infra/nix/os/containers/backup.nix

{ config, ... } @ args:

let
  unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };

  passwords = import ../../variables/passwords.crypt.nix;
  bucket = "bkp";
  subvolumeParentDir = "/var/lib";

  subvolumeDir = "/var/lib/container-volumes";
  subvolumeSnapshot = "/var/lib/container-volumes.snapshot";

  bkpSource = subvolumeSnapshot;
  bkpDestination = "/container/backup";
  cacheDir = "/var/lib/rclone-cachedir";

  wasabiRc = pkgs: pkgs.writeText "rc" ''
    [wasabi-${bucket}]
    type = s3
    provider = Wasabi
    env_auth = false

    #bkp user
    access_key_id = ${passwords.storage.wasabi.bkp.key}
    secret_access_key = ${passwords.storage.wasabi.bkp.secret}

    region = us-east-1
    endpoint = s3.wasabisys.com
    location_constraint =
    acl =
    server_side_encryption =
    storage_class =
  '';


  bkp-mount-rclone-manual = pkgs: {
      enable = true;
      description = "bkp-mount-rclone-manual service";
      path = with pkgs; [ unstablepkgs.rclone utillinux ];
      serviceConfig = {
        Type = "notify";
      };
      script = ''
        export PATH="$PATH:/run/wrappers/bin"
        exec rclone --config ${wasabiRc pkgs} mount wasabi-${bucket}:${bucket} ${bkpDestination} \
                    --stats=1m --stats-log-level=NOTICE \
                    --cache-dir=${cacheDir} \
                    --vfs-cache-mode=full

      '';
      preStart  = ''
          mkdir -p ${bkpDestination}
          mkdir -p ${cacheDir}
      '';
      postStop = ''
          sync
          umount ${bkpDestination} \
            || umount -l ${bkpDestination} \
            || :

          rmdir ${bkpDestination}
      '';
    };


in args // {
  config = { pkgs, ... }: {
    imports = [
      ../profiles/containers/configuration.nix
    ];

    environment.systemPackages = with pkgs; [
      btrfs-progs
      rdup rdedup
      iptraf-ng nethogs
      rclone
    ];

    networking.firewall.enable = true;

    systemd.services."bkp-mount-rclone-manual" = bkp-mount-rclone-manual pkgs;

    systemd.services."bkp-sync-rclone" = {
      enable = true;
      description = "bkp-sync-rclone service";

      serviceConfig = {
        Type = "oneshot";
      };

      after = [
        "bkp-run.service"
      ];

      requires = [
        "bkp-run.service"
      ];

      path = with pkgs; [ unstablepkgs.rclone utillinux ];
      script = ''
        set -x
        echo Starting rclone sync...
        rclone --config ${wasabiRc pkgs} sync \
          ${bkpDestination}/rdedup/ wasabi-${bucket}:${bucket}/rdedup/  \
            --stats=1m --stats-log-level=NOTICE
        echo Finished rclone sync...
      '';
    };

    systemd.services."bkp-run" = {
      enable = true;
      description = "bkp-run";

      serviceConfig = {
        Type = "oneshot";
      };

      partOf = [
        "bkp-sync-rclone.service"
      ];

      path = with pkgs; [ btrfs-progs rdup rdedup coreutils ];
      preStart = ''
        echo Creating new btrfs snapshot of ${subvolumeDir} at ${subvolumeSnapshot}
        btrfs subvolume snapshot -r ${subvolumeDir} ${subvolumeSnapshot}
      '';
      script = ''
        #! ${pkgs.bash}/bin/bash
        set -Eeuxo pipefail

        export RUST_BACKTRACE=1
        export TIMESTAMP=$(date +"%Y%m%d.%H%M%S")

        echo Starting rdup/rdedup backup...
        for d in `ls -1 ${bkpSource}`; do
          echo Determining backup source size ${bkpSource}/$d...
          du -hs ${bkpSource}/$d
          rdup -x /dev/null ${bkpSource}/$d | rdedup -v -ttt --dir=${bkpDestination}/rdedup store $d-''${TIMESTAMP}
        done
        sync
        echo Finished rdup/rdedup backup...
        echo Determining backup destination size ${bkpDestination}/rdedup...
        du -hs ${bkpDestination}/rdedup
      '';
      postStop = ''
        btrfs subvolume delete ${subvolumeSnapshot}
      '';
    };

    systemd.timers."bkp" = {
      description = "Timer to trigger bkp periodically";
      enable = true;
      wantedBy = [ "timer.target" "multi-user.target" ];
      timerConfig = {
        OnCalendar = "23:00";
        Unit = "bkp-sync-rclone.service";
        # OnActiveSec="1s";
        # OnUnitInactiveSec="12h";
        # AccuracySec="5s";
      };
    };
  };

  autoStart = true;

  bindMounts = {
    "${subvolumeParentDir}" = {
      hostPath = "/var/lib/";
      isReadOnly = false;
    };

    "/dev/fuse" = {
      hostPath = "/dev/fuse";
      isReadOnly = false;
    };
  };

  allowedDevices = [
    { node = "/dev/fuse"; modifier = "rw"; }
  ];

  privateNetwork = true;
  forwardPorts = [
  ];
}
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`{ config, ... } @ args:`

			`let`
			`unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };`

			`passwords = import ../../variables/passwords.crypt.nix;`
			`bucket = "bkp";`
			`subvolumeParentDir = "/var/lib";`

			`subvolumeDir = "/var/lib/container-volumes";`
			`subvolumeSnapshot = "/var/lib/container-volumes.snapshot";`

