From 4f5db50ca16e6eab86c93dc90220ee31b268bc1f Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Mon, 30 Jun 2025 23:56:52 +0200 Subject: [PATCH] Rename option "backups.enable" to "doBackups" --- hosts/alto/default.nix | 6 +- hosts/cirrus/default.nix | 4 +- .../default.nix => actualbudget.nix} | 6 ++ .../system/services/actualbudget/backups.nix | 11 ---- modules/system/services/forgejo/backups.nix | 11 ---- modules/system/services/forgejo/default.nix | 57 +++++++++++-------- .../{hedgedoc/default.nix => hedgedoc.nix} | 9 +++ modules/system/services/hedgedoc/backups.nix | 14 ----- modules/system/services/nextcloud/backups.nix | 14 +++-- .../{syncthing/default.nix => syncthing.nix} | 10 ++++ modules/system/services/syncthing/backups.nix | 21 ------- 11 files changed, 71 insertions(+), 92 deletions(-) rename modules/system/services/{actualbudget/default.nix => actualbudget.nix} (70%) delete mode 100644 modules/system/services/actualbudget/backups.nix delete mode 100644 modules/system/services/forgejo/backups.nix rename modules/system/services/{hedgedoc/default.nix => hedgedoc.nix} (88%) delete mode 100644 modules/system/services/hedgedoc/backups.nix rename modules/system/services/{syncthing/default.nix => syncthing.nix} (87%) delete mode 100644 modules/system/services/syncthing/backups.nix diff --git a/hosts/alto/default.nix b/hosts/alto/default.nix index 2e852cf..d9906b1 100644 --- a/hosts/alto/default.nix +++ b/hosts/alto/default.nix @@ -19,19 +19,19 @@ syncthing = { enable = true; isServer = true; + doBackups = true; deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; gui.domain = "syncthing.${config.custom.services.tailscale.domain}"; - backups.enable = true; }; nextcloud = { enable = true; + doBackups = true; domain = "cloud.${config.custom.services.tailscale.domain}"; - backups.enable = true; }; actualbudget = { enable = true; + doBackups = true; domain = "budget.${config.custom.services.tailscale.domain}"; - backups.enable = true; }; caddy.virtualHosts = { diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix index 5a5eb58..83b5fd6 100644 --- a/hosts/cirrus/default.nix +++ b/hosts/cirrus/default.nix @@ -27,8 +27,8 @@ hedgedoc = { enable = true; + doBackups = true; domain = "docs.sprouted.cloud"; - backups.enable = true; }; it-tools = { enable = true; @@ -36,9 +36,9 @@ }; forgejo = { enable = true; + doBackups = true; domain = "git.sstork.dev"; ssh.enable = true; - backups.enable = true; }; caddy.virtualHosts = { diff --git a/modules/system/services/actualbudget/default.nix b/modules/system/services/actualbudget.nix similarity index 70% rename from modules/system/services/actualbudget/default.nix rename to modules/system/services/actualbudget.nix index cbdeaae..896eed3 100644 --- a/modules/system/services/actualbudget/default.nix +++ b/modules/system/services/actualbudget.nix @@ -5,6 +5,7 @@ in { options.custom.services.actualbudget = { enable = lib.mkEnableOption ""; + doBackups = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; default = ""; @@ -25,5 +26,10 @@ in inherit (cfg) port; }; }; + + custom.services.resticBackups.actual = lib.mkIf cfg.doBackups { + conflictingService = "actual.service"; + extraConfig.paths = [ config.services.actual.settings.dataDir ]; + }; }; } diff --git a/modules/system/services/actualbudget/backups.nix b/modules/system/services/actualbudget/backups.nix deleted file mode 100644 index ecaa677..0000000 --- a/modules/system/services/actualbudget/backups.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: -{ - options.custom.services.actualbudget.backups.enable = lib.mkEnableOption ""; - - config = lib.mkIf config.custom.services.actualbudget.backups.enable { - custom.services.resticBackups.actual = { - conflictingService = "actual.service"; - extraConfig.paths = [ config.services.actual.settings.dataDir ]; - }; - }; -} diff --git a/modules/system/services/forgejo/backups.nix b/modules/system/services/forgejo/backups.nix deleted file mode 100644 index 67e53a6..0000000 --- a/modules/system/services/forgejo/backups.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: -{ - options.custom.services.forgejo.backups.enable = lib.mkEnableOption ""; - - config = lib.mkIf config.custom.services.forgejo.backups.enable { - custom.services.resticBackups.forgejo = { - conflictingService = "forgejo.service"; - extraConfig.paths = [ config.services.forgejo.stateDir ]; - }; - }; -} diff --git a/modules/system/services/forgejo/default.nix b/modules/system/services/forgejo/default.nix index 96cb536..0fd2b0b 100644 --- a/modules/system/services/forgejo/default.nix +++ b/modules/system/services/forgejo/default.nix @@ -6,6 +6,7 @@ }: let cfg = config.custom.services.forgejo; + originalCfg = config.services.forgejo; user = config.users.users.forgejo.name; inherit (config.users.users.forgejo) group; @@ -13,6 +14,7 @@ in { options.custom.services.forgejo = { enable = lib.mkEnableOption ""; + doBackups = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; default = ""; @@ -67,31 +69,38 @@ in }; }; - systemd.services.forgejo.preStart = - let - userCmd = "${lib.getExe config.services.forgejo.package} admin user"; - credentials = lib.concatStringsSep " " [ - "--username SebastianStork" - "--password \"$PASSWORD\"" - ]; - in - '' - PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})" + systemd = { + services.forgejo.preStart = + let + userCmd = "${lib.getExe originalCfg.package} admin user"; + credentials = lib.concatStringsSep " " [ + "--username SebastianStork" + "--password \"$PASSWORD\"" + ]; + in + '' + PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})" - ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \ - || ${userCmd} change-password ${credentials} --must-change-password=false - ''; - - systemd.tmpfiles.rules = - let - disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" '' - User-agent: * - Disallow: / + ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \ + || ${userCmd} change-password ${credentials} --must-change-password=false ''; - in - [ - "d ${config.services.forgejo.customDir}/public 750 ${user} ${group} - -" - "L+ ${config.services.forgejo.