infra/nix/os/containers/backup.nix

<<<<<<< HEAD
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:
=======
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? ""
, autoStart ? false }:
>>>>>>> 82ff04b (chore: nixfmt *)

let
  passwords = import ../../variables/passwords.crypt.nix;
  subvolumeParentDir = "/var/lib/container-volumes";

in {
  config = { pkgs, ... }: {
    system.stateVersion = "20.03"; # Did you read the comment?

    imports = [ ../profiles/containers/configuration.nix ];

    environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];

    networking.firewall.enable = true;

    systemd.services."bkp-sync" = {
      enable = true;
      description = "bkp-sync service";

      serviceConfig = { Type = "oneshot"; };

      after = [ "bkp-run.service" ];

      requires = [ "bkp-run.service" ];

      path = with pkgs; [ utillinux ];
      script = ''
        set -x
        true
      '';
    };

    systemd.services."bkp-run" = {
      enable = true;
      description = "bkp-run";

      serviceConfig = { Type = "oneshot"; };

      partOf = [ "bkp-sync.service" ];

      path = with pkgs; [ btrfs-progs btrbk coreutils ];

      script = let
        btrbkConf = pkgs.writeText "cfg" ''
          timestamp_format long
          ssh_identity ${passwords.storage.backupTarget.keyPath}
          ssh_user ${passwords.storage.backupTarget.user}
          ssh_compression no
          backend_remote btrfs-progs-sudo
          compat_remote busybox
          btrfs_commit_delete each
          snapshot_create onchange
          snapshot_preserve_min latest
          snapshot_preserve 7d 4w
          target_preserve_min latest
          target_preserve 7d 4w 12m *y

          volume ${subvolumeParentDir}
            target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
          ${builtins.foldl' (sum: elem: sum + "  subvolume " + elem + "\n") ""
          subvolumes}
        '';
      in ''
        #! ${pkgs.bash}/bin/bash
        set -Eeuxo pipefail

        btrbk -c ${btrbkConf} --progress ''${@:-run}
      '';
    };

    systemd.timers."bkp" = {
      description = "Timer to trigger bkp periodically";
      enable = true;
      wantedBy = [ "timer.target" "multi-user.target" ];
      timerConfig = {
        # Obtained using `systemd-analyze calendar "Wed 23:00"`
        # OnCalendar = "Wed *-*-* 23:00:00";
        OnStartupSec = "1m";
        Unit = "bkp-sync.service";
        OnUnitInactiveSec = "2h";
        Persistent = "true";
      };
    };
  };

  autoStart = true;

  bindMounts = {
    "${subvolumeParentDir}" = {
      hostPath = subvolumeParentDir;
      isReadOnly = false;
    };

    "/etc/secrets/" = {
      hostPath = "/var/lib/container-volumes/backup/etc-secrets";
      isReadOnly = true;
    };

    "/dev/fuse" = {
      hostPath = "/dev/fuse";
      isReadOnly = false;
    };
  };

  allowedDevices = [{
    node = "/dev/fuse";
    modifier = "rw";
  }];

<<<<<<< HEAD
=======
  extraFlags = [ "--resolv-conf=bind-host" ];

>>>>>>> 82ff04b (chore: nixfmt *)
  privateNetwork = true;
  forwardPorts = [ ];

  inherit hostAddress localAddress;
}
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`<<<<<<< HEAD`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`=======`
			`{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? ""`
			`, autoStart ? false }:`
			`>>>>>>> 82ff04b (chore: nixfmt *)`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
			`let`
			`passwords = import ../../variables/passwords.crypt.nix;`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`subvolumeParentDir = "/var/lib/container-volumes";`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
containers: make all variables explicit Instead of merging the argument set just make all arguments explicit. 2020-09-15 17:21:28 +02:00			`in {`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`config = { pkgs, ... }: {`
nix/os/devices/srv0.home-ch.stefanjunker.de: bump nixos 21.11 -> 22.05 2022-10-30 16:11:21 +01:00			`system.stateVersion = "20.03"; # Did you read the comment?`

chore: nixfmt * 2022-10-31 11:04:38 +01:00			`imports = [ ../profiles/containers/configuration.nix ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
			`networking.firewall.enable = true;`

run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`systemd.services."bkp-sync" = {`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`enable = true;`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`description = "bkp-sync service";`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`serviceConfig = { Type = "oneshot"; };`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`after = [ "bkp-run.service" ];`
format fix 2019-02-17 10:03:08 +01:00
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`requires = [ "bkp-run.service" ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`path = with pkgs; [ utillinux ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`script = ''`
			`set -x`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`true`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`'';`
			`};`

