browse source
This commit is contained in:
Joseph Hanson 2025-02-09 19:26:53 -06:00
parent 4a4cce4e94
commit f02407bfca
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
1 changed files with 107 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
nixos/modules/nixos/lib.nix
View file

@ -3,13 +3,9 @@
config,
pkgs,
...
}:
{
}: {
# container builder
lib.mySystem.mkContainer =
options:
(
lib.mySystem.mkContainer = options: (
let
containerExtraOptions =
lib.optionals (lib.attrsets.attrByPath ["caps" "privileged"] false options) ["--privileged"]
@ -21,21 +17,24 @@
"--security-opt=no-new-privileges"
]
++ lib.optionals (lib.attrsets.attrByPath ["caps" "dropAll"] false options) ["--cap-drop=ALL"];
in
{
in {
${options.app} = {
image = "${options.image}";
user = "${options.user}:${options.group}";
environment = {
environment =
{
TZ = config.time.timeZone;
} // lib.attrsets.attrByPath [ "env" ] { } options;
}
// lib.attrsets.attrByPath ["env"] {} options;
dependsOn = lib.attrsets.attrByPath ["dependsOn"] [] options;
entrypoint = lib.attrsets.attrByPath ["entrypoint"] null options;
cmd = lib.attrsets.attrByPath ["cmd"] [] options;
environmentFiles = lib.attrsets.attrByPath ["envFiles"] [] options;
volumes = [
volumes =
[
"/etc/localtime:/etc/localtime:ro"
] ++ lib.attrsets.attrByPath [ "volumes" ] [ ] options;
]
++ lib.attrsets.attrByPath ["volumes"] [] options;
ports = lib.attrsets.attrByPath ["ports"] [] options;
extraOptions = containerExtraOptions;
};
@ -76,25 +75,28 @@
# This creates two backup jobs:
# - nextcloud-local: backs up to local storage
# - nextcloud-remote: backs up to remote storage (e.g. S3)
lib.mySystem.mkRestic =
options:
let
lib.mySystem.mkRestic = options: let
# excludePaths is optional
excludePaths = if builtins.hasAttr "excludePaths" options then options.excludePaths else [ ];
excludePaths =
if builtins.hasAttr "excludePaths" options
then options.excludePaths
else [];
# Decide which mutually exclusive options to use
remoteResticTemplateFile =
if builtins.hasAttr "remoteResticTemplateFile" options then
options.remoteResticTemplateFile
else
null;
if builtins.hasAttr "remoteResticTemplateFile" options
then options.remoteResticTemplateFile
else null;
remoteResticTemplate =
if builtins.hasAttr "remoteResticTemplate" options then options.remoteResticTemplate else null;
if builtins.hasAttr "remoteResticTemplate" options
then options.remoteResticTemplate
else null;
# 2:05 daily backup with 3h random delay
timerConfig = {
OnCalendar = "06:05"; # night snap is taken at 02:10
Persistent = true;
RandomizedDelaySec = "30m";
};
timerConfig = null;
#{
#OnCalendar = "00:20"; # night snap is taken at 02:10
#Persistent = true;
#RandomizedDelaySec = "30m";
#};
# 7 daily, 5 weekly, 12 monthly backups
pruneOpts = [
"--keep-daily 7"
@ -108,8 +110,7 @@
#
${pkgs.restic}/bin/restic unlock --remove-all || true
'';
in
{
in {
# local backup
"${options.app}-local" = {
inherit
@ -121,9 +122,11 @@
inherit (options) user passwordFile environmentFile;
# Move the path to the zfs snapshot path
paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
exclude = map (
exclude =
map (
x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
) options.excludePaths;
)
options.excludePaths;
repository = "${options.localResticTemplate}";
};
@ -140,9 +143,11 @@
paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
repository = remoteResticTemplate;
repositoryFile = remoteResticTemplateFile;
exclude = map (
exclude =
map (
x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
) options.excludePaths;
)
options.excludePaths;
};
};
}