Refactor the restic config

2026-01-21 16:21:34 +01:00 · 2025-06-07 00:20:18 +02:00 · 2025-06-07 00:20:18 +02:00 · 41cd9f56f1
commit 41cd9f56f1
parent b1507caac5
8 changed files with 143 additions and 111 deletions
--- a/modules/system/services/restic-backups/healthchecks.nix
+++ b/modules/system/services/restic-backups/healthchecks.nix
@ -0,0 +1,57 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  inherit (config.custom.services) resticBackups;
+
+  backupsWithHealthchecks =
+    resticBackups
+    |> lib.filterAttrs (_: value: value.enable)
+    |> lib.filterAttrs (_: value: value.healthchecks.enable);
+in
+{
+  options.custom.services.resticBackups = lib.mkOption {
+    type = lib.types.attrsOf (
+      lib.types.submodule {
+        options.healthchecks.enable = lib.mkEnableOption "";
+      }
+    );
+  };
+
+  config = lib.mkIf (resticBackups != { }) {
+    sops.secrets."healthchecks-ping-key" = {
+      mode = "440";
+      group = config.users.groups.backup.name;
+    };
+
+    systemd.services = lib.mkMerge [
+      {
+        "healthcheck-ping@" = {
+          description = "Pings healthcheck (%i)";
+          serviceConfig.Type = "oneshot";
+          scriptArgs = "%i";
+          script = ''
+            ${lib.getExe pkgs.curl} --fail --silent --show-error --max-time 10 --retry 5  https://hc-ping.com/$(cat ${
+              config.sops.secrets."healthchecks-ping-key".path
+            })/$(echo $1 | tr _ /)
+          '';
+        };
+      }
+
+      (
+        backupsWithHealthchecks
+        |> lib.mapAttrs' (
+          name: _:
+          lib.nameValuePair "restic-backups-${name}" {
+            wants = [ "healthcheck-ping@${name}-backup_start.service" ];
+            onSuccess = [ "healthcheck-ping@${name}-backup.service" ];
+            onFailure = [ "healthcheck-ping@${name}-backup_fail.service" ];
+          }
+        )
+      )
+    ];
+  };
+}