58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
{ config, lib, pkgs, inputs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.modules.services.borgmatic;
|
|
hostname = config.networking.hostName;
|
|
in {
|
|
options.modules.services.borgmatic = {
|
|
enable = mkOption {
|
|
default = false;
|
|
example = true;
|
|
description = mdDoc "Enable backups on this host with `borgmatic`";
|
|
};
|
|
directories = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [];
|
|
example = [
|
|
"/home/jordan/Documents"
|
|
];
|
|
description = mdDoc "List of directories to backup";
|
|
};
|
|
repoPath = mkOption {
|
|
type = types.str;
|
|
example = "ssh://example@example.repo.borgbase.com/./repo";
|
|
description = mdDoc "Destination borg repository for backup";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
age.secrets."passwords/services/borg/${hostname}-passphrase" = {
|
|
file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
|
|
};
|
|
|
|
services.borgmatic = {
|
|
enable = true;
|
|
settings = {
|
|
source_directories = cfg.directories;
|
|
repositories = [
|
|
{ label = "borgbase"; path = cfg.repoPath; }
|
|
];
|
|
storage = {
|
|
encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}";
|
|
ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
|
|
};
|
|
retention = {
|
|
keep_daily = 7;
|
|
keep_weekly = 4;
|
|
keep_monthly = 6;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Without this override, `cat` is unavailable for `encryption_passcommand`
|
|
systemd.services.borgmatic.confinement.fullUnit = true;
|
|
};
|
|
}
|