From 169ada30f6d50e8ee311221f3eac565431b03288 Mon Sep 17 00:00:00 2001 From: Nydragon Date: Sun, 13 Oct 2024 19:55:35 +0200 Subject: [PATCH] feat(rsync): allow a client/server to have multiple modules --- hosts/nihilus/configuration.nix | 8 +- hosts/shan/configuration.nix | 27 +- options/server/default.nix | 1 + .../rsync-daemon/default.nix} | 4 +- options/services/default.nix | 2 +- options/services/rsync-backup/default.nix | 176 +++++++++++++ options/services/rsync-backup/module.nix | 138 ++++++++++ options/services/rsync/default.nix | 6 - options/services/rsync/rsync-backup.nix | 244 ------------------ 9 files changed, 344 insertions(+), 262 deletions(-) rename options/{services/rsync/rsync-daemon.nix => server/rsync-daemon/default.nix} (96%) create mode 100644 options/services/rsync-backup/default.nix create mode 100644 options/services/rsync-backup/module.nix delete mode 100644 options/services/rsync/default.nix delete mode 100644 options/services/rsync/rsync-backup.nix diff --git a/hosts/nihilus/configuration.nix b/hosts/nihilus/configuration.nix index 80cf99d..acaa047 100644 --- a/hosts/nihilus/configuration.nix +++ b/hosts/nihilus/configuration.nix @@ -1,4 +1,3 @@ -{ pubkeys, ... }: { imports = [ ./hardware-configuration.nix @@ -13,7 +12,7 @@ ]; extraFlags = [ "--accept-dns=false" ]; # Want to disable that since *server* can't access the private dns... for now }; - services = { + server = { rsync-daemon = { enable = true; port = 9523; @@ -26,6 +25,11 @@ comment = "backups for paperless"; mode = "write"; } + { + name = "immich-backup"; + comment = "backups for immich"; + mode = "write"; + } { name = "brontes-backup"; comment = "brontes's backup space"; diff --git a/hosts/shan/configuration.nix b/hosts/shan/configuration.nix index 2b2ada0..f2d26f5 100644 --- a/hosts/shan/configuration.nix +++ b/hosts/shan/configuration.nix @@ -72,13 +72,26 @@ rsync-backup = { enable = true; - sources = [ "/var/lib/paperless" ]; - target = { - location = "paperless-backup"; - type = "rsyncd"; - host = "nihilus"; - }; - incremental.enable = true; + modules = [ + { + sources = [ "/var/lib/paperless" ]; + target = { + location = "paperless-backup"; + type = "rsyncd"; + host = "nihilus"; + }; + incremental.enable = true; + } + { + sources = [ "/var/lib/immich" ]; + target = { + location = "immich-backup"; + type = "rsyncd"; + host = "nihilus"; + }; + incremental.enable = true; + } + ]; }; }; }; diff --git a/options/server/default.nix b/options/server/default.nix index 378355e..c73374b 100644 --- a/options/server/default.nix +++ b/options/server/default.nix @@ -2,5 +2,6 @@ imports = [ ./paperless-ngx ./navidrome.nix + ./rsync-daemon ]; } diff --git a/options/services/rsync/rsync-daemon.nix b/options/server/rsync-daemon/default.nix similarity index 96% rename from options/services/rsync/rsync-daemon.nix rename to options/server/rsync-daemon/default.nix index c2be19f..b040c99 100644 --- a/options/services/rsync/rsync-daemon.nix +++ b/options/server/rsync-daemon/default.nix @@ -16,10 +16,10 @@ let ; inherit (lib.my) mkPortOption slugify; - cfg = config.modules.services.rsync-daemon; + cfg = config.modules.server.rsync-daemon; in { - options.modules.services.rsync-daemon = { + options.modules.server.rsync-daemon = { enable = mkEnableOption "rsync daemon"; openFirewall = mkOption { type = bool; diff --git a/options/services/default.nix b/options/services/default.nix index c7f654e..28a6722 100644 --- a/options/services/default.nix +++ b/options/services/default.nix @@ -2,6 +2,6 @@ imports = [ ./nysh.nix ./tailscale.nix - ./rsync + ./rsync-backup ]; } diff --git a/options/services/rsync-backup/default.nix b/options/services/rsync-backup/default.nix new file mode 100644 index 0000000..fba97a5 --- /dev/null +++ b/options/services/rsync-backup/default.nix @@ -0,0 +1,176 @@ +{ + config, + lib, + pkgs, + options, + ... +}: +let + inherit (lib) + mkIf + mkEnableOption + mkOption + concatStringsSep + toList + listToAttrs + ; + inherit (lib.types) + listOf + nonEmptyStr + package + str + port + bool + submoduleWith + ; + inherit (lib.my) slugify; + cfg = config.modules.services.rsync-backup; +in +{ + # Used to back up multiple source destinations to a target destination regularly, + # with possibility to enable incremental backups for versioning. + + # TODO: systemd unit + # - [x] script taking configurable args + # - [x] sync from/to paths + # - [ ] support + # - [ ] nfs + # - [ ] sftp + # - [ ] ssh + # - [x] local + # - [x] rsyncd + # - [ ] retention limit for incremental backups + + options.modules.services.rsync-backup = { + enable = mkEnableOption "rsync backups"; + + modules = mkOption { + default = [ ]; + type = listOf (submoduleWith { + shorthandOnlyDefinesConfig = true; + modules = toList (import ./module.nix); + specialArgs = { + rootCfg = cfg; + }; + }); + }; + + exclude = mkOption { + type = listOf str; + default = [ ".git" ]; + }; + + followGitignore = mkOption { + type = bool; + default = true; + }; + + package = mkOption { + type = package; + default = pkgs.rsync; + description = '' + The rsync package to use. + ''; + }; + + interval = mkOption { + type = nonEmptyStr; + default = "daily"; + }; + + unitName = mkOption { + type = nonEmptyStr; + default = "rsync-backup"; + }; + + user = mkOption { + type = str; + default = "rsync-backup"; + description = "User account under which Rsync runs."; + }; + + group = mkOption { + type = str; + default = "rsync-backup"; + description = "Group under which Rsync runs."; + }; + + port = mkOption { + type = port; + default = options.modules.services.rsync-daemon.port.default; + }; + }; + + config = mkIf cfg.enable { + systemd.timers = listToAttrs ( + map ( + mod: + let + name = "${cfg.unitName}-${slugify mod.target.location}"; + in + { + inherit name; + value = { + enable = true; + wantedBy = [ "timers.target" ]; + unitConfig = { + Description = "Triggers rsync-backups regularly."; + }; + timerConfig = { + Unit = "${name}.service"; + OnCalendar = mod.interval; + Persistent = true; + }; + }; + } + ) cfg.modules + ); + + systemd.services = listToAttrs ( + map (mod: { + name = "${cfg.unitName}-${slugify mod.target.location}"; + value = { + script = + let + destination = + if mod.incremental.enable then "${mod.target.finalLocation}/backup" else mod.target.finalLocation; + sources = concatStringsSep " " (map (s: "\"${s}\"") mod.sources); + in + '' + ${cfg.package}/bin/rsync \ + ${mod.flagsFinal} \ + ${sources} \ + "${destination}" + ''; + + requires = mkIf (mod.target.type == "rsyncd") [ "network.target" ]; + unitConfig = { + Description = "Backs up files from a source location to a specified destination."; + }; + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + RestartSec = 300; + PrivateDevices = true; + PrivateTmp = true; + ProtectSystem = "full"; + ReadOnlyPaths = concatStringsSep " " mod.sources; + IPAddressAllow = "any"; + }; + }; + }) cfg.modules + ); + + users.users = mkIf (cfg.user == "rsync-backup") { + rsync-backup = { + useDefaultShell = true; + group = cfg.group; + isSystemUser = true; + }; + }; + + users.groups = mkIf (cfg.group == "rsync-backup") { + rsync-backup = { }; + }; + }; +} diff --git a/options/services/rsync-backup/module.nix b/options/services/rsync-backup/module.nix new file mode 100644 index 0000000..bdad155 --- /dev/null +++ b/options/services/rsync-backup/module.nix @@ -0,0 +1,138 @@ +{ + config, + lib, + specialArgs, + ... +}: + +let + inherit (lib) + mkOption + concatLists + concatStringsSep + mkEnableOption + ; + inherit (lib.types) + listOf + nonEmptyStr + enum + str + bool + ; + inherit (lib.lists) optionals; + inherit (specialArgs) rootCfg; +in +{ + options = { + exclude = mkOption { + type = listOf nonEmptyStr; + default = rootCfg.exclude; + }; + + followGitignore = mkOption { + type = bool; + default = rootCfg.followGitignore; + }; + + sources = mkOption { + type = listOf nonEmptyStr; + default = [ ]; # TODO: validate if at least 1 element + description = '' + A list of absolute paths to the files or folders that should get synchronized. + It isn't necessary to