76 lines
2.6 KiB
Nix
76 lines
2.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
/**/
|
|
let
|
|
cfg = config.homelab.backups;
|
|
sec = config.sops.secrets;
|
|
in {
|
|
options.homelab.backups = {
|
|
enable = lib.mkEnableOption "enables borg backups for state files and db backup services";
|
|
baks = lib.mkOption {
|
|
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
|
|
default = {};
|
|
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
|
|
};
|
|
backup_repo = lib.mkOption {
|
|
type = lib.types.path;
|
|
default = "/holocron/archives/homelab";
|
|
description = "path to take daily backups to with borg!";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# backups homelab with borg
|
|
services.borgbackup.jobs.homelab = (lib.mkIf cfg.baks != {}) {
|
|
archiveBaseName = "homelab";
|
|
repo = cfg.backup_repo;
|
|
paths = lib.flatten (lib.attrsets.mapAttrsToList (_: arg: arg.paths) cfg.baks);
|
|
compression = "auto,zstd";
|
|
startAt = "daily";
|
|
group = "archives";
|
|
encryption.mode = "repokey-blake2";
|
|
encryption.passCommand = "cat ${sec."borg_passwd".path}";
|
|
extraArgs = ["--verbose" "--show-rc" "--umask" "0007"];
|
|
extraCreateArgs = ["--list" "--stats" "--filter" "AME"];
|
|
prune.keep = {
|
|
within = "1d"; # Keep all archives from the last day
|
|
daily = 7;
|
|
weekly = 12;
|
|
monthly = -1; # Keep at least one archive for each month
|
|
};
|
|
};
|
|
|
|
# mysql backups currently minecraft_recpro is the only thing using this
|
|
services.mysqlBackup = lib.mkIf config.services.mysql.enable {
|
|
enable = true;
|
|
location = "/var/backup/mysql";
|
|
user = "root";
|
|
calendar = "*-*-* *:59:45"; # goes fast, included in back up with server dirs at **:00
|
|
compressionAlg = "zstd";
|
|
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
|
|
};
|
|
# postgresql backups currently immich is the only user
|
|
services.postgresqlBackup = lib.mkIf config.services.postgresql.enable {
|
|
enable = true;
|
|
location = "/var/backup/postgresql";
|
|
compression = "zstd"; # optional: "xz", "zstd", "none"
|
|
startAt = "03:59"; # the dump is included in a backup taken at 4:00
|
|
databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
|
|
};
|
|
|
|
# helpful and for scripts
|
|
environment.systemPackages = with pkgs; [borgbackup tree];
|
|
|
|
sops.secrets = {
|
|
"borg_passwd" = {
|
|
owner = "root";
|
|
group = "root";
|
|
};
|
|
};
|
|
};
|
|
}
|