From c2c0797c232d8e580cdf9192ca3fc3ecf3f2657c Mon Sep 17 00:00:00 2001 From: NAHO <90870942+trueNAHO@users.noreply.github.com> Date: Mon, 12 Feb 2024 19:24:46 +0100 Subject: [PATCH] feat(modules/homeManager/programs/borgmatic): setup 'home' backup --- .../programs/borgmatic/default.nix | 80 ++++++++++++++++++- .../borgmatic/encryption_passcommand.age | 5 ++ secrets.nix | 1 + 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 modules/homeManager/programs/borgmatic/encryption_passcommand.age diff --git a/modules/homeManager/programs/borgmatic/default.nix b/modules/homeManager/programs/borgmatic/default.nix index 130648b7..e87b68e3 100644 --- a/modules/homeManager/programs/borgmatic/default.nix +++ b/modules/homeManager/programs/borgmatic/default.nix @@ -1,12 +1,90 @@ { config, lib, + pkgs, ... }: { + imports = [../../../agenix/homeManagerModules/default]; + options.modules.homeManager.programs.borgmatic.enable = lib.mkEnableOption "borgmatic"; config = lib.mkIf config.modules.homeManager.programs.borgmatic.enable { - programs.borgmatic.enable = true; + modules.agenix.homeManagerModules.default.enable = true; + + age.secrets.modulesHomemanagerProgramsBorgmatic.file = ./encryption_passcommand.age; + + programs.borgmatic = { + backups.home = { + consistency.checks = let + monthly = "1 month"; + weekly = "1 week"; + in [ + { + name = "archives"; + frequency = weekly; + } + + { + name = "data"; + frequency = monthly; + } + + { + name = "extract"; + frequency = monthly; + } + + { + name = "repository"; + frequency = weekly; + } + ]; + + # https://torsion.org/borgmatic/docs/how-to/backup-to-a-removable-drive-or-an-intermittent-server + hooks.extraConfig.before_backup = let + repository = let + label = "home"; + in + ( + lib.lists.findFirst + (repository: repository ? label && repository.label == label) + (throw "unable to find a repository labeled '${label}'") + config.programs.borgmatic.backups.home.location.repositories + ) + .path; + in [''ls "${repository}" >/dev/null || exit 75'']; + + location = { + excludeHomeManagerSymlinks = true; + + repositories = [ + { + label = "home"; + path = "/tmp/${config.home.username}/borgbackup"; + } + ]; + + sourceDirectories = [config.home.homeDirectory]; + }; + + retention = { + keepDaily = 7; + keepHourly = 24; + keepMinutely = 60; + keepMonthly = 6; + keepSecondly = 60; + keepWeekly = 5; + keepWithin = "2d"; + keepYearly = 1; + }; + + storage.encryptionPasscommand = let + file = config.age.secrets.modulesHomemanagerProgramsBorgmatic.path; + in "${pkgs.runtimeShell} -c '${pkgs.coreutils}/bin/cat \"${file}\"'"; + }; + + enable = true; + }; }; } diff --git a/modules/homeManager/programs/borgmatic/encryption_passcommand.age b/modules/homeManager/programs/borgmatic/encryption_passcommand.age new file mode 100644 index 00000000..bc8a8ff3 --- /dev/null +++ b/modules/homeManager/programs/borgmatic/encryption_passcommand.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 uMTWyw B6GoxFOZ+aqQdvmmzjaAXG6Xss1DrMAf1W+Uf4bkOSk +hTRHJFblBt7wS0JtujjulbRSvtkxjE0UuCvQbPiFF8E +--- cWQ9p0FA0x8gESmNujC0O1lHzVl4m9zfsbGFVDmI17g +Æñmù—Ÿ•ôï—T¼Àéœ7½øŽ>kž>z¼¡ìßt›±•ñKƒ5Mb†)<Ùv;¿„ð­TÕƒul¢#ôQ³¿c7.ˆãȵ€ \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 7e2956ff..18aaf390 100644 --- a/secrets.nix +++ b/secrets.nix @@ -3,6 +3,7 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrrgYSUQdMPznQBTYSr4jf1p9feRpVWjFuW1MdmtQM4" ]; in { + "modules/homeManager/programs/borgmatic/encryption_passcommand.age".publicKeys = publicKeys; "modules/homeManager/programs/gh/gh_token.age".publicKeys = publicKeys; "modules/programs/nixvim/plugins/codeium.age".publicKeys = publicKeys; }