Rename option "backups.enable" to "doBackups"

hosts/alto/default.nix

@@ -19,19 +19,19 @@
       syncthing = {
         enable = true;
         isServer = true;
+        doBackups = true;
         deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
         gui.domain = "syncthing.${config.custom.services.tailscale.domain}";
-        backups.enable = true;
       };
       nextcloud = {
         enable = true;
+        doBackups = true;
         domain = "cloud.${config.custom.services.tailscale.domain}";
-        backups.enable = true;
       };
       actualbudget = {
         enable = true;
+        doBackups = true;
         domain = "budget.${config.custom.services.tailscale.domain}";
-        backups.enable = true;
       };
 
       caddy.virtualHosts = {

hosts/cirrus/default.nix

@@ -27,8 +27,8 @@
 
       hedgedoc = {
         enable = true;
+        doBackups = true;
         domain = "docs.sprouted.cloud";
-        backups.enable = true;
       };
       it-tools = {
         enable = true;
@@ -36,9 +36,9 @@
       };
       forgejo = {
         enable = true;
+        doBackups = true;
         domain = "git.sstork.dev";
         ssh.enable = true;
-        backups.enable = true;
       };
 
       caddy.virtualHosts = {

modules/system/services/actualbudget.nix

@@ -5,6 +5,7 @@ in
 {
   options.custom.services.actualbudget = {
     enable = lib.mkEnableOption "";
+    doBackups = lib.mkEnableOption "";
     domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
@@ -25,5 +26,10 @@ in
         inherit (cfg) port;
       };
     };
+
+    custom.services.resticBackups.actual = lib.mkIf cfg.doBackups {
+      conflictingService = "actual.service";
+      extraConfig.paths = [ config.services.actual.settings.dataDir ];
+    };
   };
 }

modules/system/services/actualbudget/backups.nix

@@ -1,11 +0,0 @@
-{ config, lib, ... }:
-{
-  options.custom.services.actualbudget.backups.enable = lib.mkEnableOption "";
-
-  config = lib.mkIf config.custom.services.actualbudget.backups.enable {
-    custom.services.resticBackups.actual = {
-      conflictingService = "actual.service";
-      extraConfig.paths = [ config.services.actual.settings.dataDir ];
-    };
-  };
-}

modules/system/services/forgejo/backups.nix

@@ -1,11 +0,0 @@
-{ config, lib, ... }:
-{
-  options.custom.services.forgejo.backups.enable = lib.mkEnableOption "";
-
-  config = lib.mkIf config.custom.services.forgejo.backups.enable {
-    custom.services.resticBackups.forgejo = {
-      conflictingService = "forgejo.service";
-      extraConfig.paths = [ config.services.forgejo.stateDir ];
-    };
-  };
-}

modules/system/services/forgejo/default.nix

@@ -6,6 +6,7 @@
 }:
 let
   cfg = config.custom.services.forgejo;
+  originalCfg = config.services.forgejo;
 
   user = config.users.users.forgejo.name;
   inherit (config.users.users.forgejo) group;
@@ -13,6 +14,7 @@ in
 {
   options.custom.services.forgejo = {
     enable = lib.mkEnableOption "";
+    doBackups = lib.mkEnableOption "";
     domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
@@ -67,31 +69,38 @@ in
       };
     };
 
-    systemd.services.forgejo.preStart =
-      let
-        userCmd = "${lib.getExe config.services.forgejo.package} admin user";
-        credentials = lib.concatStringsSep " " [
-          "--username SebastianStork"
-          "--password \"$PASSWORD\""
-        ];
-      in
-      ''
-        PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
+    systemd = {
+      services.forgejo.preStart =
+        let
+          userCmd = "${lib.getExe originalCfg.package} admin user";
+          credentials = lib.concatStringsSep " " [
+            "--username SebastianStork"
+            "--password \"$PASSWORD\""
+          ];
+        in
+        ''
+          PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
 
