blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: blake:2f77f3b3a3c0ad313e91f04b2a0a51a39b7c2cbd
Branches Tags
blake:trunk
..
compare: blake:f2c320d9ee80c2c8f3973903b82f8ef4b5ddcf2a
Branches Tags
blake:trunk

10 Commits
2f77f3b3a3 ... f2c320d9ee

Author SHA1 Message Date
blake
f2c320d9ee fix immich 2025-10-18 15:09:50 -05:00
blake
76d3410702 new backup browser 2025-10-18 15:00:50 -05:00
blake
256b532938 deadass fix it this time 2025-10-18 14:29:58 -05:00
blake
27fb031175 fix perms script 2025-10-18 14:23:46 -05:00
blake
eef0c8cf27 fix timing 2025-10-18 14:01:34 -05:00
blake
643ab0958c restructure backups 2025-10-18 13:51:23 -05:00
blake
f597616843 update new backups 2025-10-18 12:58:00 -05:00
blake
e4378fc6fe tee hee 2025-10-18 02:29:14 -05:00
blake
bb65d89c39 add reformatted backups as test 2025-10-18 02:04:48 -05:00
blake
93a3b83127 qtesting home man structure for macos support 2025-10-18 01:11:38 -05:00
31 changed files with 526 additions and 265 deletions
Expand all files Collapse all files

0
bin/backup_browse.sh → bin/backup_browse_old.sh
View File

73
bin/lf_borg.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/env bash
set -euo pipefail
# --- Configuration ---
DEFAULT_REPO="/holocron/archives/homelab"
SECRET_PATH="/run/secrets/borg_passwd"
# --- Usage ---
# ./browse-borg-root.sh [optional-path-to-repo]
REPO="${1:-$DEFAULT_REPO}"
# --- Always escalate to root at start ---
if [[ $EUID -ne 0 ]]; then
exec sudo --preserve-env=BORG_PASSPHRASE,BORG_REPO "$0" "$@"
fi
# --- Determine passphrase ---
if [[ -z "${BORG_PASSPHRASE:-}" ]]; then
if [[ "$REPO" == /holocron* && -f "$SECRET_PATH" ]]; then
echo "Using default Borg passphrase from $SECRET_PATH"
BORG_PASSPHRASE=$(<"$SECRET_PATH")
else
read -rsp "Enter Borg passphrase: " BORG_PASSPHRASE
echo
fi
fi
export BORG_PASSPHRASE
# --- Check dependencies ---
for cmd in borg fzf lf; do
if ! command -v "$cmd" &>/dev/null; then
echo "Error: '$cmd' is required but not installed." >&2
exit 1
fi
done
# --- Verify repo exists ---
if [[ ! -d "$REPO" ]]; then
echo "Error: repository path '$REPO' not found."
exit 1
fi
# --- List archives (newest on bottom) ---
archives=$(borg list --format "{archive} {time}\n" "$REPO" \
| sort -k2 \
| awk '{print $1}')
if [[ -z "$archives" ]]; then
echo "No archives found in $REPO"
exit 0
fi
# --- Select archive with fzf ---
archive=$(echo "$archives" | fzf --reverse --prompt="Select archive: ")
if [[ -z "$archive" ]]; then
echo "No archive selected."
exit 0
fi
# --- Mount ---
MOUNT_DIR=$(mktemp -d -t borg-mnt-XXXXXX)
echo "Mounting archive '$archive' at $MOUNT_DIR..."
cleanup() {
echo "Unmounting archive..."
borg umount "$MOUNT_DIR" >/dev/null 2>&1 || true
rmdir "$MOUNT_DIR" >/dev/null 2>&1 || true
}
trap cleanup EXIT INT TERM
borg mount "$REPO::$archive" "$MOUNT_DIR"
lf "$MOUNT_DIR"

