mkRestic modifications, will add mkBorg later and use that instead.

2025-02-09 19:26:53 -06:00 · 2025-02-09 19:26:53 -06:00 · f02407bfca
commit f02407bfca
parent 4a4cce4e94
1 changed files with 107 additions and 102 deletions
--- a/nixos/modules/nixos/lib.nix
+++ b/nixos/modules/nixos/lib.nix
@ -3,40 +3,39 @@
  config,
  pkgs,
  ...
-}:
-{
-
+}: {
  # container builder
-  lib.mySystem.mkContainer =
-    options:
-    (
+  lib.mySystem.mkContainer = options: (
    let
      containerExtraOptions =
-          lib.optionals (lib.attrsets.attrByPath [ "caps" "privileged" ] false options) [ "--privileged" ]
-          ++ lib.optionals (lib.attrsets.attrByPath [ "caps" "readOnly" ] false options) [ "--read-only" ]
-          ++ lib.optionals (lib.attrsets.attrByPath [ "caps" "tmpfs" ] false options) (
+        lib.optionals (lib.attrsets.attrByPath ["caps" "privileged"] false options) ["--privileged"]
+        ++ lib.optionals (lib.attrsets.attrByPath ["caps" "readOnly"] false options) ["--read-only"]
+        ++ lib.optionals (lib.attrsets.attrByPath ["caps" "tmpfs"] false options) (
          map (folders: "--tmpfs=${folders}") options.caps.tmpfsFolders
        )
-          ++ lib.optionals (lib.attrsets.attrByPath [ "caps" "noNewPrivileges" ] false options) [
+        ++ lib.optionals (lib.attrsets.attrByPath ["caps" "noNewPrivileges"] false options) [
          "--security-opt=no-new-privileges"
        ]
-          ++ lib.optionals (lib.attrsets.attrByPath [ "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ];
-      in
-      {
+        ++ lib.optionals (lib.attrsets.attrByPath ["caps" "dropAll"] false options) ["--cap-drop=ALL"];
+    in {
      ${options.app} = {
        image = "${options.image}";
        user = "${options.user}:${options.group}";
-          environment = {
+        environment =
+          {
            TZ = config.time.timeZone;
-          } // lib.attrsets.attrByPath [ "env" ] { } options;
-          dependsOn = lib.attrsets.attrByPath [ "dependsOn" ] [ ] options;
-          entrypoint = lib.attrsets.attrByPath [ "entrypoint" ] null options;
-          cmd = lib.attrsets.attrByPath [ "cmd" ] [ ] options;
-          environmentFiles = lib.attrsets.attrByPath [ "envFiles" ] [ ] options;
-          volumes = [
+          }
+          // lib.attrsets.attrByPath ["env"] {} options;
+        dependsOn = lib.attrsets.attrByPath ["dependsOn"] [] options;
+        entrypoint = lib.attrsets.attrByPath ["entrypoint"] null options;
+        cmd = lib.attrsets.attrByPath ["cmd"] [] options;
+        environmentFiles = lib.attrsets.attrByPath ["envFiles"] [] options;
+        volumes =
+          [
            "/etc/localtime:/etc/localtime:ro"
-          ] ++ lib.attrsets.attrByPath [ "volumes" ] [ ] options;
-          ports = lib.attrsets.attrByPath [ "ports" ] [ ] options;
+          ]
+          ++ lib.attrsets.attrByPath ["volumes"] [] options;
+        ports = lib.attrsets.attrByPath ["ports"] [] options;
        extraOptions = containerExtraOptions;
      };
    }
@ -76,25 +75,28 @@
  # This creates two backup jobs:
  #   - nextcloud-local: backs up to local storage
  #   - nextcloud-remote: backs up to remote storage (e.g. S3)
-  lib.mySystem.mkRestic =
-    options:
-    let
+  lib.mySystem.mkRestic = options: let
    # excludePaths is optional
-      excludePaths = if builtins.hasAttr "excludePaths" options then options.excludePaths else [ ];
+    excludePaths =
+      if builtins.hasAttr "excludePaths" options
+      then options.excludePaths
+      else [];
    # Decide which mutually exclusive options to use
    remoteResticTemplateFile =
-        if builtins.hasAttr "remoteResticTemplateFile" options then
-          options.remoteResticTemplateFile
-        else
-          null;
+      if builtins.hasAttr "remoteResticTemplateFile" options
+      then options.remoteResticTemplateFile
+      else null;
    remoteResticTemplate =
-        if builtins.hasAttr "remoteResticTemplate" options then options.remoteResticTemplate else null;
+      if builtins.hasAttr "remoteResticTemplate" options
+      then options.remoteResticTemplate
+      else null;
    # 2:05 daily backup with 3h random delay
-      timerConfig = {
-        OnCalendar = "06:05"; # night snap is taken at 02:10
-        Persistent = true;
-        RandomizedDelaySec = "30m";
-      };
+    timerConfig = null;
+    #{
+    #OnCalendar = "00:20"; # night snap is taken at 02:10
+    #Persistent = true;
+    #RandomizedDelaySec = "30m";
+    #};
    # 7 daily, 5 weekly, 12 monthly backups
    pruneOpts = [
      "--keep-daily 7"
@ -108,8 +110,7 @@
      #
      ${pkgs.restic}/bin/restic unlock --remove-all || true
    '';
-    in
-    {
+  in {
    # local backup
    "${options.app}-local" = {
      inherit
@ -121,9 +122,11 @@
      inherit (options) user passwordFile environmentFile;
      # Move the path to the zfs snapshot path
      paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
-        exclude = map (
+      exclude =
+        map (
          x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
-        ) options.excludePaths;
+        )
+        options.excludePaths;
      repository = "${options.localResticTemplate}";
    };

@ -140,9 +143,11 @@
      paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
      repository = remoteResticTemplate;
      repositoryFile = remoteResticTemplateFile;
-        exclude = map (
+      exclude =
+        map (
          x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
-        ) options.excludePaths;
+        )
+        options.excludePaths;
    };
  };
 }