			`systemd.services."bkp-run" = {`
			`enable = true;`
			`description = "bkp-run";`

chore: nixfmt * 2022-10-31 11:04:38 +01:00			`serviceConfig = { Type = "oneshot"; };`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`partOf = [ "bkp-sync.service" ];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`path = with pkgs; [ btrfs-progs btrbk coreutils ];`

chore: nixfmt * 2022-10-31 11:04:38 +01:00			`script = let`
containers/bkp: always preserve latest backup on target 2021-02-08 12:41:23 +01:00			`btrbkConf = pkgs.writeText "cfg" ''`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`timestamp_format long`
containers/backup-target: init This container is used as a backup target for backing up the other container volumes. 2021-02-09 11:44:44 +01:00			`ssh_identity ${passwords.storage.backupTarget.keyPath}`
			`ssh_user ${passwords.storage.backupTarget.user}`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`ssh_compression no`
			`backend_remote btrfs-progs-sudo`
			`compat_remote busybox`
			`btrfs_commit_delete each`
			`snapshot_create onchange`
			`snapshot_preserve_min latest`
			`snapshot_preserve 7d 4w`
containers/bkp: always preserve latest backup on target 2021-02-08 12:41:23 +01:00			`target_preserve_min latest`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`target_preserve 7d 4w 12m *y`

			`volume ${subvolumeParentDir}`
containers/backup-target: init This container is used as a backup target for backing up the other container volumes. 2021-02-09 11:44:44 +01:00			`target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""`
			`subvolumes}`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`'';`
			`in ''`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`#! ${pkgs.bash}/bin/bash`
nix/os/containers/backup: add common safety options to shell script 2020-03-15 09:55:59 +01:00			`set -Eeuxo pipefail`

containers/bkp: always preserve latest backup on target 2021-02-08 12:41:23 +01:00			`btrbk -c ${btrbkConf} --progress ''${@:-run}`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`'';`
			`};`

			`systemd.timers."bkp" = {`
			`description = "Timer to trigger bkp periodically";`
			`enable = true;`
			`wantedBy = [ "timer.target" "multi-user.target" ];`
			`timerConfig = {`
WIP: reconfigure backup 2020-10-16 09:59:42 +02:00			# Obtained using `systemd-analyze calendar "Wed 23:00"`
			`# OnCalendar = "Wed --* 23:00:00";`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`OnStartupSec = "1m";`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`Unit = "bkp-sync.service";`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`OnUnitInactiveSec = "2h";`
			`Persistent = "true";`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`};`
			`};`
			`};`

			`autoStart = true;`

			`bindMounts = {`
			`"${subvolumeParentDir}" = {`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`hostPath = subvolumeParentDir;`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`isReadOnly = false;`
			`};`

run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`"/etc/secrets/" = {`
			`hostPath = "/var/lib/container-volumes/backup/etc-secrets";`
			`isReadOnly = true;`
			`};`

nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`"/dev/fuse" = {`
			`hostPath = "/dev/fuse";`
			`isReadOnly = false;`
			`};`
			`};`

chore: nixfmt * 2022-10-31 11:04:38 +01:00			`allowedDevices = [{`
			`node = "/dev/fuse";`
			`modifier = "rw";`
			`}];`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`<<<<<<< HEAD`
			`=======`
			`extraFlags = [ "--resolv-conf=bind-host" ];`

			`>>>>>>> 82ff04b (chore: nixfmt *)`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`privateNetwork = true;`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`forwardPorts = [ ];`
containers: make all variables explicit Instead of merging the argument set just make all arguments explicit. 2020-09-15 17:21:28 +02:00
			`inherit hostAddress localAddress;`
nix/containers,vmd32387: add backup container 2019-02-10 13:51:21 +01:00			`}`