Rename option "backups.enable" to "doBackups"

2026-01-21 21:01:34 +01:00 · 2025-06-30 23:56:52 +02:00 · 2025-06-30 23:56:52 +02:00 · 4f5db50ca1
commit 4f5db50ca1
parent 6bd3313e55
11 changed files with 71 additions and 92 deletions
--- a/hosts/alto/default.nix
+++ b/hosts/alto/default.nix
@ -19,19 +19,19 @@
      syncthing = {
        enable = true;
        isServer = true;
        doBackups = true;
        deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
        gui.domain = "syncthing.${config.custom.services.tailscale.domain}";
        backups.enable = true;
      };
      nextcloud = {
        enable = true;
        doBackups = true;
        domain = "cloud.${config.custom.services.tailscale.domain}";
        backups.enable = true;
      };
      actualbudget = {
        enable = true;
        doBackups = true;
        domain = "budget.${config.custom.services.tailscale.domain}";
        backups.enable = true;
      };
      caddy.virtualHosts = {
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@ -27,8 +27,8 @@
      hedgedoc = {
        enable = true;
        doBackups = true;
        domain = "docs.sprouted.cloud";
        backups.enable = true;
      };
      it-tools = {
        enable = true;
@ -36,9 +36,9 @@
      };
      forgejo = {
        enable = true;
        doBackups = true;
        domain = "git.sstork.dev";
        ssh.enable = true;
        backups.enable = true;
      };
      caddy.virtualHosts = {
--- a/modules/system/services/actualbudget/default.nix
+++ b/modules/system/services/actualbudget/default.nix
@ -5,6 +5,7 @@ in
 {
  options.custom.services.actualbudget = {
    enable = lib.mkEnableOption "";
    doBackups = lib.mkEnableOption "";
    domain = lib.mkOption {
      type = lib.types.nonEmptyStr;
      default = "";
@ -25,5 +26,10 @@ in
        inherit (cfg) port;
      };
    };
    custom.services.resticBackups.actual = lib.mkIf cfg.doBackups {
      conflictingService = "actual.service";
      extraConfig.paths = [ config.services.actual.settings.dataDir ];
    };
  };
 }
--- a/modules/system/services/actualbudget/backups.nix
+++ b/modules/system/services/actualbudget/backups.nix
@ -1,11 +0,0 @@
 { config, lib, ... }:
 {
  options.custom.services.actualbudget.backups.enable = lib.mkEnableOption "";
  config = lib.mkIf config.custom.services.actualbudget.backups.enable {
    custom.services.resticBackups.actual = {
      conflictingService = "actual.service";
      extraConfig.paths = [ config.services.actual.settings.dataDir ];
    };
  };
 }
--- a/modules/system/services/forgejo/backups.nix
+++ b/modules/system/services/forgejo/backups.nix
@ -1,11 +0,0 @@
 { config, lib, ... }:
 {
  options.custom.services.forgejo.backups.enable = lib.mkEnableOption "";
  config = lib.mkIf config.custom.services.forgejo.backups.enable {
    custom.services.resticBackups.forgejo = {
      conflictingService = "forgejo.service";
      extraConfig.paths = [ config.services.forgejo.stateDir ];
    };
  };
 }
--- a/modules/system/services/forgejo/default.nix
+++ b/modules/system/services/forgejo/default.nix
@ -6,6 +6,7 @@
 }:
 let
  cfg = config.custom.services.forgejo;
  originalCfg = config.services.forgejo;
  user = config.users.users.forgejo.name;
  inherit (config.users.users.forgejo) group;
@ -13,6 +14,7 @@ in
 {
  options.custom.services.forgejo = {
    enable = lib.mkEnableOption "";
    doBackups = lib.mkEnableOption "";
    domain = lib.mkOption {
      type = lib.types.nonEmptyStr;
      default = "";
@ -67,31 +69,38 @@ in
      };
    };
-    systemd.services.forgejo.preStart =
+    systemd = {
-      let
+      services.forgejo.preStart =
-        userCmd = "${lib.getExe config.services.forgejo.package} admin user";
+        let
-        credentials = lib.concatStringsSep " " [
+          userCmd = "${lib.getExe originalCfg.package} admin user";
-          "--username SebastianStork"
+          credentials = lib.concatStringsSep " " [
-          "--password \"$PASSWORD\""
+            "--username SebastianStork"
-        ];
+            "--password \"$PASSWORD\""
-      in
+          ];
-      ''
+        in
-        PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
+        ''
          PASSWORD="$(< ${config.sops.secrets."forgejo/admin-password".path})"
-        ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
+          ${userCmd} create ${credentials} --email "sebastian.stork@pm.me" --admin \
-          || ${userCmd} change-password ${credentials} --must-change-password=false
+            || ${userCmd} change-password ${credentials} --must-change-password=false
      '';
    systemd.tmpfiles.rules =
      let
        disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
          User-agent: *
          Disallow: /
        '';
-      in
+
-      [
+      tmpfiles.rules =
-        "d ${config.services.forgejo.customDir}/public 750 ${user} ${group} - -"
+        let
