nix/containers,vmd32387: add backup container

2019-02-10 13:51:21 +01:00 · 2019-02-10 13:51:21 +01:00 · 088e83dd41
commit 088e83dd41
parent aa01750ed7
3 changed files with 190 additions and 0 deletions
--- a/nix/os/containers/backup.nix
+++ b/nix/os/containers/backup.nix
@ -0,0 +1,184 @@
 { config, ... } @ args:
 let
  unstablepkgs = import <channels-nixos-unstable> { config = config.nixpkgs.config; };
  passwords = import ../../variables/passwords.crypt.nix;
  bucket = "bkp";
  subvolumeParentDir = "/var/lib";
  subvolumeDir = "/var/lib/container-volumes";
  subvolumeSnapshot = "/var/lib/container-volumes.snapshot";
  bkpSource = subvolumeSnapshot;
  bkpDestination = "/container/backup";
  cacheDir = "/var/lib/rclone-cachedir";
  wasabiRc = pkgs: pkgs.writeText "rc" ''
    [wasabi-${bucket}]
    type = s3
    provider = Wasabi
    env_auth = false
    #bkp user
    access_key_id = ${passwords.storage.wasabi.bkp.key}
    secret_access_key = ${passwords.storage.wasabi.bkp.secret}
    region = us-east-1
    endpoint = s3.wasabisys.com
    location_constraint =
    acl =
    server_side_encryption =
    storage_class =
  '';
  bkp-mount-rclone-manual = pkgs: {
      enable = true;
      description = "bkp-mount-rclone-manual service";
      path = with pkgs; [ unstablepkgs.rclone utillinux ];
      serviceConfig = {
        Type = "notify";
      };
      script = ''
        export PATH="$PATH:/run/wrappers/bin"
        exec rclone --config ${wasabiRc pkgs} mount wasabi-${bucket}:${bucket} ${bkpDestination} \
                    --stats=1m --stats-log-level=NOTICE \
                    --cache-dir=${cacheDir} \
                    --vfs-cache-mode=full
      '';
      preStart  = ''
          mkdir -p ${bkpDestination}
          mkdir -p ${cacheDir}
      '';
      postStop = ''
          sync
          umount ${bkpDestination} \
            || umount -l ${bkpDestination} \
            || :
          rmdir ${bkpDestination}
      '';
    };
 in args // {
  config = { pkgs, ... }: {
    imports = [
      ../profiles/containers/configuration.nix
    ];
    environment.systemPackages = with pkgs; [
      btrfs-progs
      rdup rdedup
      iptraf-ng nethogs
      rclone
    ];
    networking.firewall.enable = true;
    systemd.services."bkp-mount-rclone-manual" = bkp-mount-rclone-manual pkgs;
    systemd.services."bkp-sync-rclone" = {
      enable = true;
      description = "bkp-sync-rclone service";
      serviceConfig = {
        Type = "oneshot";
      };
      after = [
        "bkp-run.service"
      ];
      requires = [
        "bkp-run.service"
      ];
      path = with pkgs; [ unstablepkgs.rclone utillinux ];
      script = ''
        set -x
        echo Starting rclone sync...
        rclone --config ${wasabiRc pkgs} sync \
          ${bkpDestination}/rdedup/ wasabi-${bucket}:${bucket}/rdedup/  \
            --stats=1m --stats-log-level=NOTICE
        echo Finished rclone sync...
      '';
    };
    systemd.services."bkp-run" = {
      enable = true;
      description = "bkp-run";
      serviceConfig = {
        Type = "oneshot";
      };
      partOf = [
        "bkp-sync-rclone.service"
      ];
      path = with pkgs; [ btrfs-progs rdup rdedup coreutils ];
      preStart = ''
        echo Creating new btrfs snapshot of ${subvolumeDir} at ${subvolumeSnapshot}
        btrfs subvolume snapshot -r ${subvolumeDir} ${subvolumeSnapshot}
      '';
      script = ''
        #! ${pkgs.bash}/bin/bash
        export RUST_BACKTRACE=1
        export TIMESTAMP=$(date +"%Y%m%d.%H%M%S")
        echo Starting rdup/rdedup backup...
        for d in `ls -1 ${bkpSource}`; do
          echo Determining backup source size ${bkpSource}/$d...
          du -hs ${bkpSource}/$d
          set -x
          rdup -x /dev/null ${bkpSource}/$d | rdedup -v -ttt --dir=${bkpDestination}/rdedup store $d-''${TIMESTAMP}
          set +x
        done
        sync
        echo Finished rdup/rdedup backup...
        echo Determining backup destination size ${bkpDestination}/rdedup...
        du -hs ${bkpDestination}/rdedup
      '';
      postStop = ''
        btrfs subvolume delete ${subvolumeSnapshot}
      '';
    };
    systemd.timers."bkp" = {
      description = "Timer to trigger bkp periodically";
      enable = true;
      wantedBy = [ "timer.target" "multi-user.target" ];
      timerConfig = {
        OnCalendar = "23:00";
        Unit = "bkp-sync-rclone.service";
        # OnActiveSec="1s";
        # OnUnitInactiveSec="12h";
        # AccuracySec="5s";
      };
    };
  };
  autoStart = true;
  bindMounts = {
    "${subvolumeParentDir}" = {
      hostPath = "/var/lib/";
      isReadOnly = false;
    };
    "/dev/fuse" = {
      hostPath = "/dev/fuse";
      isReadOnly = false;
    };
  };
  allowedDevices = [
    { node = "/dev/fuse"; modifier = "rw"; }
  ];
  privateNetwork = true;
  forwardPorts = [
  ];
 }
--- a/nix/os/devices/vmd32387.contaboserver.net/system.nix
+++ b/nix/os/devices/vmd32387.contaboserver.net/system.nix
@ -85,5 +85,11 @@ in {
      hostAddress = "192.168.100.14";
      localAddress = "192.168.100.15";
    };
    backup = import ../../containers/backup.nix {
      inherit config;
      hostAddress = "192.168.100.16";
      localAddress = "192.168.100.17";
    };
  };
 }
--- a/nix/variables/passwords.crypt.nix
+++ b/nix/variables/passwords.crypt.nix