11
modules/holocron/perms/default.nix
View File

@@ -29,20 +29,23 @@ in {
# Fix ownership for archives directory # Fix ownership for archives directory
echo "starting ${archives_path}" echo "starting ${archives_path}"
chown -Rc root:archives ${archives_path} chown -Rc root:archives ${archives_path}
chmod -Rc 2770 ${archives_path} find "${archives_path}" -type d -exec chmod 2770 "$@" {} +
find "${archives_path}" -type f -exec chmod 660 "$@" {} +
# Fix ownership for media directory # Fix ownership for media directory
echo "starting ${media_path}" echo "starting ${media_path}"
chown -Rc root:media ${media_path} chown -Rc root:media ${media_path}
chmod -Rc 2770 ${media_path} find "${media_path}" -type d -exec chmod 2770 "$@" {} +
find "${media_path}" -type f -exec chmod 660 "$@" {} +
# Fix user directories # Fix user directories
for user_dir in ${users_path}/*; do for user_dir in ${users_path}/*; do
if [ -d "$user_dir" ]; then if [ -d "$user_dir" ]; then
user=$(basename "$user_dir") user=$(basename "$user_dir")
echo "starting $user_dir" echo "starting $user_dir"
chown -Rc "$user:$user" "$user_dir" chown -Rc $user:$user $user_dir
chmod -Rc 770 "$user_dir" find $user_dir -type d -exec chmod 2770 "$@" {} +
find $user_dir -type f -exec chmod 660 "$@" {} +
fi fi
done done
echo "fin" echo "fin"

2
modules/holocron/smb/default.nix
View File

@@ -19,8 +19,10 @@ let
timemachine = { timemachine = {
browseable = true; browseable = true;
"path" = "/holocron/archives/timemachine"; "path" = "/holocron/archives/timemachine";
#"valid users" = "blake";
"public" = "no"; "public" = "no";
"writeable" = "yes"; "writeable" = "yes";
#"force user" = "blake";
"fruit:aapl" = "yes"; "fruit:aapl" = "yes";
"fruit:time machine" = "yes"; "fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr"; "vfs objects" = "catia fruit streams_xattr";

2
modules/homelab/arr/bazarr/default.nix
View File

@@ -92,7 +92,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/arr/prowlarr/default.nix
View File

@@ -94,7 +94,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/arr/radarr/default.nix
View File

@@ -97,7 +97,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/arr/sonarr/default.nix
View File

@@ -95,7 +95,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/audiobookshelf/default.nix
View File

@@ -98,7 +98,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/caddy/default.nix
View File

@@ -95,7 +95,7 @@ in
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

37
modules/homelab/default.nix
View File

@@ -37,6 +37,16 @@ in
type = lib.types.str; type = lib.types.str;
description = "base domain used for reverse proxy"; description = "base domain used for reverse proxy";
}; };
baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
backup_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/homelab";
description = "path to take daily backups to with borg!";
};
}; };
# the order determines the order in glance :3 # the order determines the order in glance :3
@@ -73,5 +83,32 @@ in
group = cfg.media_group; group = cfg.media_group;
}; };
}; };
# backups homelab with borg
services.borgbackup.jobs.homelab = {
archiveBaseName = "homelab";
repo = cfg.backup_repo;
paths = lib.flatten (lib.attrsets.mapAttrsToList (_: arg: arg.paths) config.system.backups.baks);
compression = "auto,zstd";
startAt = "daily";
group = "archives";
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.sops.secrets."borg_passwd".path}";
extraArgs = ["--verbose" "--show-rc" "--umask" "0007"];
extraCreateArgs = ["--list" "--stats" "--filter" "AME"];
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 12;
monthly = -1; # Keep at least one archive for each month
};
};
sops.secrets = {
"borg_passwd" = {
owner = "root";
group = "root";
};
};
}; };
} }

2
modules/homelab/gitea/default.nix
View File

@@ -125,7 +125,7 @@ in
}; };
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/glance/default.nix
View File

