nixos-config/services/restic/lib.nix

{
  config,
  lib,
  pkgs,
  ...
}:

# using the restic cli:
# load credentials into shell by adding B2 secrets to .env (see .env.example).
# useful commands for analysing restic stats [snapshot-id], restic diff [s1] [s2],

with lib;
with builtins;
let
  hasAnyAttr = flip (attrset: any (flip hasAttr attrset));
in
{
  resticConfig =
    args@{
      name,
      paths ? [ ],
      ignorePatterns ? [ ],
      extraBackupArgs ? [ ],
      extraPruneOpts ? [ ],
      ...
    }:
    assert
      !hasAnyAttr [
        "initialize"
        "repository"
        "s3CredentialsFile"
        "passwordFile"
        "pruneOpts"
      ] args;
    assert (args ? paths);
    {
      initialize = true;
      repository = "b2:felschr-backups:/${name}";
      environmentFile = config.age.secrets.restic-b2.path;
      passwordFile = config.age.secrets.restic-password.path;
      timerConfig.OnCalendar = "daily";
      inherit paths;
      extraBackupArgs =
        let
          ignoreFile = builtins.toFile "ignore" (foldl (a: b: a + "\n" + b) "" ignorePatterns);
        in
        [ "--exclude-file=${ignoreFile}" ] ++ extraBackupArgs;
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 4"
        "--keep-monthly 3"
        "--keep-yearly 1"
        # reduce download bandwidth
        "--max-unused 10%"
        "--repack-cacheable-only"
      ] ++ extraPruneOpts;
    }
    // (removeAttrs args [
      "name"
      "paths"
      "ignorePatterns"
      "extraBackupArgs"
      "extraPruneOpts"
    ]);
}
style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00
			`# using the restic cli:`
fix(restic): fix restic path handling Generating a list of paths for restic to backup introduces some issues: - restic matches incremental backups by paths, changing paths cause new backups - logs and a lot of restic commands print all the paths, which makes it basically unusable Thus I've reverted to using static `paths` and excluding patterns via the `--exclude-file` argument. To reduce files to backup from `~/dev`, a preStart job was added to the systemd service: It clones the directory via `rsync` with `.gitignore` files being respected. 2022-07-04 17:12:39 +02:00			`# load credentials into shell by adding B2 secrets to .env (see .env.example).`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00			`# useful commands for analysing restic stats [snapshot-id], restic diff [s1] [s2],`

			`with lib;`
			`with builtins;`
style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`let`
			`hasAnyAttr = flip (attrset: any (flip hasAttr attrset));`
			`in`
			`{`
			`resticConfig =`
			`args@{`
			`name,`
			`paths ? [ ],`
			`ignorePatterns ? [ ],`
			`extraBackupArgs ? [ ],`
			`extraPruneOpts ? [ ],`
			`...`
			`}:`
			`assert`
			`!hasAnyAttr [`
			`"initialize"`
			`"repository"`
			`"s3CredentialsFile"`
			`"passwordFile"`
			`"pruneOpts"`
			`] args;`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00			`assert (args ? paths);`
			`{`
			`initialize = true;`
			`repository = "b2:felschr-backups:/${name}";`
			`environmentFile = config.age.secrets.restic-b2.path;`
			`passwordFile = config.age.secrets.restic-password.path;`
			`timerConfig.OnCalendar = "daily";`
style: fix some statix issues 2022-09-28 15:27:19 +02:00			`inherit paths;`
style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`extraBackupArgs =`
			`let`
			`ignoreFile = builtins.toFile "ignore" (foldl (a: b: a + "\n" + b) "" ignorePatterns);`
			`in`
			`[ "--exclude-file=${ignoreFile}" ] ++ extraBackupArgs;`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00			`pruneOpts = [`
			`"--keep-daily 7"`
			`"--keep-weekly 4"`
			`"--keep-monthly 3"`
			`"--keep-yearly 1"`
feat(restic): reduce download bandwidth 2022-08-11 19:35:44 +02:00			`# reduce download bandwidth`
			`"--max-unused 10%"`
			`"--repack-cacheable-only"`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00			`] ++ extraPruneOpts;`
style: reformat with nixfmt-rfc-style 2024-05-26 16:45:38 +02:00			`}`
			`// (removeAttrs args [`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00			`"name"`
			`"paths"`
			`"ignorePatterns"`
fix(restic): fix restic path handling Generating a list of paths for restic to backup introduces some issues: - restic matches incremental backups by paths, changing paths cause new backups - logs and a lot of restic commands print all the paths, which makes it basically unusable Thus I've reverted to using static `paths` and excluding patterns via the `--exclude-file` argument. To reduce files to backup from `~/dev`, a preStart job was added to the systemd service: It clones the directory via `rsync` with `.gitignore` files being respected. 2022-07-04 17:12:39 +02:00			`"extraBackupArgs"`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00			`"extraPruneOpts"`
			`]);`
			`}`