{
config,
lib,
inputs,
...
}:
{
options.nixCommunity.backup = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
name = lib.mkOption {
type = lib.types.str;
};
after = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
startAt = lib.mkOption {
type = lib.types.enum [
"daily"
"hourly"
];
};
};
}
);
};
config = {
# 100GB storagebox is attached to the build02 server
sops.secrets.hetzner-borgbackup-ssh = {
sopsFile = "${inputs.self}/modules/secrets/backup.yaml";
};
programs.ssh.knownHosts.hetzner-storage-box = {
hostNames = [ "[u416406.your-storagebox.de]:23" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
services.borgbackup.jobs = builtins.listToAttrs (
builtins.map (backup: {
inherit (backup) name;
value = {
inherit (backup) paths startAt;
repo = "u416406@u416406.your-storagebox.de:/./${config.networking.hostName}-${backup.name}";
encryption.mode = "none";
compression = "auto,zstd";
environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}";
preHook = "set -x";
postHook = ''
cat > /var/log/telegraf/borgbackup-job-${backup.name}.service <<EOF
task,frequency=${backup.startAt} last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)"
EOF
'';
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = 0;
};
};
}) config.nixCommunity.backup
);
systemd.services = builtins.listToAttrs (
builtins.map (backup: {
name = "borgbackup-job-${backup.name}";
value = {
inherit (backup) after;
serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
serviceConfig.Restart = "on-failure";
};
}) config.nixCommunity.backup
);
};
}