@@ -313,7 +313,7 @@ in
}; };
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { ${service} = {
paths = [ cfg.data_dir ]; paths = [ cfg.data_dir ];
}; };

2
modules/homelab/home/homeassistant/default.nix
View File

@@ -109,7 +109,7 @@ in
icon = "di:${nixservice}"; }]; icon = "di:${nixservice}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/home/mosquitto/default.nix
View File

@@ -92,7 +92,7 @@ in
}; };
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/home/zigbee2mqtt/default.nix
View File

@@ -123,7 +123,7 @@ in
}; };
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/immich/default.nix
View File

@@ -108,7 +108,7 @@ in {
]; ];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backup/postgresql/immich.sql.zstd"];}; ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backup/postgresql/immich.sql.zstd"];};
}; };
}; };

2
modules/homelab/jellyfin/default.nix
View File

@@ -93,7 +93,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

119
modules/homelab/minecraft_recpro/default.nix
View File

@@ -1,17 +1,32 @@
{ pkgs, config, lib, ... }: {
pkgs,
let config,
lib,
...
}: let
service = "minecraft_recpro"; service = "minecraft_recpro";
cfg = config.gameservers.${service}; cfg = config.gameservers.${service};
sec = config.sops.secrets; sec = config.sops.secrets;
servers = { servers = {
velocity = { data_dir = "/var/lib/gameservers/minecraft_recpro/velocity"; ram = "2G"; }; velocity = {
smp = { data_dir = "/var/lib/gameservers/minecraft_recpro/smp"; ram = "12G"; }; data_dir = "/var/lib/gameservers/minecraft_recpro/velocity";
superflat = { data_dir = "/var/lib/gameservers/minecraft_recpro/superflat"; ram = "4G"; }; db_dumb_dir = "/var/backup/mysql/${service}_db.zst";
bento = { data_dir = "/var/lib/gameservers/minecraft_recpro/bento"; ram = "2G"; }; ram = "2G";
};
smp = {
data_dir = "/var/lib/gameservers/minecraft_recpro/smp";
ram = "12G";
};
superflat = {
data_dir = "/var/lib/gameservers/minecraft_recpro/superflat";
ram = "4G";
};
bento = {
data_dir = "/var/lib/gameservers/minecraft_recpro/bento";
ram = "2G";
};
}; };
in in {
{
options.gameservers.${service} = { options.gameservers.${service} = {
enable = lib.mkEnableOption "enables ${service}"; enable = lib.mkEnableOption "enables ${service}";
url = lib.mkOption { url = lib.mkOption {
@@ -38,12 +53,16 @@ in
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
default = "velocity"; default = "velocity";
}; };
backup_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/gameservers/minecraft/recpro_stack";
description = "path to take hourly backups to with borg!";
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare ${service} group # declare ${service} group
users.groups.minecraft = { gid = lib.mkForce cfg.ids; }; users.groups.minecraft = {gid = lib.mkForce cfg.ids;};
# declare ${service} user # declare ${service} user
users.users.minecraft = { users.users.minecraft = {
@@ -55,37 +74,41 @@ in
extraGroups = []; extraGroups = [];
}; };
systemd.tmpfiles.rules = lib.attrsets.mapAttrsToList (name: cfg: systemd.tmpfiles.rules =
"d ${cfg.data_dir} 0770 minecraft minecraft -" lib.attrsets.mapAttrsToList (
) servers; name: cfg: "d ${cfg.data_dir} 0770 minecraft minecraft -"
)
servers;
# Create a systemd service per server running in tmux # Create a systemd service per server running in tmux
systemd.services = lib.attrsets.mapAttrs (name: srv: { systemd.services =
description = "minecraft_recpro: ${name}"; lib.attrsets.mapAttrs (name: srv: {
