migrate duplicity config to a module

this will let other machines reuse it

machines/uninsane/default.nix

@@ -7,7 +7,6 @@
     ./net.nix
     ./users.nix
     ./services/ddns-he.nix
-    ./services/duplicity.nix
     ./services/gitea.nix
     ./services/jackett.nix
     ./services/jellyfin.nix
@@ -23,6 +22,12 @@
   colinsane.home-manager.extraPackages = [
     pkgs.matrix-synapse
   ];
+  colinsane.services.duplicity.enable = true;
+
+  sops.secrets."duplicity_passphrase" = {
+    sopsFile = ../../secrets/uninsane.yaml;
+    # owner = "duplicity";
+  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

machines/uninsane/services/duplicity.nix

@@ -1,44 +0,0 @@
-# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
-{ config, ... }:
-
-{
-  services.duplicity.enable = true;
-  services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
-  services.duplicity.escapeUrl = false;
-  # format: PASSPHRASE=<cleartext> \n DUPLICITY_URL=b2://...
-  # two sisters
-  # TODO: s/duplicity_passphrase/duplicity_env/
-  services.duplicity.secretFile = config.sops.secrets.duplicity_passphrase.path;
-  # NB: manually trigger with `systemctl start duplicity`
-  services.duplicity.frequency = "daily";
-  services.duplicity.exclude = [
-    # impermanent/inconsequential data:
-    "/dev"
-    "/proc"
-    "/run"
-    "/sys"
-    "/tmp"
-    # bind mounted (dupes):
-    "/var/lib/pleroma"
-    "/var/lib/transmission/Downloads"
-    "/var/lib/transmission/.incomplete"
-    # other mounts
-    "/mnt"
-    # data that's not worth the cost to backup:
-    "/opt/uninsane/media"
-  ];
-
-  services.duplicity.extraFlags = [
-    # without --allow-source-mismatch, duplicity will abort if you change the hostname between backups
-    "--allow-source-mismatch"
-  ];
-
-  # set this for the FIRST backup, then remove it to enable incremental backups
-  #   (that the first backup *isn't* full i think is a defect)
-  # services.duplicity.fullIfOlderThan = "always";
-
-  sops.secrets."duplicity_passphrase" = {
-    sopsFile = ../../../secrets/uninsane.yaml;
-    # owner = "duplicity";
-  };
-}

modules/default.nix

@@ -4,6 +4,7 @@
   imports = [
     ./gui
     ./hardware
+    ./services/duplicity.nix
     ./universal
   ];
 }

modules/services/duplicity.nix

@@ -0,0 +1,51 @@
+# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
+{ config, ... }:
+
+with lib;
+let
+  cfg = config.colinsane.services.duplicity;
+in
+{
+  options = {
+    colinsane.services.duplicity.enable = mkOption {
+      default = false;
+      type = types.bool;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.duplicity.enable = true;
+    services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
+    services.duplicity.escapeUrl = false;
+    # format: PASSPHRASE=<cleartext> \n DUPLICITY_URL=b2://...
+    # two sisters
+    # TODO: s/duplicity_passphrase/duplicity_env/
+    services.duplicity.secretFile = config.sops.secrets.duplicity_passphrase.path;
+    # NB: manually trigger with `systemctl start duplicity`
+    services.duplicity.frequency = "daily";
+    services.duplicity.exclude = [
+      # impermanent/inconsequential data:
+      "/dev"
+      "/proc"
+      "/run"
+      "/sys"
+      "/tmp"
+      # bind mounted (dupes):
+      "/var/lib/pleroma"
+      "/var/lib/transmission/Downloads"
+      "/var/lib/transmission/.incomplete"
+      # other mounts
+      "/mnt"
+      # data that's not worth the cost to backup:
+      "/opt/uninsane/media"
+    ];
+
+    services.duplicity.extraFlags = [
+      # without --allow-source-mismatch, duplicity will abort if you change the hostname between backups
+      "--allow-source-mismatch"
+    ];
+
+    # set this for the FIRST backup, then remove it to enable incremental backups
+    #   (that the first backup *isn't* full i think is a defect)
+    # services.duplicity.fullIfOlderThan = "always";
+}