mirror of https://gitlab.crans.org/nounous/nixos
74 lines
1.9 KiB
Nix
74 lines
1.9 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.crans.resticClient;
|
|
|
|
inherit (lib)
|
|
mkEnableOption
|
|
mkIf
|
|
mkOption
|
|
types
|
|
;
|
|
in
|
|
|
|
{
|
|
options.crans.resticClient = {
|
|
enable = mkEnableOption "Configuration générale pour le client restic.";
|
|
|
|
additionalPaths = mkOption {
|
|
type = types.listOf types.path;
|
|
default = [ ];
|
|
example = [ "/backup" ];
|
|
description = "Chemins à backuper en plus de ceux par défaut.";
|
|
};
|
|
|
|
additionalExcludes = mkOption {
|
|
type = types.listOf types.path;
|
|
default = [ ];
|
|
example = [ "/var/lib/<service>/cache" ];
|
|
description = "Chemins à exclure des backups en plus de ceux par défaut.";
|
|
};
|
|
|
|
when = mkOption {
|
|
type = types.str;
|
|
example = "05:42";
|
|
description = "À quelle heure faire les backups.";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
age.secrets = {
|
|
restic-base-env.file = ../../secrets/restic/client_env.age;
|
|
restic-base-repo.file = ../../secrets/restic/${config.networking.hostName}/base-repo.age;
|
|
restic-base-password.file = ../../secrets/restic/${config.networking.hostName}/base-password.age;
|
|
};
|
|
|
|
services.restic.backups = {
|
|
base = {
|
|
initialize = true;
|
|
passwordFile = config.age.secrets.restic-base-password.path;
|
|
repositoryFile = config.age.secrets.restic-base-repo.path;
|
|
environmentFile = config.age.secrets.restic-base-env.path;
|
|
paths = [
|
|
"/etc"
|
|
"/var"
|
|
] ++ cfg.additionalPaths;
|
|
exclude = [
|
|
"/var/cache"
|
|
"/var/lib/lxcfs"
|
|
] ++ cfg.additionalExcludes;
|
|
timerConfig = {
|
|
OnCalendar = cfg.when;
|
|
RandomizedDelaySec = "6h";
|
|
};
|
|
pruneOpts = [
|
|
"--keep-daily 2"
|
|
"--keep-weekly 2"
|
|
"--keep-monthly 2"
|
|
"--keep-yearly 1"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|