after = [ "network.target" ]; description = "minecraft_recpro: ${name}";
wants = [ "network.target" ]; after = ["network.target"];
serviceConfig = { wants = ["network.target"];
User = "minecraft"; serviceConfig = {
Group = "minecraft"; User = "minecraft";
WorkingDirectory = srv.data_dir; Group = "minecraft";
UMask = "0007"; WorkingDirectory = srv.data_dir;
ExecStart = "${pkgs.openjdk21}/bin/java -Xmx${srv.ram} -jar server.jar nogui"; UMask = "0007";
Restart = "on-failure"; ExecStart = "${pkgs.openjdk21}/bin/java -Xmx${srv.ram} -jar server.jar nogui";
KillMode = "process"; Restart = "on-failure";
}; KillMode = "process";
wantedBy = [ "multi-user.target" ]; };
}) servers; wantedBy = ["multi-user.target"];
})
servers;
environment.systemPackages = with pkgs; [ openjdk21 mcrcon ]; environment.systemPackages = with pkgs; [openjdk21 mcrcon];
services.mysql = { services.mysql = {
enable = true; enable = true;
package = pkgs.mariadb; package = pkgs.mariadb;
ensureDatabases = [ "minecraft_recpro_db" ]; ensureDatabases = ["minecraft_recpro_db"];
ensureUsers = [ ensureUsers = [
{ {
name = "minecraft"; name = "minecraft";
ensurePermissions = { "minecraft_recpro_db.*" = "ALL PRIVILEGES"; }; ensurePermissions = {"minecraft_recpro_db.*" = "ALL PRIVILEGES";};
} }
]; ];
initialScript = pkgs.writeText "minecraft_recpro-init.sql" '' initialScript = pkgs.writeText "minecraft_recpro-init.sql" ''
@@ -96,7 +119,7 @@ in
}; };
# open firewall # open firewall
networking.firewall.allowedTCPPorts = [ 25777 25565 25566 25567 ]; networking.firewall.allowedTCPPorts = [25777 25565 25566 25567];
sops.secrets = { sops.secrets = {
"velocity_forwarding" = { "velocity_forwarding" = {
@@ -109,17 +132,27 @@ in
owner = "mysql"; owner = "mysql";
group = "mysql"; group = "mysql";
}; };
}; };
# add to backups # backups minecraft_recpro with borg!
system.backups.gameserver_baks = lib.listToAttrs ( services.borgbackup.jobs.${service} = {
lib.mapAttrsToList (srv_name: cfg: archiveBaseName = service;
{ repo = cfg.backup_repo;
name = srv_name; # attribute key paths = lib.flatten (lib.attrValues (lib.mapAttrs (_: srv: [srv.data_dir]) servers));
value = { paths = [ cfg.data_dir "/var/backup/mysql/${service}_db.zst" ]; }; # attribute value compression = "auto,zstd";
} startAt = "*-*-* *:00:00";
) servers group = "archives";
); encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.sops.secrets."borg_passwd".path}";
extraArgs = ["--verbose" "--show-rc" "--umask" "0007"];
extraCreateArgs = ["--list" "--stats" "--filter" "AME"];
prune.keep = {
within = "1d"; # Keep all archives from the last day
hourly = 24;
daily = 7;
weekly = 12;
monthly = -1; # Keep at least one archive for each month
};
};
}; };
} }

8
modules/homelab/motd/default.nix
View File

@@ -94,13 +94,5 @@ in {
programs.zsh.interactiveShellInit = '' programs.zsh.interactiveShellInit = ''
/etc/motd /etc/motd
''; '';
#environment.loginShellInit = ''
# if [ -x /etc/motd ]; then
# /etc/motd
# else
# cat /etc/motd
# fi
#'';
}; };
} }

2
modules/homelab/qbittorrent/default.nix
View File

@@ -131,7 +131,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/uptime-kuma/default.nix
View File

@@ -93,7 +93,7 @@ in
icon = "di:${service}"; }]; icon = "di:${service}"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/vaultwarden/default.nix
View File

@@ -113,7 +113,7 @@ in
}; };
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

