From 7da3d482727d9d89a909c8229a451cf2e06112c9 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 10 Jun 2022 01:30:57 -0700
Subject: [PATCH] migrate duplicity config to a module

this will let other machines reuse it
---
 machines/uninsane/default.nix            |  7 +++-
 machines/uninsane/services/duplicity.nix | 44 --------------------
 modules/default.nix                      |  1 +
 modules/services/duplicity.nix           | 51 ++++++++++++++++++++++++
 4 files changed, 58 insertions(+), 45 deletions(-)
 delete mode 100644 machines/uninsane/services/duplicity.nix
 create mode 100644 modules/services/duplicity.nix

diff --git a/machines/uninsane/default.nix b/machines/uninsane/default.nix
index ab507814..03809f16 100644
--- a/machines/uninsane/default.nix
+++ b/machines/uninsane/default.nix
@@ -7,7 +7,6 @@
     ./net.nix
     ./users.nix
     ./services/ddns-he.nix
-    ./services/duplicity.nix
     ./services/gitea.nix
     ./services/jackett.nix
     ./services/jellyfin.nix
@@ -23,6 +22,12 @@
   colinsane.home-manager.extraPackages = [
     pkgs.matrix-synapse
   ];
+  colinsane.services.duplicity.enable = true;
+
+  sops.secrets."duplicity_passphrase" = {
+    sopsFile = ../../secrets/uninsane.yaml;
+    # owner = "duplicity";
+  };
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
diff --git a/machines/uninsane/services/duplicity.nix b/machines/uninsane/services/duplicity.nix
deleted file mode 100644
index b20b1f76..00000000
--- a/machines/uninsane/services/duplicity.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
-{ config, ... }:
-
-{
-  services.duplicity.enable = true;
-  services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
-  services.duplicity.escapeUrl = false;
-  # format: PASSPHRASE=<cleartext> \n DUPLICITY_URL=b2://...
-  # two sisters
-  # TODO: s/duplicity_passphrase/duplicity_env/
-  services.duplicity.secretFile = config.sops.secrets.duplicity_passphrase.path;
-  # NB: manually trigger with `systemctl start duplicity`
-  services.duplicity.frequency = "daily";
-  services.duplicity.exclude = [
-    # impermanent/inconsequential data:
-    "/dev"
-    "/proc"
-    "/run"
-    "/sys"
-    "/tmp"
-    # bind mounted (dupes):
-    "/var/lib/pleroma"
-    "/var/lib/transmission/Downloads"
-    "/var/lib/transmission/.incomplete"
-    # other mounts
-    "/mnt"
-    # data that's not worth the cost to backup:
-    "/opt/uninsane/media"
-  ];
-
-  services.duplicity.extraFlags = [
-    # without --allow-source-mismatch, duplicity will abort if you change the hostname between backups
-    "--allow-source-mismatch"
-  ];
-
-  # set this for the FIRST backup, then remove it to enable incremental backups
-  #   (that the first backup *isn't* full i think is a defect)
-  # services.duplicity.fullIfOlderThan = "always";
-
-  sops.secrets."duplicity_passphrase" = {
-    sopsFile = ../../../secrets/uninsane.yaml;
-    # owner = "duplicity";
-  };
-}
diff --git a/modules/default.nix b/modules/default.nix
index 38203cf9..8df82490 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -4,6 +4,7 @@
   imports = [
     ./gui
     ./hardware
+    ./services/duplicity.nix
     ./universal
   ];
 }
diff --git a/modules/services/duplicity.nix b/modules/services/duplicity.nix
new file mode 100644
index 00000000..41f21fcf
--- /dev/null
+++ b/modules/services/duplicity.nix
@@ -0,0 +1,51 @@
+# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
+{ config, ... }:
+
+with lib;
+let
+  cfg = config.colinsane.services.duplicity;
+in
+{
+  options = {
+    colinsane.services.duplicity.enable = mkOption {
+      default = false;
+      type = types.bool;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.duplicity.enable = true;
+    services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
+    services.duplicity.escapeUrl = false;
+    # format: PASSPHRASE=<cleartext> \n DUPLICITY_URL=b2://...
+    # two sisters
+    # TODO: s/duplicity_passphrase/duplicity_env/
+    services.duplicity.secretFile = config.sops.secrets.duplicity_passphrase.path;
+    # NB: manually trigger with `systemctl start duplicity`
+    services.duplicity.frequency = "daily";
+    services.duplicity.exclude = [
+      # impermanent/inconsequential data:
+      "/dev"
+      "/proc"
+      "/run"
+      "/sys"
+      "/tmp"
+      # bind mounted (dupes):
+      "/var/lib/pleroma"
+      "/var/lib/transmission/Downloads"
+      "/var/lib/transmission/.incomplete"
+      # other mounts
+      "/mnt"
+      # data that's not worth the cost to backup:
+      "/opt/uninsane/media"
+    ];
+
+    services.duplicity.extraFlags = [
+      # without --allow-source-mismatch, duplicity will abort if you change the hostname between backups
+      "--allow-source-mismatch"
+    ];
+
+    # set this for the FIRST backup, then remove it to enable incremental backups
+    #   (that the first backup *isn't* full i think is a defect)
+    # services.duplicity.fullIfOlderThan = "always";
+}