backups and fish functions

This commit is contained in:
Noah Masur
2025-01-31 15:40:41 -05:00
parent b123ae3e69
commit e1f987e83b
13 changed files with 225 additions and 167 deletions

View File

@ -60,7 +60,7 @@ in
users.users.${config.user}.extraGroups = [ "calibre-web" ];
# Run a backup on a schedule
systemd.timers.calibre-backup = lib.mkIf config.backups.calibre {
systemd.timers.calibre-backup = {
timerConfig = {
OnCalendar = "*-*-* 00:00:00"; # Once per day
Unit = "calibre-backup.service";
@ -71,7 +71,7 @@ in
# Backup Calibre data to object storage
systemd.services.calibre-backup = {
description = "Backup Calibre data";
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId;
serviceConfig = {
Type = "oneshot";
User = "calibre-web";
@ -81,8 +81,8 @@ in
script = ''
${pkgs.awscli2}/bin/aws s3 sync \
${libraryPath}/ \
s3://${config.backup.s3.bucket}/calibre/ \
--endpoint-url=https://${config.backup.s3.endpoint}
s3://${config.nmasur.presets.services.litestream.s3.bucket}/calibre/ \
--endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint}
'';
};
};

View File

@ -0,0 +1,68 @@
# This is my setup for backing up SQlite databases and other systems to S3 or
# S3-equivalent services (like Backblaze B2).
{ config, lib, ... }:
let
cfg = config.nmasur.presets.services.litestream;
in
{
options.nmasur.presets.services.litestream = {
enable = lib.mkEnableOption "Litestream SQLite backups";
s3 = {
endpoint = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 endpoint for Litestream backups";
# default = null;
};
bucket = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 bucket for Litestream backups";
# default = null;
};
accessKeyId = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 access key ID for Litestream backups";
# default = null;
};
accessKeySecret = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "S3 secret key path for Litestream backups";
default = ../../../../../../private/backup.age;
};
};
};
config = lib.mkIf (cfg.enable) {
users.groups.backup = { };
secrets.litestream-backup = {
source = cfg.s3.accessKeySecret;
dest = "${config.secretsDirectory}/backup";
group = "backup";
permissions = "0440";
};
users.users.litestream.extraGroups = [ "backup" ];
services.litestream = {
enable = true;
environmentFile = config.secrets.litestream-backup.dest;
settings = { };
};
# Broken on 2024-08-23
# https://github.com/NixOS/nixpkgs/commit/0875d0ce1c778f344cd2377a5337a45385d6ffa0
insecurePackages = [ "litestream-0.3.13" ];
# Wait for secret to exist
systemd.services.litestream = {
after = [ "backup-secret.service" ];
requires = [ "backup-secret.service" ];
environment.AWS_ACCESS_KEY_ID = cfg.s3.accessKeyId;
};
};
}

View File

@ -0,0 +1,61 @@
{ config, lib, ... }:
let
cfg = config.nmasur.presets.services.restic;
in
{
options.nmasur.presets.services.restic = {
enable = lib.mkEnableOption "Restic backup service";
resticPassword = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "Password file path for Restic backups";
default = ../../../../../../private/restic.age;
};
s3 = {
endpoint = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 endpoint for Restic backups";
default = "s3.us-east-1.amazonaws.com";
};
bucket = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "S3 bucket for Restic backups";
default = null;
};
accessKeySecretPair = lib.mkOption {
type = lib.types.nullOr lib.types.path;
description = "Path to file containing S3 access and secret key for Restic backups";
default = ../../../../../../private/s3-glacier.age;
};
};
};
config = lib.mkIf (cfg.enable) {
secrets.restic-s3-creds = {
source = cfg.s3.accessKeySecretPair;
dest = "${config.secretsDirectory}/restic-s3-creds";
};
secrets.restic = {
source = cfg.resticPassword;
dest = "${config.secretsDirectory}/restic";
};
services.restic.backups = {
default = {
repository = "s3:${cfg.endpoint}/${cfg.s3.bucket}/restic";
paths = [ ];
environmentFile = config.secrets.restic-s3-creds.dest;
passwordFile = config.secrets.restic.dest;
pruneOpts = [
"--keep-daily 14"
"--keep-weekly 6"
"--keep-monthly 12"
"--keep-yearly 100"
];
};
};
};
}