dotfiles/modules/nixos/services/backups.nix

# This is my setup for backing up SQlite databases and other systems to S3 or
# S3-equivalent services (like Backblaze B2).

{ config, lib, ... }:
{

  options = {

    backup.s3 = {
      endpoint = lib.mkOption {
        type = lib.types.nullOr lib.types.str;
        description = "S3 endpoint for backups";
        default = null;
      };
      bucket = lib.mkOption {
        type = lib.types.nullOr lib.types.str;
        description = "S3 bucket for backups";
        default = null;
      };
      accessKeyId = lib.mkOption {
        type = lib.types.nullOr lib.types.str;
        description = "S3 access key ID for backups";
        default = null;
      };
    };
  };

  config = lib.mkIf (config.backup.s3.endpoint != null) {

    users.groups.backup = { };

    secrets.backup = {
      source = ../../../private/backup.age;
      dest = "${config.secretsDirectory}/backup";
      group = "backup";
      permissions = "0440";
    };

    users.users.litestream.extraGroups = [ "backup" ];

    services.litestream = {
      enable = true;
      environmentFile = config.secrets.backup.dest;
      settings = { };
    };

    # Broken on 2024-08-23
    # https://github.com/NixOS/nixpkgs/commit/0875d0ce1c778f344cd2377a5337a45385d6ffa0
    nixpkgs.config.permittedInsecurePackages = [ "litestream-0.3.13" ];

    # Wait for secret to exist
    systemd.services.litestream = {
      after = [ "backup-secret.service" ];
      requires = [ "backup-secret.service" ];
      environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
    };

    # # Backup library to object storage
    # services.restic.backups.calibre = {
    #   user = "calibre-web";
    #   repository =
    #     "s3://${config.backup.s3.endpoint}/${config.backup.s3.bucket}/calibre";
    #   paths = [
    #     "/var/books"
    #     "/var/lib/calibre-web/app.db"
    #     "/var/lib/calibre-web/gdrive.db"
    #   ];
    #   initialize = true;
    #   timerConfig = { OnCalendar = "00:05:00"; };
    #   environmentFile = backup.s3File;
    # };
  };
}
add more services documentation 2024-01-10 04:11:11 +00:00			`# This is my setup for backing up SQlite databases and other systems to S3 or`
			`# S3-equivalent services (like Backblaze B2).`

move all files to new nixfmt rfc 2024-04-20 13:42:06 +00:00			`{ config, lib, ... }:`
			`{`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00
			`options = {`

convert to proper module layout 2022-12-21 21:18:03 +00:00			`backup.s3 = {`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`endpoint = lib.mkOption {`
fix desktop to work with refactor 2023-01-21 14:29:03 +00:00			`type = lib.types.nullOr lib.types.str;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`description = "S3 endpoint for backups";`
convert to proper module layout 2022-12-21 21:18:03 +00:00			`default = null;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`};`
			`bucket = lib.mkOption {`
fix desktop to work with refactor 2023-01-21 14:29:03 +00:00			`type = lib.types.nullOr lib.types.str;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`description = "S3 bucket for backups";`
convert to proper module layout 2022-12-21 21:18:03 +00:00			`default = null;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`};`
			`accessKeyId = lib.mkOption {`
fix desktop to work with refactor 2023-01-21 14:29:03 +00:00			`type = lib.types.nullOr lib.types.str;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`description = "S3 access key ID for backups";`
convert to proper module layout 2022-12-21 21:18:03 +00:00			`default = null;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`};`
			`};`
			`};`

fix desktop to work with refactor 2023-01-21 14:29:03 +00:00			`config = lib.mkIf (config.backup.s3.endpoint != null) {`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00
backup calibre data 2022-10-16 03:47:21 +00:00			`users.groups.backup = { };`

reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`secrets.backup = {`
enable backups without any specific 2023-02-28 02:02:45 +00:00			`source = ../../../private/backup.age;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`dest = "${config.secretsDirectory}/backup";`
backup calibre data 2022-10-16 03:47:21 +00:00			`group = "backup";`
			`permissions = "0440";`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`};`

vaultwarden automated backups 2022-10-16 19:06:56 +00:00			`users.users.litestream.extraGroups = [ "backup" ];`

			`services.litestream = {`
			`enable = true;`
			`environmentFile = config.secrets.backup.dest;`
enable backups without any specific 2023-02-28 02:02:45 +00:00			`settings = { };`
vaultwarden automated backups 2022-10-16 19:06:56 +00:00			`};`

temp: allow litestream though insecure 2024-09-14 21:57:05 +00:00			`# Broken on 2024-08-23`
			`# https://github.com/NixOS/nixpkgs/commit/0875d0ce1c778f344cd2377a5337a45385d6ffa0`
			`nixpkgs.config.permittedInsecurePackages = [ "litestream-0.3.13" ];`

vaultwarden automated backups 2022-10-16 19:06:56 +00:00			`# Wait for secret to exist`
			`systemd.services.litestream = {`
			`after = [ "backup-secret.service" ];`
			`requires = [ "backup-secret.service" ];`
fix: bad references for server linux 2022-12-22 00:31:25 +00:00			`environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;`
vaultwarden automated backups 2022-10-16 19:06:56 +00:00			`};`

reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`# # Backup library to object storage`
			`# services.restic.backups.calibre = {`
			`# user = "calibre-web";`
			`# repository =`
fix: bad references for server linux 2022-12-22 00:31:25 +00:00			`# "s3://${config.backup.s3.endpoint}/${config.backup.s3.bucket}/calibre";`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`# paths = [`
			`# "/var/books"`
			`# "/var/lib/calibre-web/app.db"`
			`# "/var/lib/calibre-web/gdrive.db"`
			`# ];`
			`# initialize = true;`
			`# timerConfig = { OnCalendar = "00:05:00"; };`
fix: bad references for server linux 2022-12-22 00:31:25 +00:00			`# environmentFile = backup.s3File;`
reencrypt secrets and fix nextcloud backups 2022-10-16 03:18:58 +00:00			`# };`
			`};`
			`}`