borg-backup: setup service

2021-01-30 18:11:02 +01:00 · 2021-01-30 18:11:02 +01:00 · 91eaa2f008
commit 91eaa2f008
parent bea28f5f3e
6 changed files with 73 additions and 2 deletions
--- a/services/borg-backup.nix
+++ b/services/borg-backup.nix
@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.my.services.borg-backup;
+in {
+  options.my.services.borg-backup = {
+    enable = mkEnableOption "Enable Borg backups for this host";
+
+    repo = mkOption {
+      type = types.str;
+      default = null;
+      example = "deadbeef@deadbeef.repo.borgbase.com:repo";
+      description = "Borgbase repo info. Required.";
+    };
+
+    paths = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [
+        "/var/lib"
+        "/home"
+      ];
+      description = "Paths to backup";
+    };
+
+    exclude = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [
+        # very large paths
+        "/var/lib/docker"
+        "/var/lib/systemd"
+        "/var/lib/libvirt"
+
+        # temporary files created by cargo and `go build`
+        "**/target"
+        "/home/*/go/bin"
+        "/home/*/go/pkg"
+      ];
+      description = "Paths to exclude from backup";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.borgbackup.jobs."borgbase" = {
+      paths = cfg.paths;
+      exclude = [
+        # nothing for now
+      ];
+      repo = "${cfg.repo}";
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat /root/borgbackup/passphrase";
+      };
+      environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
+      compression = "auto,lzma";
+      startAt = "daily";
+    };
+  };
+}
--- a/services/default.nix
+++ b/services/default.nix
@ -2,6 +2,7 @@

 {
  imports = [
+    ./borg-backup.nix
    ./matrix.nix
    ./monitoring.nix
  ];