2
modules/homelab/yacreader/default.nix
View File

@@ -101,7 +101,7 @@ in
icon = "di:yac-reader"; }]; icon = "di:yac-reader"; }];
# add to backups # add to backups
system.backups.baks = { homelab.baks = {
${service} = { paths = [ cfg.data_dir ]; }; ${service} = { paths = [ cfg.data_dir ]; };
}; };
}; };

193
modules/system/backups/default.nix
View File

@@ -58,200 +58,13 @@ in {
config = lib.mkIf (cfg.enable && cfg.baks != {}) { config = lib.mkIf (cfg.enable && cfg.baks != {}) {
# create and or set perms for repo dirs
systemd.tmpfiles.rules = [
"d ${cfg.repo} 2770 root archives - -"
"d ${cfg.gameserver_repo} 2770 root archives - -"
];
# create servie to backup services
systemd.services.backups = {
description = "backup services with borg!";
path = [pkgs.borgbackup];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "archives"; # make perms shake out
UMask = "0007"; # make perms shake out
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-backup" ''
backup() {
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
export BORG_REPO="${cfg.repo}"
timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
mode=split
# init repo in needed
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
echo "Initializing Borg repo at $BORG_REPO"
borg init --encryption=repokey "$BORG_REPO"
fi
borg break-lock "$BORG_REPO" || true
echo "starting backup at $timestamp"
if [ "$mode" = "split" ]; then
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::$archive" \
${lib.concatStringsSep " " bak_paths.paths}
echo "pruning old backups for ${bak_name}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${bak_name}" \
--keep-daily=7 \
--keep-weekly=52 \
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::$archive\""
''
)
cfg.baks)}
exit 0
else
# flatten all paths from cfg.baks into one big list
all_paths="${
lib.concatStringsSep " "
(lib.flatten
(lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
}"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lzma,9 \
"$BORG_REPO::$timestamp-${toString config.networking.hostName}" \
$all_paths
echo "pruning old backups for ${toString config.networking.hostName}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${toString config.networking.hostName}" \
--keep-daily=7 \
--keep-weekly=52 \
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::${toString config.networking.hostName}\""
exit 0
fi
}
start_time=$(date +%s)
backup
end_time=$(date +%s)
exec_time=$((end_time - start_time))
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
echo ""
echo "backup stats:"
echo "exec time: $exec_time"
echo "cpu usage: $cpu_usage"
'';
};
};
# create timer to run backups daily
systemd.timers.backups = {
description = "daily borg backup timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "04:00";
Persistent = true;
};
};
# create servie to backup gameservers (back these up hourly)
systemd.services.gameserver_backups = {
description = "backup services with borg!";
path = [pkgs.borgbackup];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "archives"; # make perms shake out
UMask = "0007"; # make perms shake out
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-gameserver_backup" ''
backup() {
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
export BORG_REPO="${cfg.gameserver_repo}"
timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
# init repo in needed
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
echo "Initializing Borg repo at $BORG_REPO"
borg init --encryption=repokey "$BORG_REPO"
fi
borg break-lock "$BORG_REPO" || true
echo "starting backup at $timestamp"
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::$archive" \
${lib.concatStringsSep " " bak_paths.paths}
echo "pruning old backups for ${bak_name}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${bak_name}" \
--keep-hourly=24 \
--keep-daily=7 \
--keep-weekly=12 \
--keep-monthly=12
echo "backup run complete at \"$BORG_REPO::$archive\""
''
)
cfg.gameserver_baks)}
exit 0
}
start_time=$(date +%s)
backup
end_time=$(date +%s)
exec_time=$((end_time - start_time))
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
echo ""
echo "backup stats:"
echo "exec time: $exec_time"
echo "cpu usage: $cpu_usage"
'';
};
};
# create timer to run backups daily
systemd.timers.gameserver_backups = {
description = "daily borg backup timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* *:01:00"; # every hour, at :01 (one min after db dump)
Persistent = true;
};
};
# db backups # db backups
services.mysqlBackup = lib.mkIf config.services.mysql.enable { services.mysqlBackup = lib.mkIf config.services.mysql.enable {
# mc servers use this # mc servers use this
enable = true; enable = true;
location = "/var/backup/mysql"; location = "/var/backup/mysql";
user = "root"; user = "root";
calendar = "*-*-* *:00:00"; calendar = "*-*-* *:59:50";
compressionAlg = "zstd"; compressionAlg = "zstd";
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
}; };
@@ -260,12 +73,12 @@ in {
enable = true; enable = true;
location = "/var/backup/postgresql"; location = "/var/backup/postgresql";
compression = "zstd"; # optional: "xz", "zstd", "none" compression = "zstd"; # optional: "xz", "zstd", "none"
startAt = "03:58"; startAt = "03:59";
databases = ["immich"]; # set to all databases defined in esure databases databases = ["immich"]; # set to all databases defined in esure databases
#databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases #databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
}; };
# install borg binary # helpful
environment.systemPackages = with pkgs; [borgbackup tree]; environment.systemPackages = with pkgs; [borgbackup tree];
# declare secret for repo password # declare secret for repo password

