nixos-configs/devices/servivi/modules/borgbackup.nix

{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.services.borgbackup;
  secrets = config.sops.secrets;
in {
  # Make this file declare default settings
  options.services.borgbackup = {
    #
    defaults = mkOption {
      type = types.attrs;
    };
    configs = mkOption {
      type = types.attrs;
    };
  };

  config = {
    users.groups.borg = {};
    users.users.borg = {
      isSystemUser = true;
      # https://mynixos.com/nixpkgs/option/services.borgbackup.jobs.%3Cname%3E.readWritePaths
      createHome = true;
      home = "/var/lib/borg";
      group = "borg";
      extraGroups = ["mc"];
    };

    programs.ssh.knownHosts = {
      pve.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/4mrp8E4Ittwg8feRmPtDHSDR2+Pq4uZHeF5MweVcW";
    };

    services.borgbackup = {
      defaults = {
        user = "borg";
        environment = {BORG_RSH = "ssh -i ${secrets.borg-ssh.path}";};

        repo = "ssh://matt@pve/data/backups/borg";
        encryption = {
          mode = "repokey";
          passCommand = let
            cat = "${pkgs.coreutils}/bin/cat";
            key = secrets.borg-repo.path;
          in "${cat} ${key}";
        };

        # Run every 3 hours
        startAt = "00/3:00";
        compression = "auto,lzma";
      };

      jobs = mapAttrs (_: v: v // cfg.defaults) cfg.configs;
    };
  };
}
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00			`}:`
			`with lib; let`
			`cfg = config.services.borgbackup;`
			`secrets = config.sops.secrets;`
			`in {`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`# Make this file declare default settings`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00			`options.services.borgbackup = {`
			`#`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`defaults = mkOption {`
			`type = types.attrs;`
			`};`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00			`configs = mkOption {`
			`type = types.attrs;`
			`};`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`};`

			`config = {`
			`users.groups.borg = {};`
			`users.users.borg = {`
			`isSystemUser = true;`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00			`# https://mynixos.com/nixpkgs/option/services.borgbackup.jobs.%3Cname%3E.readWritePaths`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`createHome = true;`
			`home = "/var/lib/borg";`
			`group = "borg";`
			`extraGroups = ["mc"];`
			`};`

			`programs.ssh.knownHosts = {`
			`pve.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/4mrp8E4Ittwg8feRmPtDHSDR2+Pq4uZHeF5MweVcW";`
			`};`

			`services.borgbackup = {`
			`defaults = {`
			`user = "borg";`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00			`environment = {BORG_RSH = "ssh -i ${secrets.borg-ssh.path}";};`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00
			`repo = "ssh://matt@pve/data/backups/borg";`
			`encryption = {`
			`mode = "repokey";`
			`passCommand = let`
			`cat = "${pkgs.coreutils}/bin/cat";`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00			`key = secrets.borg-repo.path;`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`in "${cat} ${key}";`
			`};`

			`# Run every 3 hours`
			`startAt = "00/3:00";`
			`compression = "auto,lzma";`
			`};`
refactor: make sshd module and some code refactor 2023-12-27 11:39:38 -05:00
			`jobs = mapAttrs (_: v: v // cfg.defaults) cfg.configs;`
feat(servers): switch to borgbackup jobs for granular control 2023-12-27 01:59:28 -05:00			`};`
			`};`
			`}`