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}" - ]; + + tmpfiles.rules = + let + disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" '' + User-agent: * + Disallow: / + ''; + in + [ + "d ${originalCfg.customDir}/public 750 ${user} ${group} - -" + "L+ ${originalCfg.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}" + ]; + }; + + custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups { + conflictingService = "forgejo.service"; + extraConfig.paths = [ originalCfg.stateDir ]; + }; }; } diff --git a/modules/system/services/hedgedoc/default.nix b/modules/system/services/hedgedoc.nix similarity index 88% rename from modules/system/services/hedgedoc/default.nix rename to modules/system/services/hedgedoc.nix index d144347..c1cc4ff 100644 --- a/modules/system/services/hedgedoc/default.nix +++ b/modules/system/services/hedgedoc.nix @@ -14,6 +14,7 @@ in { options.custom.services.hedgedoc = { enable = lib.mkEnableOption ""; + doBackups = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; default = ""; @@ -79,5 +80,13 @@ in }; environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}"; + + custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups { + conflictingService = "hedgedoc.service"; + extraConfig.paths = with config.services.hedgedoc.settings; [ + uploadsPath + db.storage + ]; + }; }; } diff --git a/modules/system/services/hedgedoc/backups.nix b/modules/system/services/hedgedoc/backups.nix deleted file mode 100644 index 7d9b8f5..0000000 --- a/modules/system/services/hedgedoc/backups.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, ... }: -{ - options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption ""; - - config = lib.mkIf config.custom.services.hedgedoc.backups.enable { - custom.services.resticBackups.hedgedoc = { - conflictingService = "hedgedoc.service"; - extraConfig.paths = with config.services.hedgedoc.settings; [ - uploadsPath - db.storage - ]; - }; - }; -} diff --git a/modules/system/services/nextcloud/backups.nix b/modules/system/services/nextcloud/backups.nix index 7fdad6f..19d226a 100644 --- a/modules/system/services/nextcloud/backups.nix +++ b/modules/system/services/nextcloud/backups.nix @@ -9,18 +9,20 @@ let user = config.users.users.nextcloud.name; dataDir = config.services.nextcloud.home; + + nextcloud-occ = lib.getExe' config.services.nextcloud.occ "nextcloud-occ"; in { - options.custom.services.nextcloud.backups.enable = lib.mkEnableOption ""; + options.custom.services.nextcloud.doBackups = lib.mkEnableOption ""; - config = lib.mkIf cfg.backups.enable { + config = lib.mkIf cfg.doBackups { custom.services.resticBackups.nextcloud = { extraConfig = { backupPrepareCommand = '' - ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on + ${nextcloud-occ} maintenance:mode --on ${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump ''; - backupCleanupCommand = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off"; + backupCleanupCommand = "${nextcloud-occ} maintenance:mode --off"; paths = [ "${dataDir}/data" "${dataDir}/config/config.php" @@ -29,10 +31,10 @@ in }; restoreCommand = { - preRestore = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on"; + preRestore = "${nextcloud-occ} maintenance:mode --on"; postRestore = '' sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump - ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off + ${nextcloud-occ} maintenance:mode --off ''; }; }; diff --git a/modules/system/services/syncthing/default.nix b/modules/system/services/syncthing.nix similarity index 87% rename from modules/system/services/syncthing/default.nix rename to modules/system/services/syncthing.nix index 5cea27a..f206ede 100644 --- a/modules/system/services/syncthing/default.nix +++ b/modules/system/services/syncthing.nix @@ -12,6 +12,7 @@ in options.custom.services.syncthing = { enable = lib.mkEnableOption ""; isServer = lib.mkEnableOption ""; + doBackups = lib.mkEnableOption ""; deviceId = lib.mkOption { type = lib.types.nonEmptyStr; default = ""; @@ -38,6 +39,10 @@ in assertion = tailscaleCfg.enable; message = "syncthing requires tailscale"; } + { + assertion = cfg.doBackups -> cfg.isServer; + message = "syncthing backups can only be performed on a server"; + } ]; meta.ports.list = [ @@ -97,5 +102,10 @@ in }; }; }; + + custom.services.resticBackups.syncthing = lib.mkIf cfg.doBackups { + conflictingService = "syncthing.service"; + extraConfig.paths = [ config.services.syncthing.dataDir ]; + }; }; } diff --git a/modules/system/services/syncthing/backups.nix b/modules/system/services/syncthing/backups.nix deleted file mode 100644 index 0449c60..0000000 --- a/modules/system/services/syncthing/backups.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.custom.services.syncthing; -in -{ - options.custom.services.syncthing.backups.enable = lib.mkEnableOption ""; - - config = lib.mkIf cfg.backups.enable { - assertions = [ - { - assertion = cfg.isServer; - message = "syncthing backups can only be made on a server"; - } - ]; - - custom.services.resticBackups.syncthing = { - conflictingService = "syncthing.service"; - extraConfig.paths = [ config.services.syncthing.dataDir ]; - }; - }; -}