			`bkpSource = subvolumeSnapshot;`
			`bkpDestination = "/container/backup";`
			`cacheDir = "/var/lib/rclone-cachedir";`

			`wasabiRc = pkgs: pkgs.writeText "rc" ''`
			`[wasabi-${bucket}]`
			`type = s3`
			`provider = Wasabi`
			`env_auth = false`

			`#bkp user`
			`access_key_id = ${passwords.storage.wasabi.bkp.key}`
			`secret_access_key = ${passwords.storage.wasabi.bkp.secret}`

			`region = us-east-1`
			`endpoint = s3.wasabisys.com`
			`location_constraint =`
			`acl =`
			`server_side_encryption =`
			`storage_class =`
			`'';`


			`bkp-mount-rclone-manual = pkgs: {`
			`enable = true;`
			`description = "bkp-mount-rclone-manual service";`
			`path = with pkgs; [ unstablepkgs.rclone utillinux ];`
			`serviceConfig = {`
			`Type = "notify";`
			`};`
			`script = ''`
			`export PATH="$PATH:/run/wrappers/bin"`
			`exec rclone --config ${wasabiRc pkgs} mount wasabi-${bucket}:${bucket} ${bkpDestination} \`
			`--stats=1m --stats-log-level=NOTICE \`
			`--cache-dir=${cacheDir} \`
			`--vfs-cache-mode=full`

			`'';`
			`preStart = ''`
			`mkdir -p ${bkpDestination}`
			`mkdir -p ${cacheDir}`
			`'';`
			`postStop = ''`
			`sync`
			`umount ${bkpDestination} \`
			`\|\| umount -l ${bkpDestination} \`
			`\|\| :`

			`rmdir ${bkpDestination}`
			`'';`
			`};`


			`in args // {`
			`config = { pkgs, ... }: {`
			`imports = [`
			`../profiles/containers/configuration.nix`
			`];`

			`environment.systemPackages = with pkgs; [`
			`btrfs-progs`
			`rdup rdedup`
			`iptraf-ng nethogs`
			`rclone`
			`];`

			`networking.firewall.enable = true;`

			`systemd.services."bkp-mount-rclone-manual" = bkp-mount-rclone-manual pkgs;`

			`systemd.services."bkp-sync-rclone" = {`
			`enable = true;`
			`description = "bkp-sync-rclone service";`

			`serviceConfig = {`
			`Type = "oneshot";`
			`};`

			`after = [`
			`"bkp-run.service"`
			`];`
format fix 2019-02-17 10:03:08 +01:00
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`requires = [`
			`"bkp-run.service"`
			`];`

			`path = with pkgs; [ unstablepkgs.rclone utillinux ];`
			`script = ''`
			`set -x`
			`echo Starting rclone sync...`
			`rclone --config ${wasabiRc pkgs} sync \`
			`${bkpDestination}/rdedup/ wasabi-${bucket}:${bucket}/rdedup/ \`
			`--stats=1m --stats-log-level=NOTICE`
			`echo Finished rclone sync...`
			`'';`
			`};`

			`systemd.services."bkp-run" = {`
			`enable = true;`
			`description = "bkp-run";`

			`serviceConfig = {`
			`Type = "oneshot";`
			`};`

			`partOf = [`
			`"bkp-sync-rclone.service"`
			`];`

			`path = with pkgs; [ btrfs-progs rdup rdedup coreutils ];`
			`preStart = ''`
			`echo Creating new btrfs snapshot of ${subvolumeDir} at ${subvolumeSnapshot}`
			`btrfs subvolume snapshot -r ${subvolumeDir} ${subvolumeSnapshot}`
			`'';`
			`script = ''`
			`#! ${pkgs.bash}/bin/bash`
nix/os/containers/backup: add common safety options to shell script 2020-03-15 09:55:59 +01:00			`set -Eeuxo pipefail`

nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`export RUST_BACKTRACE=1`
			`export TIMESTAMP=$(date +"%Y%m%d.%H%M%S")`

			`echo Starting rdup/rdedup backup...`
			for d in `ls -1 ${bkpSource}`; do
			`echo Determining backup source size ${bkpSource}/$d...`
			`du -hs ${bkpSource}/$d`
			`rdup -x /dev/null ${bkpSource}/$d \| rdedup -v -ttt --dir=${bkpDestination}/rdedup store $d-''${TIMESTAMP}`
			`done`
			`sync`
			`echo Finished rdup/rdedup backup...`
			`echo Determining backup destination size ${bkpDestination}/rdedup...`
			`du -hs ${bkpDestination}/rdedup`
			`'';`
			`postStop = ''`
			`btrfs subvolume delete ${subvolumeSnapshot}`
			`'';`
			`};`

			`systemd.timers."bkp" = {`
			`description = "Timer to trigger bkp periodically";`
			`enable = true;`
			`wantedBy = [ "timer.target" "multi-user.target" ];`
			`timerConfig = {`
			`OnCalendar = "23:00";`
			`Unit = "bkp-sync-rclone.service";`
			`# OnActiveSec="1s";`
			`# OnUnitInactiveSec="12h";`
			`# AccuracySec="5s";`
			`};`
			`};`
			`};`

			`autoStart = true;`

			`bindMounts = {`
			`"${subvolumeParentDir}" = {`
			`hostPath = "/var/lib/";`
			`isReadOnly = false;`
			`};`

			`"/dev/fuse" = {`
			`hostPath = "/dev/fuse";`
			`isReadOnly = false;`
			`};`
			`};`

			`allowedDevices = [`
			`{ node = "/dev/fuse"; modifier = "rw"; }`
			`];`

			`privateNetwork = true;`
			`forwardPorts = [`
			`];`
			`}`