29 current 2025-10-07 15:47:05 25.05.20251001.5b5be50 6.12.49 *
This commit is contained in:
@@ -38,10 +38,12 @@ in
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
EnvironmentFile = config.modules.system.backups.passphraseFile;
|
EnvironmentFile = config.modules.system.backups.passphraseFile;
|
||||||
|
# the actual script borg is using
|
||||||
ExecStart = pkgs.writeShellScript "borg-backup" ''
|
ExecStart = pkgs.writeShellScript "borg-backup" ''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
export BORG_PASSPHRASE="$(cat ${passwd_file})"
|
export BORG_PASSPHRASE="$(cat ${passwd_file})"
|
||||||
export BORG_REPO="${cfg.repo}"
|
export BORG_REPO="${cfg.repo}"
|
||||||
|
timestamp="$(date +'%Y-%m-%dT%H:%M:%S')"
|
||||||
|
|
||||||
# Initialize repo if it doesn't exist
|
# Initialize repo if it doesn't exist
|
||||||
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
|
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
|
||||||
@@ -58,7 +60,7 @@ in
|
|||||||
--stats \
|
--stats \
|
||||||
--show-rc \
|
--show-rc \
|
||||||
--compression lz4 \
|
--compression lz4 \
|
||||||
"$BORG_REPO::${toString config.networking.hostName}-$(date +'%Y-%m-%dT%H:%M:%S')" \
|
"$BORG_REPO::${toString config.networking.hostName}-${timestamp}" \
|
||||||
${lib.concatStringsSep " " cfg.paths}
|
${lib.concatStringsSep " " cfg.paths}
|
||||||
|
|
||||||
# Prune old backups according to retention policy
|
# Prune old backups according to retention policy
|
||||||
@@ -68,11 +70,12 @@ in
|
|||||||
--keep-weekly=52 \
|
--keep-weekly=52 \
|
||||||
--keep-monthly=-1
|
--keep-monthly=-1
|
||||||
|
|
||||||
echo "Backup completed successfully."
|
echo "${timestamp} - backup completed successfully."
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# create timer to run backups daily
|
||||||
systemd.timers.backups = {
|
systemd.timers.backups = {
|
||||||
description = "daily borg backup timer";
|
description = "daily borg backup timer";
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
@@ -82,7 +85,15 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# install borg binary
|
||||||
environment.systemPackages = [ pkgs.borgbackup ];
|
environment.systemPackages = [ pkgs.borgbackup ];
|
||||||
|
|
||||||
|
# declare secret for repo password
|
||||||
|
sops.secrets = {
|
||||||
|
"borg_passwd" = {
|
||||||
|
owner = "root";
|
||||||
|
group = "root";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -40,17 +40,6 @@ in
|
|||||||
group = "root";
|
group = "root";
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
|
|
||||||
# owner = "nginx";
|
|
||||||
# group = "nginx";
|
|
||||||
# };
|
|
||||||
#
|
|
||||||
# "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable {
|
|
||||||
# owner = "nginx";
|
|
||||||
# group = "nginx";
|
|
||||||
# };
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user