29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *

2025-10-07 16:31:05 -05:00
parent 62011f0d74
commit 82fec595e5
2 changed files with 13 additions and 13 deletions
--- a/modules/system/backups.nix
+++ b/modules/system/backups.nix
@@ -38,10 +38,12 @@ in
      serviceConfig = {
        Type = "oneshot";
        EnvironmentFile = config.modules.system.backups.passphraseFile;
+        # the actual script borg is using
        ExecStart = pkgs.writeShellScript "borg-backup" ''
          set -euo pipefail
          export BORG_PASSPHRASE="$(cat ${passwd_file})"
          export BORG_REPO="${cfg.repo}"
+          timestamp="$(date +'%Y-%m-%dT%H:%M:%S')"

          # Initialize repo if it doesn't exist
          if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
@@ -58,7 +60,7 @@ in
            --stats \
            --show-rc \
            --compression lz4 \
-            "$BORG_REPO::${toString config.networking.hostName}-$(date +'%Y-%m-%dT%H:%M:%S')" \
+            "$BORG_REPO::${toString config.networking.hostName}-${timestamp}" \
            ${lib.concatStringsSep " " cfg.paths}

          # Prune old backups according to retention policy
@@ -68,11 +70,12 @@ in
            --keep-weekly=52 \
            --keep-monthly=-1

-          echo "Backup completed successfully."
+          echo "${timestamp} - backup completed successfully."
        '';
      };
    };

+    # create timer to run backups daily
    systemd.timers.backups = {
      description = "daily borg backup timer";
      wantedBy = [ "timers.target" ];
@@ -82,7 +85,15 @@ in
      };
    };

+    # install borg binary
    environment.systemPackages = [ pkgs.borgbackup ];
+
+    # declare secret for repo password
+    sops.secrets = {
+      "borg_passwd" = { 
+        owner = "root";
+        group = "root";
+      };
  };
 }