nix/containers,vmd32387: add backup container

2019-02-10 13:51:21 +01:00 · 2019-02-10 13:51:21 +01:00 · 088e83dd41
commit 088e83dd41
parent aa01750ed7
3 changed files with 190 additions and 0 deletions
--- a/nix/os/containers/backup.nix
+++ b/nix/os/containers/backup.nix
@ -0,0 +1,184 @@
+{ config, ... } @ args:
+
+let
+  unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };
+
+  passwords = import ../../variables/passwords.crypt.nix;
+  bucket = "bkp";
+  subvolumeParentDir = "/var/lib";
+
+  subvolumeDir = "/var/lib/container-volumes";
+  subvolumeSnapshot = "/var/lib/container-volumes.snapshot";
+
+  bkpSource = subvolumeSnapshot;
+  bkpDestination = "/container/backup";
+  cacheDir = "/var/lib/rclone-cachedir";
+
+  wasabiRc = pkgs: pkgs.writeText "rc" ''
+    [wasabi-${bucket}]
+    type = s3
+    provider = Wasabi
+    env_auth = false
+
+    #bkp user
+    access_key_id = ${passwords.storage.wasabi.bkp.key}
+    secret_access_key = ${passwords.storage.wasabi.bkp.secret}
+
+    region = us-east-1
+    endpoint = s3.wasabisys.com
+    location_constraint =
+    acl =
+    server_side_encryption =
+    storage_class =
+  '';
+
+
+  bkp-mount-rclone-manual = pkgs: {
+      enable = true;
+      description = "bkp-mount-rclone-manual service";
+      path = with pkgs; [ unstablepkgs.rclone utillinux ];
+      serviceConfig = {
+        Type = "notify";
+      };
+      script = ''
+        export PATH="$PATH:/run/wrappers/bin"
+        exec rclone --config ${wasabiRc pkgs} mount wasabi-${bucket}:${bucket} ${bkpDestination} \
+                    --stats=1m --stats-log-level=NOTICE \
+                    --cache-dir=${cacheDir} \
+                    --vfs-cache-mode=full
+
+      '';
+      preStart  = ''
+          mkdir -p ${bkpDestination}
+          mkdir -p ${cacheDir}
+      '';
+      postStop = ''
+          sync
+          umount ${bkpDestination} \
+            || umount -l ${bkpDestination} \
+            || :
+
+          rmdir ${bkpDestination}
+      '';
+    };
+
+
+in args // {
+  config = { pkgs, ... }: {
+    imports = [
+      ../profiles/containers/configuration.nix
+    ];
+
+    environment.systemPackages = with pkgs; [
+      btrfs-progs
+      rdup rdedup
+      iptraf-ng nethogs
+      rclone
+    ];
+
+    networking.firewall.enable = true;
+
+    systemd.services."bkp-mount-rclone-manual" = bkp-mount-rclone-manual pkgs;
+
+    systemd.services."bkp-sync-rclone" = {
+      enable = true;
+      description = "bkp-sync-rclone service";
+
+      serviceConfig = {
+        Type = "oneshot";
+      };
+
+      after = [
+        "bkp-run.service"
+      ];
+      requires = [
+        "bkp-run.service"
+      ];
+
+      path = with pkgs; [ unstablepkgs.rclone utillinux ];
+      script = ''
+        set -x
+        echo Starting rclone sync...
+        rclone --config ${wasabiRc pkgs} sync \
+          ${bkpDestination}/rdedup/ wasabi-${bucket}:${bucket}/rdedup/  \
+            --stats=1m --stats-log-level=NOTICE
+        echo Finished rclone sync...
+      '';
+    };
+
+    systemd.services."bkp-run" = {
+      enable = true;
+      description = "bkp-run";
+
+      serviceConfig = {
+        Type = "oneshot";
+      };
+
+      partOf = [
+        "bkp-sync-rclone.service"
+      ];
+
+      path = with pkgs; [ btrfs-progs rdup rdedup coreutils ];
+      preStart = ''
+        echo Creating new btrfs snapshot of ${subvolumeDir} at ${subvolumeSnapshot}
+        btrfs subvolume snapshot -r ${subvolumeDir} ${subvolumeSnapshot}
+      '';
+      script = ''
+        #! ${pkgs.bash}/bin/bash
+        export RUST_BACKTRACE=1
+        export TIMESTAMP=$(date +"%Y%m%d.%H%M%S")
+
+        echo Starting rdup/rdedup backup...
+        for d in `ls -1 ${bkpSource}`; do
+          echo Determining backup source size ${bkpSource}/$d...
+          du -hs ${bkpSource}/$d
+          set -x
+          rdup -x /dev/null ${bkpSource}/$d | rdedup -v -ttt --dir=${bkpDestination}/rdedup store $d-''${TIMESTAMP}
+          set +x
+        done
+        sync
+        echo Finished rdup/rdedup backup...
+        echo Determining backup destination size ${bkpDestination}/rdedup...
+        du -hs ${bkpDestination}/rdedup
+      '';
+      postStop = ''
+        btrfs subvolume delete ${subvolumeSnapshot}
+      '';
+    };
+
+    systemd.timers."bkp" = {
+      description = "Timer to trigger bkp periodically";
+      enable = true;
+      wantedBy = [ "timer.target" "multi-user.target" ];
+      timerConfig = {
+        OnCalendar = "23:00";
+        Unit = "bkp-sync-rclone.service";
+        # OnActiveSec="1s";
+        # OnUnitInactiveSec="12h";
+        # AccuracySec="5s";
+      };
+    };
+  };
+
+  autoStart = true;
+
+  bindMounts = {
+    "${subvolumeParentDir}" = {
+      hostPath = "/var/lib/";
+      isReadOnly = false;
+    };
+
+    "/dev/fuse" = {
+      hostPath = "/dev/fuse";
+      isReadOnly = false;
+    };
+  };
+
+  allowedDevices = [
+    { node = "/dev/fuse"; modifier = "rw"; }
+  ];
+
+  privateNetwork = true;
+  forwardPorts = [
+  ];
+}