58 lines
1.5 KiB
Nix
58 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let cfg = config.within.backups;
|
|
in with lib; {
|
|
options.within.backups = {
|
|
enable = mkEnableOption "Enables per-host backups to rsync.net";
|
|
paths = mkOption {
|
|
type = with types; listOf str;
|
|
default = [ "/home" "/srv" "/var/lib" "/root" ];
|
|
description = "paths to backup to rsync.net";
|
|
};
|
|
exclude = mkOption {
|
|
type = with types; listOf str;
|
|
default = [
|
|
"/var/lib/docker"
|
|
"/var/lib/systemd"
|
|
"/var/lib/libvirt"
|
|
"'**/.cache'"
|
|
"'**/.nix-profile'"
|
|
"'**/.elm'"
|
|
"'**/.emacs.d'"
|
|
];
|
|
description = "paths to NOT backup to rsync.net";
|
|
};
|
|
repo = mkOption {
|
|
type = types.str;
|
|
description = "Repo to submit backups to";
|
|
};
|
|
};
|
|
|
|
config = mkIf config.within.backups.enable {
|
|
services.borgbackup.jobs."borgbase" = {
|
|
paths = cfg.paths;
|
|
exclude = cfg.exclude;
|
|
repo = cfg.repo;
|
|
encryption = {
|
|
mode = "repokey-blake2";
|
|
passCommand = "cat /root/borgbackup_passphrase";
|
|
};
|
|
environment.BORG_RSH = "ssh -i /root/borgbackup_ssh_key";
|
|
compression = "auto,lzma";
|
|
startAt = "daily";
|
|
extraArgs = "--remote-path=borg1";
|
|
};
|
|
|
|
age.secrets = {
|
|
borgbackup-passphrase = {
|
|
file = ../../secret/borgbackup_passphrase;
|
|
path = "/root/borgbackup_passphrase";
|
|
};
|
|
borgbackup-ssh-key = {
|
|
file = ../../secret/borgbackup_ssh_key;
|
|
path = "/root/borgbackup_ssh_key";
|
|
};
|
|
};
|
|
};
|
|
}
|