feat(modules/homeManager/programs/borgmatic): setup 'home' backup

trueNAHO · Feb 20, 2024 · c2c0797 · c2c0797
1 parent 86d263a
commit c2c0797
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 1 deletion.
diff --git a/modules/homeManager/programs/borgmatic/default.nix b/modules/homeManager/programs/borgmatic/default.nix
@@ -1,12 +1,90 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }: {
+  imports = [../../../agenix/homeManagerModules/default];
+
   options.modules.homeManager.programs.borgmatic.enable =
     lib.mkEnableOption "borgmatic";
 
   config = lib.mkIf config.modules.homeManager.programs.borgmatic.enable {
-    programs.borgmatic.enable = true;
+    modules.agenix.homeManagerModules.default.enable = true;
+
+    age.secrets.modulesHomemanagerProgramsBorgmatic.file = ./encryption_passcommand.age;
+
+    programs.borgmatic = {
+      backups.home = {
+        consistency.checks = let
+          monthly = "1 month";
+          weekly = "1 week";
+        in [
+          {
+            name = "archives";
+            frequency = weekly;
+          }
+
+          {
+            name = "data";
+            frequency = monthly;
+          }
+
+          {
+            name = "extract";
+            frequency = monthly;
+          }
+
+          {
+            name = "repository";
+            frequency = weekly;
+          }
+        ];
+
+        # https://torsion.org/borgmatic/docs/how-to/backup-to-a-removable-drive-or-an-intermittent-server
+        hooks.extraConfig.before_backup = let
+          repository = let
+            label = "home";
+          in
+            (
+              lib.lists.findFirst
+              (repository: repository ? label && repository.label == label)
+              (throw "unable to find a repository labeled '${label}'")
+              config.programs.borgmatic.backups.home.location.repositories
+            )
+            .path;
+        in [''ls "${repository}" >/dev/null || exit 75''];
+
+        location = {
+          excludeHomeManagerSymlinks = true;
+
+          repositories = [
+            {
+              label = "home";
+              path = "/tmp/${config.home.username}/borgbackup";
+            }
+          ];
+
+          sourceDirectories = [config.home.homeDirectory];
+        };
+
+        retention = {
+          keepDaily = 7;
+          keepHourly = 24;
+          keepMinutely = 60;
+          keepMonthly = 6;
+          keepSecondly = 60;
+          keepWeekly = 5;
+          keepWithin = "2d";
+          keepYearly = 1;
+        };
+
+        storage.encryptionPasscommand = let
+          file = config.age.secrets.modulesHomemanagerProgramsBorgmatic.path;
+        in "${pkgs.runtimeShell} -c '${pkgs.coreutils}/bin/cat \"${file}\"'";
+      };
+
+      enable = true;
+    };
   };
 }
diff --git a/modules/homeManager/programs/borgmatic/encryption_passcommand.age b/modules/homeManager/programs/borgmatic/encryption_passcommand.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 uMTWyw B6GoxFOZ+aqQdvmmzjaAXG6Xss1DrMAf1W+Uf4bkOSk
+hTRHJFblBt7wS0JtujjulbRSvtkxjE0UuCvQbPiFF8E
+--- cWQ9p0FA0x8gESmNujC0O1lHzVl4m9zfsbGFVDmI17g
+��m������T���7���>k�>z����t����K�5Mb�)<�v;���TՃul�#�Q��c7.��ȵ�
diff --git a/secrets.nix b/secrets.nix
@@ -3,6 +3,7 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrrgYSUQdMPznQBTYSr4jf1p9feRpVWjFuW1MdmtQM4"
   ];
 in {
+  "modules/homeManager/programs/borgmatic/encryption_passcommand.age".publicKeys = publicKeys;
   "modules/homeManager/programs/gh/gh_token.age".publicKeys = publicKeys;
   "modules/programs/nixvim/plugins/codeium.age".publicKeys = publicKeys;
 }