2024-09-09 00:22:14 +00:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
inputs,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-09-13 01:50:53 +00:00
|
|
|
with lib; let
|
2024-09-09 00:22:14 +00:00
|
|
|
cat = "${pkgs.coreutils}/bin/cat";
|
|
|
|
|
|
|
|
|
|
cfg = config.custom.services.borgmatic;
|
2024-09-13 01:50:53 +00:00
|
|
|
in {
|
2024-09-09 00:22:14 +00:00
|
|
|
# https://wiki.nixos.org/wiki/Borg_backup
|
|
|
|
|
# https://github.com/borgmatic-collective/borgmatic
|
|
|
|
|
#!! Imperative initialization
|
|
|
|
|
#?? sudo borgmatic init -e repokey-blake2
|
|
|
|
|
#?? sudo borgmatic key export
|
|
|
|
|
#?? sudo borgmatic -v 1 create --progress --stats
|
|
|
|
|
options.custom.services.borgmatic = {
|
2024-09-13 01:50:53 +00:00
|
|
|
enable = mkOption {default = false;};
|
|
|
|
|
repositories = mkOption {default = [];};
|
|
|
|
|
sources = mkOption {default = [];};
|
2024-09-09 00:22:14 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
services.borgmatic = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
# https://torsion.org/borgmatic/docs/reference/configuration/
|
|
|
|
|
settings = {
|
2024-10-09 02:31:33 +00:00
|
|
|
archive_name_format = "{now:%Y-%m-%d %H:%M:%S}"; # Remove hostname
|
2024-09-09 00:22:14 +00:00
|
|
|
keep_daily = 7;
|
|
|
|
|
keep_weekly = 4;
|
|
|
|
|
keep_monthly = 1;
|
|
|
|
|
keep_yearly = 1;
|
|
|
|
|
retries = 10;
|
|
|
|
|
retry_wait = 60; # Additive seconds per retry
|
|
|
|
|
compression = "auto,zstd"; # Use heuristics to decide whether to compress with zstd
|
|
|
|
|
ssh_command = "ssh -i /etc/ssh/id_ed25519"; # !! Imperative key generation
|
2024-10-09 02:31:33 +00:00
|
|
|
encryption_passcommand = "${cat} ${config.age.secrets."${config.custom.profile}/borgmatic/borgbase".path}";
|
2024-09-09 00:22:14 +00:00
|
|
|
repositories = cfg.repositories;
|
|
|
|
|
source_directories = cfg.sources;
|
|
|
|
|
|
|
|
|
|
# TODO: Add more databases
|
|
|
|
|
#?? sudo borgmatic restore --archive latest
|
|
|
|
|
# postgresql_databases = [
|
|
|
|
|
# {
|
|
|
|
|
# name = "nextcloud";
|
|
|
|
|
# username = "nextcloud";
|
|
|
|
|
# pg_dump_command = "docker exec -i nextcloud-db pg_dump";
|
|
|
|
|
# pg_restore_command = "docker exec -i nextcloud-db pg_restore";
|
|
|
|
|
# psql_command = "docker exec -i nextcloud-db psql";
|
|
|
|
|
# }
|
|
|
|
|
|
|
|
|
|
# {
|
|
|
|
|
# name = "piped";
|
|
|
|
|
# username = "piped";
|
|
|
|
|
# pg_dump_command = "docker exec -i postgres pg_dump";
|
|
|
|
|
# pg_restore_command = "docker exec -i postgres pg_restore";
|
|
|
|
|
# psql_command = "docker exec -i postgres psql";
|
|
|
|
|
# }
|
|
|
|
|
# ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-09-13 01:50:53 +00:00
|
|
|
age.secrets = let
|
|
|
|
|
secret = filename: {file = "${inputs.self}/secrets/${filename}";};
|
|
|
|
|
in {
|
2024-10-09 02:31:33 +00:00
|
|
|
"${config.custom.profile}/borgmatic/borgbase" = secret "${config.custom.profile}/borgmatic/borgbase";
|
2024-09-13 01:50:53 +00:00
|
|
|
};
|
2024-09-09 00:22:14 +00:00
|
|
|
};
|
|
|
|
|
}
|
