244 lines
6.1 KiB
Nix
244 lines
6.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
options,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib)
|
|
mkIf
|
|
mkEnableOption
|
|
mkOption
|
|
concatStringsSep
|
|
concatLists
|
|
;
|
|
inherit (lib.lists) optionals;
|
|
inherit (lib.types)
|
|
listOf
|
|
nonEmptyStr
|
|
package
|
|
enum
|
|
str
|
|
port
|
|
bool
|
|
;
|
|
cfg = config.modules.services.rsync-backup;
|
|
in
|
|
{
|
|
# Used to back up multiple source destinations to a target destination regularly,
|
|
# with possibility to enable incremental backups for versioning.
|
|
|
|
# TODO: systemd unit
|
|
# - [x] script taking configurable args
|
|
# - [x] sync from/to paths
|
|
# - [ ] support
|
|
# - [ ] nfs
|
|
# - [ ] sftp
|
|
# - [ ] ssh
|
|
# - [x] local
|
|
# - [x] rsyncd
|
|
# - [ ] retention limit for incremental backups
|
|
|
|
options.modules.services.rsync-backup = {
|
|
enable = mkEnableOption "rsync backups";
|
|
|
|
sources = mkOption {
|
|
type = listOf nonEmptyStr;
|
|
default = [ ]; # TODO: validate if at least 1 element
|
|
description = ''
|
|
A list of absolute paths to the files or folders that should get synchronized.
|
|
It isn't necessary to wrap them in escaped double quotation marks.
|
|
'';
|
|
};
|
|
|
|
exclude = mkOption {
|
|
type = listOf str;
|
|
default = [ ".git" ];
|
|
};
|
|
|
|
followGitignore = mkOption {
|
|
type = bool;
|
|
default = true;
|
|
};
|
|
|
|
target = {
|
|
location = mkOption {
|
|
type = nonEmptyStr;
|
|
description = ''
|
|
The target to where the data should be backed up.
|
|
If it is a directory, it will be created automatically by rsync.
|
|
Append a : to the string if it is an ssh target and ensure that passwordless access is available.
|
|
'';
|
|
};
|
|
|
|
finalLocation = mkOption {
|
|
type = nonEmptyStr;
|
|
default =
|
|
if cfg.target.type == "local" then
|
|
cfg.target.location
|
|
else if cfg.target.type == "rsyncd" then
|
|
"rsync://${cfg.target.host}/${cfg.target.location}"
|
|
else
|
|
throw "Unable to create location.";
|
|
};
|
|
|
|
type = mkOption {
|
|
type = enum [
|
|
"local"
|
|
"rsyncd"
|
|
];
|
|
default = "local";
|
|
description = ''
|
|
Guesses if the given target is local or ssh, very rudimentary therefore it might be necessary to specify manually (or rewrite the logic).
|
|
'';
|
|
};
|
|
|
|
host = mkOption {
|
|
type = str;
|
|
default = "";
|
|
};
|
|
};
|
|
|
|
package = mkOption {
|
|
type = package;
|
|
default = pkgs.rsync;
|
|
description = ''
|
|
The rsync package to use.
|
|
'';
|
|
};
|
|
|
|
flags = mkOption {
|
|
type = listOf str;
|
|
default = [
|
|
"--archive"
|
|
"--verbose"
|
|
"--mkpath"
|
|
];
|
|
};
|
|
|
|
flagsFinal = mkOption {
|
|
type = listOf str;
|
|
default = concatLists [
|
|
cfg.flags
|
|
(optionals cfg.incremental.enable [
|
|
"--delete"
|
|
"--backup-dir='${cfg.incremental.finalIncrementPath}'"
|
|
])
|
|
(optionals cfg.followGitignore [ "--filter=':- .gitignore'" ])
|
|
[ "--port=${toString cfg.port}" ]
|
|
(map (ex: "--exclude='${ex}'") cfg.exclude)
|
|
];
|
|
apply = concatStringsSep " ";
|
|
};
|
|
|
|
interval = mkOption {
|
|
type = nonEmptyStr;
|
|
default = "daily";
|
|
};
|
|
|
|
incremental = {
|
|
enable = mkEnableOption "incremental backups";
|
|
format = mkOption {
|
|
type = nonEmptyStr;
|
|
default = "%Y-%m-%d-%-H-%M-%S-$RANDOM";
|
|
description = ''
|
|
The increment folder name. Refer to `man date` for specifics about the format.
|
|
Omit the leading +.
|
|
'';
|
|
};
|
|
finalIncrementPath = mkOption {
|
|
type = nonEmptyStr;
|
|
default = "../${cfg.target.location}/increment/$(date +${cfg.incremental.format})/";
|
|
description = ''
|
|
The directory in which the changes will be stored, the .. at the start is necessary because it is relative to
|
|
the target and we append `backup` to the target.
|
|
|
|
-- cfg.location
|
|
| - backup/
|
|
| - increment/<increment format>
|
|
'';
|
|
};
|
|
# TODO: add retention
|
|
};
|
|
|
|
unitName = mkOption {
|
|
type = nonEmptyStr;
|
|
default = "rsync-backup";
|
|
};
|
|
|
|
user = mkOption {
|
|
type = str;
|
|
default = "rsync-backup";
|
|
description = "User account under which Rsync runs.";
|
|
};
|
|
|
|
group = mkOption {
|
|
type = str;
|
|
default = "rsync-backup";
|
|
description = "Group under which Rsync runs.";
|
|
};
|
|
|
|
port = mkOption {
|
|
type = port;
|
|
default = options.modules.services.rsync-daemon.port.default;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.timers.${cfg.unitName} = {
|
|
enable = true;
|
|
wantedBy = [ "timers.target" ];
|
|
unitConfig = {
|
|
Description = "Triggers rsync-backup regularly.";
|
|
};
|
|
timerConfig = {
|
|
Unit = "${cfg.unitName}.service";
|
|
OnCalendar = cfg.interval;
|
|
Persistent = true;
|
|
};
|
|
};
|
|
|
|
systemd.services.${cfg.unitName} = {
|
|
script =
|
|
let
|
|
destination =
|
|
if cfg.incremental.enable then "${cfg.target.finalLocation}/backup" else cfg.target.finalLocation;
|
|
sources = concatStringsSep " " (map (s: "\"${s}\"") cfg.sources);
|
|
in
|
|
''
|
|
${cfg.package}/bin/rsync \
|
|
${cfg.flagsFinal} \
|
|
${sources} \
|
|
"${destination}"
|
|
'';
|
|
|
|
requires = mkIf (cfg.target.type == "rsyncd") [ "network.target" ];
|
|
unitConfig = {
|
|
Description = "Backs up files from a source location to a specified destination.";
|
|
};
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
Restart = "on-failure";
|
|
RestartSec = 300;
|
|
PrivateDevices = true;
|
|
PrivateTmp = true;
|
|
ProtectSystem = "full";
|
|
ReadOnlyPaths = concatStringsSep " " cfg.sources;
|
|
IPAddressAllow = "any";
|
|
};
|
|
};
|
|
|
|
users.users = mkIf (cfg.user == "rsync-backup") {
|
|
rsync-backup = {
|
|
useDefaultShell = true;
|
|
group = cfg.group;
|
|
isSystemUser = true;
|
|
};
|
|
};
|
|
|
|
users.groups = mkIf (cfg.group == "rsync-backup") {
|
|
rsync-backup = { };
|
|
};
|
|
};
|
|
}
|