wrap them in escaped double quotation marks. + ''; + }; + + target = { + location = mkOption { + type = nonEmptyStr; + description = '' + The target to where the data should be backed up. + If it is a directory, it will be created automatically by rsync. + ''; + }; + + finalLocation = mkOption { + type = nonEmptyStr; + default = + if config.target.type == "local" then + config.target.location + else if config.target.type == "rsyncd" then + "rsync://${config.target.host}/${config.target.location}" + else + throw "Unable to create location."; + }; + + type = mkOption { + type = enum [ + "local" + "rsyncd" + ]; + default = "local"; + description = '' + Guesses if the given target is local or ssh, very rudimentary therefore it might be necessary to specify manually (or rewrite the logic). + ''; + }; + + host = mkOption { + type = str; + default = ""; + }; + }; + + interval = mkOption { + type = nonEmptyStr; + default = "daily"; + }; + + flags = mkOption { + type = listOf str; + default = [ + "--archive" + "--verbose" + "--mkpath" # create destination's missing path components + "--safe-links" # ignore symlinks that point outside the tree + "--itemize-changes" # output a change-summary for all updates + ]; + }; + + flagsFinal = mkOption { + type = listOf str; + default = concatLists [ + config.flags + (optionals config.incremental.enable [ + "--delete" + "--backup-dir=\"${config.incremental.finalIncrementPath}\"" + ]) + (optionals config.followGitignore [ "--filter=':- .gitignore'" ]) + [ "--port=${toString rootCfg.port}" ] + (map (ex: "--exclude='${ex}'") config.exclude) + ]; + apply = concatStringsSep " "; + }; + + incremental = { + enable = mkEnableOption "incremental backups"; + format = mkOption { + type = nonEmptyStr; + default = "%Y-%m-%d-%-H-%M-%S-$RANDOM"; + description = '' + The increment folder name. Refer to `man date` for specifics about the format. + Omit the leading +. + ''; + }; + finalIncrementPath = mkOption { + type = nonEmptyStr; + default = "../increment/$(date +${config.incremental.format})/"; + description = '' + The directory in which the changes will be stored, the .. at the start is necessary because it is relative to + the target and we append `backup` to the target. + + -- cfg.location + | - backup/ + | - increment/ + ''; + }; + }; + }; +} diff --git a/options/services/rsync/default.nix b/options/services/rsync/default.nix deleted file mode 100644 index 2ba517b..0000000 --- a/options/services/rsync/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./rsync-backup.nix - ./rsync-daemon.nix - ]; -} diff --git a/options/services/rsync/rsync-backup.nix b/options/services/rsync/rsync-backup.nix deleted file mode 100644 index a4ef3da..0000000 --- a/options/services/rsync/rsync-backup.nix +++ /dev/null @@ -1,244 +0,0 @@ -{ - config, - lib, - pkgs, - options, - ... -}: -let - inherit (lib) - mkIf - mkEnableOption - mkOption - concatStringsSep - concatLists - ; - inherit (lib.lists) optionals; - inherit (lib.types) - listOf - nonEmptyStr - package - enum - str - port - bool - ; - cfg = config.modules.services.rsync-backup; -in -{ - # Used to back up multiple source destinations to a target destination regularly, - # with possibility to enable incremental backups for versioning. - - # TODO: systemd unit - # - [x] script taking configurable args - # - [x] sync from/to paths - # - [ ] support - # - [ ] nfs - # - [ ] sftp - # - [ ] ssh - # - [x] local - # - [x] rsyncd - # - [ ] retention limit for incremental backups - - options.modules.services.rsync-backup = { - enable = mkEnableOption "rsync backups"; - - sources = mkOption { - type = listOf nonEmptyStr; - default = [ ]; # TODO: validate if at least 1 element - description = '' - A list of absolute paths to the files or folders that should get synchronized. - It isn't necessary to wrap them in escaped double quotation marks. - ''; - }; - - exclude = mkOption { - type = listOf str; - default = [ ".git" ]; - }; - - followGitignore = mkOption { - type = bool; - default = true; - }; - - target = { - location = mkOption { - type = nonEmptyStr; - description = '' - The target to where the data should be backed up. - If it is a directory, it will be created automatically by rsync. - Append a : to the string if it is an ssh target and ensure that passwordless access is available. - ''; - }; - - finalLocation = mkOption { - type = nonEmptyStr; - default = - if cfg.target.type == "local" then - cfg.target.location - else if cfg.target.type == "rsyncd" then - "rsync://${cfg.target.host}/${cfg.target.location}" - else - throw "Unable to create location."; - }; - - type = mkOption { - type = enum [ - "local" - "rsyncd" - ]; - default = "local"; - description = '' - Guesses if the given target is local or ssh, very rudimentary therefore it might be necessary to specify manually (or rewrite the logic). - ''; - }; - - host = mkOption { - type = str; - default = ""; - }; - }; - - package = mkOption { - type = package; - default = pkgs.rsync; - description = '' - The rsync package to use. - ''; - }; - - flags = mkOption { - type = listOf str; - default = [ - "--archive" - "--verbose" - "--mkpath" - ]; - }; - - flagsFinal = mkOption { - type = listOf str; - default = concatLists [ - cfg.flags - (optionals cfg.incremental.enable [ - "--delete" - "--backup-dir='${cfg.incremental.finalIncrementPath}'" - ]) - (optionals cfg.followGitignore [ "--filter=':- .gitignore'" ]) - [ "--port=${toString cfg.port}" ] - (map (ex: "--exclude='${ex}'") cfg.exclude) - ]; - apply = concatStringsSep " "; - }; - - interval = mkOption { - type = nonEmptyStr; - default = "daily"; - }; - - incremental = { - enable = mkEnableOption "incremental backups"; - format = mkOption { - type = nonEmptyStr; - default = "%Y-%m-%d-%-H-%M-%S-$RANDOM"; - description = '' - The increment folder name. Refer to `man date` for specifics about the format. - Omit the leading +. - ''; - }; - finalIncrementPath = mkOption { - type = nonEmptyStr; - default = "../${cfg.target.location}/increment/$(date +${cfg.incremental.format})/"; - description = '' - The directory in which the changes will be stored, the .. at the start is necessary because it is relative to - the target and we append `backup` to the target. - - -- cfg.location - | - backup/ - | - increment/ - ''; - }; - # TODO: add retention - }; - - unitName = mkOption { - type = nonEmptyStr; - default = "rsync-backup"; - }; - - user = mkOption { - type = str; - default = "rsync-backup"; - description = "User account under which Rsync runs."; - }; - - group = mkOption { - type = str; - default = "rsync-backup"; - description = "Group under which Rsync runs."; - }; - - port = mkOption { - type = port; - default = options.modules.services.rsync-daemon.port.default; - }; - }; - - config = mkIf cfg.enable { - systemd.timers.${cfg.unitName} = { - enable = true; - wantedBy = [ "timers.target" ]; - unitConfig = { - Description = "Triggers rsync-backup regularly."; - }; - timerConfig = { - Unit = "${cfg.unitName}.service"; - OnCalendar = cfg.interval; - Persistent = true; - }; - }; - - systemd.services.${cfg.unitName} = { - script = - let - destination = - if cfg.incremental.enable then "${cfg.target.finalLocation}/backup" else cfg.target.finalLocation; - sources = concatStringsSep " " (map (s: "\"${s}\"") cfg.sources); - in - '' - ${cfg.package}/bin/rsync \ - ${cfg.flagsFinal} \ - ${sources} \ - "${destination}" - ''; - - requires = mkIf (cfg.target.type == "rsyncd") [ "network.target" ]; - unitConfig = { - Description = "Backs up files from a source location to a specified destination."; - }; - serviceConfig = { - Type = "simple"; - Restart = "on-failure"; - RestartSec = 300; - PrivateDevices = true; - PrivateTmp = true; - ProtectSystem = "full"; - ReadOnlyPaths = concatStringsSep " " cfg.sources; - IPAddressAllow = "any"; - }; - }; - - users.users = mkIf (cfg.user == "rsync-backup") { - rsync-backup = { - useDefaultShell = true; - group = cfg.group; - isSystemUser = true; - }; - }; - - users.groups = mkIf (cfg.group == "rsync-backup") { - rsync-backup = { }; - }; - }; -}