diff --git a/modules/system/backups.nix b/modules/system/backups.nix index 092cb55..23e04b4 100644 --- a/modules/system/backups.nix +++ b/modules/system/backups.nix @@ -38,10 +38,12 @@ in serviceConfig = { Type = "oneshot"; EnvironmentFile = config.modules.system.backups.passphraseFile; + # the actual script borg is using ExecStart = pkgs.writeShellScript "borg-backup" '' set -euo pipefail export BORG_PASSPHRASE="$(cat ${passwd_file})" export BORG_REPO="${cfg.repo}" + timestamp="$(date +'%Y-%m-%dT%H:%M:%S')" # Initialize repo if it doesn't exist if ! borg info "$BORG_REPO" >/dev/null 2>&1; then @@ -58,7 +60,7 @@ in --stats \ --show-rc \ --compression lz4 \ - "$BORG_REPO::${toString config.networking.hostName}-$(date +'%Y-%m-%dT%H:%M:%S')" \ + "$BORG_REPO::${toString config.networking.hostName}-${timestamp}" \ ${lib.concatStringsSep " " cfg.paths} # Prune old backups according to retention policy @@ -68,11 +70,12 @@ in --keep-weekly=52 \ --keep-monthly=-1 - echo "Backup completed successfully." + echo "${timestamp} - backup completed successfully." ''; }; }; + # create timer to run backups daily systemd.timers.backups = { description = "daily borg backup timer"; wantedBy = [ "timers.target" ]; @@ -82,7 +85,15 @@ in }; }; + # install borg binary environment.systemPackages = [ pkgs.borgbackup ]; + + # declare secret for repo password + sops.secrets = { + "borg_passwd" = { + owner = "root"; + group = "root"; + }; }; } diff --git a/modules/system/sops.nix b/modules/system/sops.nix index 2ec9a78..a63f45e 100644 --- a/modules/system/sops.nix +++ b/modules/system/sops.nix @@ -40,17 +40,6 @@ in group = "root"; neededForUsers = true; }; - -# "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable { -# owner = "nginx"; -# group = "nginx"; -# }; -# -# "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable { -# owner = "nginx"; -# group = "nginx"; -# }; - }; }; };