infra/nix/os/containers/backup.nix

{
  config,
  hostAddress,
  localAddress,
  subvolumes,
  targetPathSuffix ? "",
  autoStart ? false,
}:
let
  passwords = import ../../variables/passwords.crypt.nix;
  subvolumeParentDir = "/var/lib/container-volumes";
in
{
  config =
    { pkgs, ... }:
    {
      system.stateVersion = "20.03"; # Did you read the comment?

      imports = [ ../profiles/containers/configuration.nix ];

      environment.systemPackages = with pkgs; [
        btrfs-progs
        btrbk
      ];

      networking.firewall.enable = true;

      systemd.services."bkp-sync" = {
        enable = true;
        description = "bkp-sync service";

        serviceConfig = {
          Type = "oneshot";
        };

        after = [ "bkp-run.service" ];

        requires = [ "bkp-run.service" ];

        path = with pkgs; [ utillinux ];
        script = ''
          set -x
          true
        '';
      };

      systemd.services."bkp-run" = {
        enable = true;
        description = "bkp-run";

        serviceConfig = {
          Type = "oneshot";
        };

        partOf = [ "bkp-sync.service" ];

        path = with pkgs; [
          btrfs-progs
          btrbk
          coreutils
        ];

        script =
          let
            btrbkConf = pkgs.writeText "cfg" ''
              timestamp_format long
              ssh_identity ${passwords.storage.backupTarget.keyPath}
              ssh_user ${passwords.storage.backupTarget.user}
              ssh_compression no
              backend_remote btrfs-progs-sudo
              compat_remote busybox
              btrfs_commit_delete each
              snapshot_create onchange
              snapshot_preserve_min latest
              snapshot_preserve 7d 4w
              target_preserve_min latest
              target_preserve 7d 4w 12m *y

              volume ${subvolumeParentDir}
                target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
              ${builtins.foldl' (sum: elem: sum + "  subvolume " + elem + "\n") "" subvolumes}
            '';
          in
          ''
            #! ${pkgs.bash}/bin/bash
            set -Eeuxo pipefail

            btrbk -c ${btrbkConf} --progress ''${@:-run}
          '';
      };

      systemd.timers."bkp" = {
        description = "Timer to trigger bkp periodically";
        enable = true;
        wantedBy = [
          "timer.target"
          "multi-user.target"
        ];
        timerConfig = {
          # Obtained using `systemd-analyze calendar "Wed 23:00"`
          # OnCalendar = "Wed *-*-* 23:00:00";
          OnStartupSec = "1m";
          Unit = "bkp-sync.service";
          OnUnitInactiveSec = "2h";
          Persistent = "true";
        };
      };
    };

  inherit autoStart;

  bindMounts = {
    "${subvolumeParentDir}" = {
      hostPath = subvolumeParentDir;
      isReadOnly = false;
    };

    "/etc/secrets/" = {
      hostPath = "/var/lib/container-volumes/backup/etc-secrets";
      isReadOnly = true;
    };

    "/dev/fuse" = {
      hostPath = "/dev/fuse";
      isReadOnly = false;
    };
  };

  allowedDevices = [
    {
      node = "/dev/fuse";
      modifier = "rw";
    }
  ];

  extraFlags = [ "--resolv-conf=bind-host" ];

  privateNetwork = true;
  forwardPorts = [ ];

  inherit hostAddress localAddress;
}
chore: format with alejandra 2023-02-07 18:24:28 +01:00			`{`
			`config,`
			`hostAddress,`
			`localAddress,`
			`subvolumes,`
			`targetPathSuffix ? "",`
			`autoStart ? false,`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`}:`
			`let`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`passwords = import ../../variables/passwords.crypt.nix;`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`subvolumeParentDir = "/var/lib/container-volumes";`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`in`
			`{`
			`config =`
			`{ pkgs, ... }:`
			`{`
			`system.stateVersion = "20.03"; # Did you read the comment?`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`imports = [ ../profiles/containers/configuration.nix ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`environment.systemPackages = with pkgs; [`
			`btrfs-progs`
			`btrbk`
			`];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`networking.firewall.enable = true;`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`systemd.services."bkp-sync" = {`
			`enable = true;`
			`description = "bkp-sync service";`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`serviceConfig = {`
			`Type = "oneshot";`
			`};`
format fix 2019-02-17 10:03:08 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`after = [ "bkp-run.service" ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`requires = [ "bkp-run.service" ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`path = with pkgs; [ utillinux ];`
			`script = ''`
			`set -x`
			`true`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`'';`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`};`
nix/os/containers/backup: add common safety options to shell script 2020-03-15 09:55:59 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`systemd.services."bkp-run" = {`
			`enable = true;`
			`description = "bkp-run";`

			`serviceConfig = {`
			`Type = "oneshot";`
			`};`

			`partOf = [ "bkp-sync.service" ];`

			`path = with pkgs; [`
			`btrfs-progs`
			`btrbk`
			`coreutils`
			`];`

			`script =`
			`let`
			`btrbkConf = pkgs.writeText "cfg" ''`
			`timestamp_format long`
			`ssh_identity ${passwords.storage.backupTarget.keyPath}`
			`ssh_user ${passwords.storage.backupTarget.user}`
			`ssh_compression no`
			`backend_remote btrfs-progs-sudo`
			`compat_remote busybox`
			`btrfs_commit_delete each`
			`snapshot_create onchange`
			`snapshot_preserve_min latest`
			`snapshot_preserve 7d 4w`
			`target_preserve_min latest`
			`target_preserve 7d 4w 12m *y`

			`volume ${subvolumeParentDir}`
			`target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}`
			`${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes}`
			`'';`
			`in`
			`''`
			`#! ${pkgs.bash}/bin/bash`
			`set -Eeuxo pipefail`

			`btrbk -c ${btrbkConf} --progress ''${@:-run}`
			`'';`
			`};`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`systemd.timers."bkp" = {`
			`description = "Timer to trigger bkp periodically";`
			`enable = true;`
			`wantedBy = [`
			`"timer.target"`
			`"multi-user.target"`
			`];`
			`timerConfig = {`
			# Obtained using `systemd-analyze calendar "Wed 23:00"`
			`# OnCalendar = "Wed --* 23:00:00";`
			`OnStartupSec = "1m";`
			`Unit = "bkp-sync.service";`
			`OnUnitInactiveSec = "2h";`
			`Persistent = "true";`
			`};`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`};`
			`};`

[WIP] feat: migrate containers to vmd102066 2022-11-03 16:48:06 +01:00			`inherit autoStart;`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
			`bindMounts = {`
			`"${subvolumeParentDir}" = {`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`hostPath = subvolumeParentDir;`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`isReadOnly = false;`
			`};`

run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`"/etc/secrets/" = {`
			`hostPath = "/var/lib/container-volumes/backup/etc-secrets";`
			`isReadOnly = true;`
			`};`

nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`"/dev/fuse" = {`
			`hostPath = "/dev/fuse";`
			`isReadOnly = false;`
			`};`
			`};`

chore: format with alejandra 2023-02-07 18:24:28 +01:00			`allowedDevices = [`
			`{`
			`node = "/dev/fuse";`
			`modifier = "rw";`
			`}`
			`];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`extraFlags = [ "--resolv-conf=bind-host" ];`
chore: nixfmt * 2022-10-31 11:04:38 +01:00
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`privateNetwork = true;`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`forwardPorts = [ ];`
containers: make all variables explicit Instead of merging the argument set just make all arguments explicit. 2020-09-15 17:21:28 +02:00
			`inherit hostAddress localAddress;`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`}`