-        ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
-          || ${userCmd} change-password ${credentials} --must-change-password=false
-      '';
-
-    systemd.tmpfiles.rules =
-      let
-        disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
-          User-agent: *
-          Disallow: /
+          ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
+            || ${userCmd} change-password ${credentials} --must-change-password=false
         '';
-      in
-      [
-        "d ${config.services.forgejo.customDir}/public 750 ${user} ${group} - -"
-        "L+ ${config.services.forgejo.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
-      ];
+
+      tmpfiles.rules =
+        let
+          disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
+            User-agent: *
+            Disallow: /
+          '';
+        in
+        [
+          "d ${originalCfg.customDir}/public 750 ${user} ${group} - -"
+          "L+ ${originalCfg.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
+        ];
+    };
+
+    custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups {
+      conflictingService = "forgejo.service";
+      extraConfig.paths = [ originalCfg.stateDir ];
+    };
   };
 }

modules/system/services/hedgedoc.nix

@@ -14,6 +14,7 @@ in
 {
   options.custom.services.hedgedoc = {
     enable = lib.mkEnableOption "";
+    doBackups = lib.mkEnableOption "";
     domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
@@ -79,5 +80,13 @@ in
     };
 
     environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}";
+
+    custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups {
+      conflictingService = "hedgedoc.service";
+      extraConfig.paths = with config.services.hedgedoc.settings; [
+        uploadsPath
+        db.storage
+      ];
+    };
   };
 }

modules/system/services/hedgedoc/backups.nix

@@ -1,14 +0,0 @@
-{ config, lib, ... }:
-{
-  options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption "";
-
-  config = lib.mkIf config.custom.services.hedgedoc.backups.enable {
-    custom.services.resticBackups.hedgedoc = {
-      conflictingService = "hedgedoc.service";
-      extraConfig.paths = with config.services.hedgedoc.settings; [
-        uploadsPath
-        db.storage
-      ];
-    };
-  };
-}

modules/system/services/nextcloud/backups.nix

@@ -9,18 +9,20 @@ let
 
   user = config.users.users.nextcloud.name;
   dataDir = config.services.nextcloud.home;
+
+  nextcloud-occ = lib.getExe' config.services.nextcloud.occ "nextcloud-occ";
 in
 {
-  options.custom.services.nextcloud.backups.enable = lib.mkEnableOption "";
+  options.custom.services.nextcloud.doBackups = lib.mkEnableOption "";
 
-  config = lib.mkIf cfg.backups.enable {
+  config = lib.mkIf cfg.doBackups {
     custom.services.resticBackups.nextcloud = {
       extraConfig = {
         backupPrepareCommand = ''
-          ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on
+          ${nextcloud-occ} maintenance:mode --on
           ${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump
         '';
-        backupCleanupCommand = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off";
+        backupCleanupCommand = "${nextcloud-occ} maintenance:mode --off";
         paths = [
           "${dataDir}/data"
           "${dataDir}/config/config.php"
@@ -29,10 +31,10 @@ in
       };
 
       restoreCommand = {
-        preRestore = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on";
+        preRestore = "${nextcloud-occ} maintenance:mode --on";
         postRestore = ''
           sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump
-          ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off
+          ${nextcloud-occ} maintenance:mode --off
         '';
       };
     };

modules/system/services/syncthing.nix

@@ -12,6 +12,7 @@ in
   options.custom.services.syncthing = {
     enable = lib.mkEnableOption "";
     isServer = lib.mkEnableOption "";
+    doBackups = lib.mkEnableOption "";
     deviceId = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
@@ -38,6 +39,10 @@ in
         assertion = tailscaleCfg.enable;
         message = "syncthing requires tailscale";
       }
+      {
+        assertion = cfg.doBackups -> cfg.isServer;
+        message = "syncthing backups can only be performed on a server";
+      }
     ];
 
     meta.ports.list = [
@@ -97,5 +102,10 @@ in
         };
       };
     };
+
+    custom.services.resticBackups.syncthing = lib.mkIf cfg.doBackups {
+      conflictingService = "syncthing.service";
+      extraConfig.paths = [ config.services.syncthing.dataDir ];
+    };
   };
 }

modules/system/services/syncthing/backups.nix

@@ -1,21 +0,0 @@
-{ config, lib, ... }:
-let
-  cfg = config.custom.services.syncthing;
-in
-{
-  options.custom.services.syncthing.backups.enable = lib.mkEnableOption "";
-
-  config = lib.mkIf cfg.backups.enable {
-    assertions = [
-      {
-        assertion = cfg.isServer;
-        message = "syncthing backups can only be made on a server";
-      }
-    ];
-
-    custom.services.resticBackups.syncthing = {
-      conflictingService = "syncthing.service";
-      extraConfig.paths = [ config.services.syncthing.dataDir ];
-    };
-  };
-}