SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 22:11:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Run all restic backups as root

Browse source
This commit is contained in:
SebastianStork 2025-06-11 21:09:08 +02:00
parent f5e59e0d12
commit 2e53bdb015
7 changed files with 11 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/system/services/actualbudget/backups.nix
View file

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, lib, ... }:
let
user = config.users.users.actual.name;
in
{ {
options.custom.services.actualbudget.backups.enable = lib.mkEnableOption ""; options.custom.services.actualbudget.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.actualbudget.backups.enable { config = lib.mkIf config.custom.services.actualbudget.backups.enable {
custom.services.resticBackups.actual = { custom.services.resticBackups.actual = {
inherit user;
dependentService = "actual.service"; dependentService = "actual.service";
extraConfig.paths = [ config.services.actual.settings.dataDir ]; extraConfig.paths = [ config.services.actual.settings.dataDir ];
}; };

4
modules/system/services/forgejo/backups.nix
View file

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, lib, ... }:
let
user = config.users.users.forgejo.name;
in
{ {
options.custom.services.forgejo.backups.enable = lib.mkEnableOption ""; options.custom.services.forgejo.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.forgejo.backups.enable { config = lib.mkIf config.custom.services.forgejo.backups.enable {
custom.services.resticBackups.forgejo = { custom.services.resticBackups.forgejo = {
inherit user;
dependentService = "forgejo.service"; dependentService = "forgejo.service";
extraConfig.paths = [ config.services.forgejo.stateDir ]; extraConfig.paths = [ config.services.forgejo.stateDir ];
}; };

4
modules/system/services/hedgedoc/backups.nix
View file

@ -1,13 +1,9 @@
{ config, lib, ... }: { config, lib, ... }:
let
user = config.users.users.hedgedoc.name;
in
{ {
options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption ""; options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.services.hedgedoc.backups.enable { config = lib.mkIf config.custom.services.hedgedoc.backups.enable {
custom.services.resticBackups.hedgedoc = { custom.services.resticBackups.hedgedoc = {
inherit user;
dependentService = "hedgedoc.service"; dependentService = "hedgedoc.service";
extraConfig.paths = with config.services.hedgedoc.settings; [ extraConfig.paths = with config.services.hedgedoc.settings; [
uploadsPath uploadsPath

2
modules/system/services/nextcloud/backups.nix
View file

@ -3,14 +3,12 @@ let
cfg = config.custom.services.nextcloud; cfg = config.custom.services.nextcloud;
dataDir = config.services.nextcloud.home; dataDir = config.services.nextcloud.home;
user = config.users.users.nextcloud.name;
in in
{ {
options.custom.services.nextcloud.backups.enable = lib.mkEnableOption ""; options.custom.services.nextcloud.backups.enable = lib.mkEnableOption "";
config = lib.mkIf cfg.backups.enable { config = lib.mkIf cfg.backups.enable {
custom.services.resticBackups.nextcloud = { custom.services.resticBackups.nextcloud = {
inherit user;
extraConfig = { extraConfig = {
backupPrepareCommand = '' backupPrepareCommand = ''
${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on

23
modules/system/services/restic-backups/default.nix
View file

@ -2,7 +2,7 @@
let let
resticBackups = lib.filterAttrs (_: value: value.enable) config.custom.services.resticBackups; resticBackups = lib.filterAttrs (_: value: value.enable) config.custom.services.resticBackups;
backupUsers = lib.mapAttrsToList (_: value: value.user) resticBackups; # user = config.users.users.restic.name;
in in
{ {
options.custom.services.resticBackups = lib.mkOption { options.custom.services.resticBackups = lib.mkOption {
@ -12,10 +12,6 @@ in
enable = lib.mkEnableOption "" // { enable = lib.mkEnableOption "" // {
default = true; default = true;
}; };
user = lib.mkOption {
type = lib.types.str;
default = config.users.users.root.name;
};
dependentService = lib.mkOption { dependentService = lib.mkOption {
type = lib.types.nullOr lib.types.nonEmptyStr; type = lib.types.nullOr lib.types.nonEmptyStr;
default = null; default = null;
@ -31,18 +27,9 @@ in
}; };
config = lib.mkIf (resticBackups != { }) { config = lib.mkIf (resticBackups != { }) {
users.groups.backup.members = backupUsers; sops.secrets = {
"restic/environment" = { };
sops.secrets = "restic/password" = { };
let
resticPermissions = {
mode = "440";
group = config.users.groups.backup.name;
};
in
{
"restic/environment" = resticPermissions;
"restic/password" = resticPermissions;
}; };
services.restic.backups = services.restic.backups =
@ -51,7 +38,7 @@ in
name: value: name: value:
lib.mkMerge [ lib.mkMerge [
{ {
inherit (value) user; #inherit user;
initialize = true; initialize = true;
repository = "s3:https://s3.eu-central-003.backblazeb2.com/stork-atlas/${name}"; repository = "s3:https://s3.eu-central-003.backblazeb2.com/stork-atlas/${name}";
environmentFile = config.sops.secrets."restic/environment".path; environmentFile = config.sops.secrets."restic/environment".path;

6
modules/system/services/restic-backups/restore.nix
View file

@ -44,13 +44,11 @@ in
hasDependentService = dependentService != null; hasDependentService = dependentService != null;
in in
'' ''
${lib.optionalString hasDependentService "sudo systemctl stop ${dependentService}"} ${lib.optionalString hasDependentService "systemctl stop ${dependentService}"}
sudo --user=${value.user} bash -c "
${value.restoreCommand.preRestore} ${value.restoreCommand.preRestore}
restic-${name} restore latest --target / restic-${name} restore latest --target /
${value.restoreCommand.postRestore} ${value.restoreCommand.postRestore}
" ${lib.optionalString hasDependentService "systemctl start ${dependentService}"}
${lib.optionalString hasDependentService "sudo systemctl start ${dependentService}"}
''; '';
} }
); );

3
modules/system/services/syncthing/backups.nix
View file

@ -1,8 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.custom.services.syncthing; cfg = config.custom.services.syncthing;
user = config.users.users.syncthing.name;
in in
{ {
options.custom.services.syncthing.backups.enable = lib.mkEnableOption ""; options.custom.services.syncthing.backups.enable = lib.mkEnableOption "";
@ -16,7 +14,6 @@ in
]; ];
custom.services.resticBackups.syncthing = { custom.services.resticBackups.syncthing = {
inherit user;
dependentService = "syncthing.service"; dependentService = "syncthing.service";
extraConfig.paths = [ config.services.syncthing.dataDir ]; extraConfig.paths = [ config.services.syncthing.dataDir ];
}; };