fix(restic): fix restic path handling

Generating a list of paths for restic to backup introduces some issues: - restic matches incremental backups by paths, changing paths cause new backups - logs and a lot of restic commands print all the paths, which makes it basically unusable Thus I've reverted to using static `paths` and excluding patterns via the `--exclude-file` argument. To reduce files to backup from `~/dev`, a preStart job was added to the systemd service: It clones the directory via `rsync` with `.gitignore` files being respected.
2022-07-04 17:12:39 +02:00 · 2022-07-04 17:12:39 +02:00 · 7799ef1131
parent 3a0c9a91e8
commit 7799ef1131
2 changed files with 24 additions and 21 deletions
--- a/services/restic/home-pc.nix
+++ b/services/restic/home-pc.nix
@ -14,7 +14,6 @@ in {
  services.restic.backups.full = resticLib.resticConfig {
    name = "home-pc";
    ripgrep = true;
    paths = [ "/etc/nixos" "/var/lib" "/home" ];
    ignorePatterns = [
      "/var/lib/systemd"
@ -40,8 +39,23 @@ in {
      "/home/felschr/media"
      "/home/felschr/sync"
      "/home/felschr/keybase"
      "/home/felschr/dev" # backup ~/dev-backup instead
    ];
    timerConfig.OnCalendar = "0/4:00:00";
    extraPruneOpts = [ "--keep-last 6" ];
  };
  # extra handling for dev folder to respect .gitignore files:
  systemd.services."restic-backups-full" = {
    preStart = ''
      rm -rf /home/felschr/dev-backup
      ${pkgs.rsync}/bin/rsync -a \
        --filter=':- .gitignore' \
        --exclude 'nixpkgs' \
        /home/felschr/dev/* /home/felschr/dev-backup
    '';
    postStart = ''
      rm -rf /home/felschr/dev-backup
    '';
  };
 }
--- a/services/restic/lib.nix
+++ b/services/restic/lib.nix
@ -1,15 +1,15 @@
 { config, lib, pkgs, ... }:
 # using the restic cli:
-# load credentials into shell via: export $(cat /path/to/credentials/file | xargs)
+# load credentials into shell by adding B2 secrets to .env (see .env.example).
 # useful commands for analysing restic stats [snapshot-id], restic diff [s1] [s2],
 with lib;
 with builtins;
 let hasAnyAttr = flip (attrset: any (flip hasAttr attrset));
 in {
-  resticConfig = args@{ name, ripgrep ? false, paths ? [ ], ignorePatterns ? [ ]
+  resticConfig = args@{ name, paths ? [ ], ignorePatterns ? [ ]
-    , extraPruneOpts ? [ ], ... }:
+    , extraBackupArgs ? [ ], extraPruneOpts ? [ ], ... }:
    assert !hasAnyAttr [
      "initialize"
      "repository"
@ -18,28 +18,17 @@ in {
      "pruneOpts"
    ] args;
    assert (args ? paths);
    assert (ripgrep || (!ripgrep && !(args ? ignorePatterns)));
    {
      initialize = true;
      repository = "b2:felschr-backups:/${name}";
      environmentFile = config.age.secrets.restic-b2.path;
      passwordFile = config.age.secrets.restic-password.path;
      timerConfig.OnCalendar = "daily";
-      paths = if ripgrep then null else paths;
+      paths = paths;
-      dynamicFilesFrom = if ripgrep then
+      extraBackupArgs = let
-        let
+        ignoreFile = builtins.toFile "ignore"
-          files = foldl (a: b: "${a} ${b}") "" paths;
+          (foldl (a: b: a + "\n" + b) "" ignorePatterns);
-          ignoreFile = builtins.toFile "ignore"
+      in [ "--exclude-file=${ignoreFile}" ] ++ extraBackupArgs;
            (foldl (a: b: a + "\n" + b) "" ignorePatterns);
        in ''
          ${pkgs.fd}/bin/fd \
            --hidden \
            --ignore-file ${ignoreFile} \
            . ${files} \
            | sed "s/\[/\\\[/" | sed "s/\]/\\\]/"
        ''
      else
        null;
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 4"
@ -48,9 +37,9 @@ in {
      ] ++ extraPruneOpts;
    } // (removeAttrs args [
      "name"
      "ripgrep"
      "paths"
      "ignorePatterns"
      "extraBackupArgs"
      "extraPruneOpts"
    ]);
 }