279
modules/system/backups/default.nix.old Normal file
View File

@@ -0,0 +1,279 @@
{
config,
lib,
pkgs,
...
}:
/*
this module enables a backup script made with borg!
to use import & set the options below
to declare a backup add the following code
to a module and it will backup all listed paths
in a borg archive to the specified repo
| <3yy> |
V V
system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
*/
let
cfg = config.system.backups;
sec = config.sops.secrets;
borg = "${pkgs.borgbackup}/bin/borg";
in {
options.system.backups = {
enable = lib.mkEnableOption "enables backups with borg";
baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
gameserver_baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs for game servers, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/devices/snowbelle";
description = "borg repository path";
};
gameserver_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/gameservers/borg";
description = "borg repository path";
};
passwd_file = lib.mkOption {
type = lib.types.path;
default = sec."borg_passwd".path;
description = "borg repository passphrase file";
};
mode = lib.mkOption {
type = lib.types.str;
default = "split"; # "all"
description = "choice between creating one archive of all paths or one archive per service";
};
};
config = lib.mkIf (cfg.enable && cfg.baks != {}) {
# create and or set perms for repo dirs
systemd.tmpfiles.rules = [
"d ${cfg.repo} 2770 root archives - -"
"d ${cfg.gameserver_repo} 2770 root archives - -"
];
# create servie to backup services
systemd.services.backups = {
description = "backup services with borg!";
path = [pkgs.borgbackup];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "archives"; # make perms shake out
UMask = "0007"; # make perms shake out
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-backup" ''
backup() {
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
export BORG_REPO="${cfg.repo}"
timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
mode=split
# init repo in needed
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
echo "Initializing Borg repo at $BORG_REPO"
borg init --encryption=repokey "$BORG_REPO"
fi
borg break-lock "$BORG_REPO" || true
echo "starting backup at $timestamp"
if [ "$mode" = "split" ]; then
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::$archive" \
${lib.concatStringsSep " " bak_paths.paths}
echo "pruning old backups for ${bak_name}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${bak_name}" \
--keep-daily=7 \
--keep-weekly=52 \
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::$archive\""
''
)
cfg.baks)}
exit 0
else
# flatten all paths from cfg.baks into one big list
all_paths="${
lib.concatStringsSep " "
(lib.flatten
(lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
}"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lzma,9 \
"$BORG_REPO::$timestamp-${toString config.networking.hostName}" \
$all_paths
echo "pruning old backups for ${toString config.networking.hostName}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${toString config.networking.hostName}" \
--keep-daily=7 \
--keep-weekly=52 \
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::${toString config.networking.hostName}\""
exit 0
fi
}
start_time=$(date +%s)
backup
end_time=$(date +%s)
exec_time=$((end_time - start_time))
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
echo ""
echo "backup stats:"
echo "exec time: $exec_time"
echo "cpu usage: $cpu_usage"
'';
};
};
# create timer to run backups daily
systemd.timers.backups = {
description = "daily borg backup timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "04:00";
Persistent = true;
};
};
# create servie to backup gameservers (back these up hourly)
systemd.services.gameserver_backups = {
description = "backup services with borg!";
path = [pkgs.borgbackup];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "archives"; # make perms shake out
UMask = "0007"; # make perms shake out
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-gameserver_backup" ''
backup() {
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
export BORG_REPO="${cfg.gameserver_repo}"
timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
# init repo in needed
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
echo "Initializing Borg repo at $BORG_REPO"
borg init --encryption=repokey "$BORG_REPO"
fi
borg break-lock "$BORG_REPO" || true
echo "starting backup at $timestamp"
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::$archive" \
${lib.concatStringsSep " " bak_paths.paths}
echo "pruning old backups for ${bak_name}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${bak_name}" \
--keep-hourly=24 \
--keep-daily=7 \
--keep-weekly=12 \
--keep-monthly=12
echo "backup run complete at \"$BORG_REPO::$archive\""
''
)
cfg.gameserver_baks)}
exit 0
}
start_time=$(date +%s)
backup
end_time=$(date +%s)
exec_time=$((end_time - start_time))
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
echo ""
echo "backup stats:"
echo "exec time: $exec_time"
echo "cpu usage: $cpu_usage"
'';
};
};
# create timer to run backups daily
systemd.timers.gameserver_backups = {
description = "daily borg backup timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* *:00:00"; # every hour, at :01 (one min after db dump)
Persistent = true;
};
};
# db backups
services.mysqlBackup = lib.mkIf config.services.mysql.enable {
# mc servers use this
enable = true;
location = "/var/backup/mysql";
user = "root";
calendar = "*-*-* *:59:00";
compressionAlg = "zstd";
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
};
services.postgresqlBackup = lib.mkIf config.services.postgresql.enable {
# immich uses this
enable = true;
location = "/var/backup/postgresql";
compression = "zstd"; # optional: "xz", "zstd", "none"
startAt = "03:58";
databases = ["immich"]; # set to all databases defined in esure databases
#databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
};
# install borg binary
environment.systemPackages = with pkgs; [borgbackup tree];
# declare secret for repo password
sops.secrets = {
"borg_passwd" = {
owner = "root";
group = "root";
};
};
};
}

