diff --git a/hosts/helios/default.nix b/hosts/helios/default.nix index b41cc9c..02e970e 100644 --- a/hosts/helios/default.nix +++ b/hosts/helios/default.nix @@ -29,34 +29,6 @@ system.stateVersion = "22.11"; - age.secrets."passwords/services/borg/helios-passphrase" = { - file = "${inputs.secrets}/passwords/services/borg/helios-passphrase.age"; - }; - - services.borgmatic = { - enable = true; - settings = { - source_directories = [ - "/home/jordan/Documents" - ]; - repositories = [ - { label = "borgbase"; path = "ssh://b9cjl9hq@b9cjl9hq.repo.borgbase.com/./repo"; } - ]; - storage = { - encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/helios-passphrase".path}"; - ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; - }; - retention = { - keep_daily = 7; - keep_weekly = 4; - keep_monthly = 6; - }; - }; - }; - - # Without this override, `cat` is unavailable for `encryption_passcommand` - systemd.services.borgmatic.confinement.fullUnit = true; - modules = { desktop = { apps.qbittorrent.enable = true; @@ -74,6 +46,15 @@ gpg.enable = true; pass.enable = true; }; + services = { + borgmatic = { + enable = true; + directories = [ + "/home/jordan/Documents" + ]; + repoPath = "ssh://b9cjl9hq@b9cjl9hq.repo.borgbase.com/./repo"; + }; + }; shell = { git.enable = true; zsh.enable = true; diff --git a/hosts/odyssey/default.nix b/hosts/odyssey/default.nix index f11328c..63e118e 100644 --- a/hosts/odyssey/default.nix +++ b/hosts/odyssey/default.nix @@ -52,34 +52,6 @@ }; }; - age.secrets."passwords/services/borg/odyssey-passphrase" = { - file = "${inputs.secrets}/passwords/services/borg/odyssey-passphrase.age"; - }; - - services.borgmatic = { - enable = true; - settings = { - source_directories = [ - "/home/jordan/Documents" - ]; - repositories = [ - { label = "borgbase"; path = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"; } - ]; - storage = { - encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/odyssey-passphrase".path}"; - ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; - }; - retention = { - keep_daily = 7; - keep_weekly = 4; - keep_monthly = 6; - }; - }; - }; - - # Without this override, `cat` is unavailable for `encryption_passcommand` - systemd.services.borgmatic.confinement.fullUnit = true; - modules = { desktop = { apps.qbittorrent.enable = true; @@ -111,6 +83,15 @@ gpg.enable = true; pass.enable = true; }; + services = { + borgmatic = { + enable = true; + directories = [ + "/home/jordan/Documents" + ]; + repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"; + }; + }; shell = { git.enable = true; zsh.enable = true; diff --git a/hosts/pi/default.nix b/hosts/pi/default.nix index af19752..d363ef2 100644 --- a/hosts/pi/default.nix +++ b/hosts/pi/default.nix @@ -108,35 +108,19 @@ }; }; - age.secrets."passwords/services/borg/pi-passphrase" = { - file = "${inputs.secrets}/passwords/services/borg/pi-passphrase.age"; - }; - - services.borgmatic = { - enable = true; - settings = { - source_directories = [ - "/var/lib/mosquitto" - "/var/lib/zigbee2mqtt" - ]; - repositories = [ - { label = "borgbase"; path = "ssh://qcw86s11@qcw86s11.repo.borgbase.com/./repo"; } - ]; - storage = { - encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/pi-passphrase".path}"; - ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; - }; - retention = { - keep_daily = 7; - keep_weekly = 4; - keep_monthly = 6; + modules = { + services = { + borgmatic = { + enable = true; + directories = [ + "/var/lib/mosquitto" + "/var/lib/zigbee2mqtt" + ]; + repoPath = "ssh://qcw86s11@qcw86s11.repo.borgbase.com/./repo"; }; }; }; - # Without this override, `cat` is unavailable for `encryption_passcommand` - systemd.services.borgmatic.confinement.fullUnit = true; - environment.systemPackages = with pkgs; [ libraspberrypi raspberrypi-eeprom diff --git a/modules/default.nix b/modules/default.nix index 8e832f0..d9ce510 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -28,6 +28,7 @@ ./networking/tailscale.nix ./security/gpg.nix ./security/pass.nix + ./services/borgmatic ./shell/git ./shell/zsh ]; diff --git a/modules/services/borgmatic/default.nix b/modules/services/borgmatic/default.nix new file mode 100644 index 0000000..05cf051 --- /dev/null +++ b/modules/services/borgmatic/default.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, inputs, ... }: + +with lib; + +let + cfg = config.modules.services.borgmatic; + hostname = config.networking.hostName; +in { + options.modules.services.borgmatic = { + enable = mkOption { + default = false; + example = true; + description = mdDoc "Enable backups on this host with `borgmatic`"; + }; + directories = mkOption { + type = types.listOf types.str; + default = []; + example = [ + "/home/jordan/Documents" + ]; + description = mdDoc "List of directories to backup"; + }; + repoPath = mkOption { + type = types.str; + example = "ssh://example@example.repo.borgbase.com/./repo"; + description = mdDoc "Destination borg repository for backup"; + }; + }; + + config = mkIf cfg.enable { + age.secrets."passwords/services/borg/${hostname}-passphrase" = { + file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age"; + }; + + services.borgmatic = { + enable = true; + settings = { + source_directories = cfg.directories; + repositories = [ + { label = "borgbase"; path = cfg.repoPath; } + ]; + storage = { + encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}"; + ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key"; + }; + retention = { + keep_daily = 7; + keep_weekly = 4; + keep_monthly = 6; + }; + }; + }; + + # Without this override, `cat` is unavailable for `encryption_passcommand` + systemd.services.borgmatic.confinement.fullUnit = true; + }; +}