-        "L+ ${config.services.forgejo.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
+          disallow-all-robots = pkgs.writeText "disallow-all-robots.txt" ''
-      ];
+            User-agent: *
            Disallow: /
          '';
        in
        [
          "d ${originalCfg.customDir}/public 750 ${user} ${group} - -"
          "L+ ${originalCfg.customDir}/public/robots.txt 750 - - - ${disallow-all-robots}"
        ];
    };
    custom.services.resticBackups.forgejo = lib.mkIf cfg.doBackups {
      conflictingService = "forgejo.service";
      extraConfig.paths = [ originalCfg.stateDir ];
    };
  };
 }
--- a/modules/system/services/hedgedoc/default.nix
+++ b/modules/system/services/hedgedoc/default.nix
@ -14,6 +14,7 @@ in
 {
  options.custom.services.hedgedoc = {
    enable = lib.mkEnableOption "";
    doBackups = lib.mkEnableOption "";
    domain = lib.mkOption {
      type = lib.types.nonEmptyStr;
      default = "";
@ -79,5 +80,13 @@ in
    };
    environment.shellAliases.hedgedoc-manage-users = "sudo --user=${user} ${manage_users}";
    custom.services.resticBackups.hedgedoc = lib.mkIf cfg.doBackups {
      conflictingService = "hedgedoc.service";
      extraConfig.paths = with config.services.hedgedoc.settings; [
        uploadsPath
        db.storage
      ];
    };
  };
 }
--- a/modules/system/services/hedgedoc/backups.nix
+++ b/modules/system/services/hedgedoc/backups.nix
@ -1,14 +0,0 @@
 { config, lib, ... }:
 {
  options.custom.services.hedgedoc.backups.enable = lib.mkEnableOption "";
  config = lib.mkIf config.custom.services.hedgedoc.backups.enable {
    custom.services.resticBackups.hedgedoc = {
      conflictingService = "hedgedoc.service";
      extraConfig.paths = with config.services.hedgedoc.settings; [
        uploadsPath
        db.storage
      ];
    };
  };
 }
--- a/modules/system/services/nextcloud/backups.nix
+++ b/modules/system/services/nextcloud/backups.nix
@ -9,18 +9,20 @@ let
  user = config.users.users.nextcloud.name;
  dataDir = config.services.nextcloud.home;
  nextcloud-occ = lib.getExe' config.services.nextcloud.occ "nextcloud-occ";
 in
 {
-  options.custom.services.nextcloud.backups.enable = lib.mkEnableOption "";
+  options.custom.services.nextcloud.doBackups = lib.mkEnableOption "";
-  config = lib.mkIf cfg.backups.enable {
+  config = lib.mkIf cfg.doBackups {
    custom.services.resticBackups.nextcloud = {
      extraConfig = {
        backupPrepareCommand = ''
-          ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on
+          ${nextcloud-occ} maintenance:mode --on
          ${lib.getExe pkgs.sudo} --user=${user} ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/db.dump
        '';
-        backupCleanupCommand = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off";
+        backupCleanupCommand = "${nextcloud-occ} maintenance:mode --off";
        paths = [
          "${dataDir}/data"
          "${dataDir}/config/config.php"
@ -29,10 +31,10 @@ in
      };
      restoreCommand = {
-        preRestore = "${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on";
+        preRestore = "${nextcloud-occ} maintenance:mode --on";
        postRestore = ''
          sudo --user=${user} pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/db.dump
-          ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off
+          ${nextcloud-occ} maintenance:mode --off
        '';
      };
    };
--- a/modules/system/services/syncthing/default.nix
+++ b/modules/system/services/syncthing/default.nix
@ -12,6 +12,7 @@ in
  options.custom.services.syncthing = {
    enable = lib.mkEnableOption "";
    isServer = lib.mkEnableOption "";
    doBackups = lib.mkEnableOption "";
    deviceId = lib.mkOption {
      type = lib.types.nonEmptyStr;
      default = "";
@ -38,6 +39,10 @@ in
        assertion = tailscaleCfg.enable;
        message = "syncthing requires tailscale";
      }
      {
        assertion = cfg.doBackups -> cfg.isServer;
        message = "syncthing backups can only be performed on a server";
      }
    ];
    meta.ports.list = [
@ -97,5 +102,10 @@ in
        };
      };
    };
    custom.services.resticBackups.syncthing = lib.mkIf cfg.doBackups {
      conflictingService = "syncthing.service";
      extraConfig.paths = [ config.services.syncthing.dataDir ];
    };
  };
 }
--- a/modules/system/services/syncthing/backups.nix
+++ b/modules/system/services/syncthing/backups.nix
@ -1,21 +0,0 @@
 { config, lib, ... }:
 let
  cfg = config.custom.services.syncthing;
 in
 {
  options.custom.services.syncthing.backups.enable = lib.mkEnableOption "";
  config = lib.mkIf cfg.backups.enable {
    assertions = [
      {
        assertion = cfg.isServer;
        message = "syncthing backups can only be made on a server";
      }
    ];
    custom.services.resticBackups.syncthing = {
      conflictingService = "syncthing.service";
      extraConfig.paths = [ config.services.syncthing.dataDir ];
    };
  };
 }