2
users/blake/default.nix
View File

@@ -31,7 +31,7 @@
useUserPackages = true; useUserPackages = true;
useGlobalPkgs = true; useGlobalPkgs = true;
users = { users = {
"blake" = import ./home.nix; "blake" = import ./dots/bundles/snowbelle.nix;
}; };
}; };

11
users/blake/dots/bundles/cen-it-07.nix Normal file
View File

@@ -0,0 +1,11 @@
{
config,
lib,
pkgs,
inputs,
...
}:
{
}

17
users/blake/dots/bundles/snowbelle.nix Normal file
View File

@@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [
../../home.nix
];
home.packages = with pkgs; [
htop
];
}

2
users/blake/dots/zsh/default.nix
View File

@@ -67,7 +67,7 @@
# --- scripts --- # --- scripts ---
rebuild = "sh ~/.nix/bin/rebuild.sh"; rebuild = "sh ~/.nix/bin/rebuild.sh";
perms = "sudo sh ~/.nix/bin/perms.sh"; perms = "sudo sh ~/.nix/bin/perms.sh";
bb = "sudo sh ~/.nix/bin/backup_browse.sh"; bb = "sudo sh ~/.nix/bin/lf_borg.sh";
# --- git --- # --- git ---
status = "git status"; status = "git status";

1
users/blake/home.nix
View File

@@ -3,6 +3,7 @@
lib, lib,
pkgs, pkgs,
inputs, inputs,
system,
... ...
}: let }: let