migrate duplicity config to a module
this will let other machines reuse it
This commit is contained in:
parent
6c1acb5b9a
commit
7da3d48272
|
@ -7,7 +7,6 @@
|
|||
./net.nix
|
||||
./users.nix
|
||||
./services/ddns-he.nix
|
||||
./services/duplicity.nix
|
||||
./services/gitea.nix
|
||||
./services/jackett.nix
|
||||
./services/jellyfin.nix
|
||||
|
@ -23,6 +22,12 @@
|
|||
colinsane.home-manager.extraPackages = [
|
||||
pkgs.matrix-synapse
|
||||
];
|
||||
colinsane.services.duplicity.enable = true;
|
||||
|
||||
sops.secrets."duplicity_passphrase" = {
|
||||
sopsFile = ../../secrets/uninsane.yaml;
|
||||
# owner = "duplicity";
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.duplicity.enable = true;
|
||||
services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
|
||||
services.duplicity.escapeUrl = false;
|
||||
# format: PASSPHRASE=<cleartext> \n DUPLICITY_URL=b2://...
|
||||
# two sisters
|
||||
# TODO: s/duplicity_passphrase/duplicity_env/
|
||||
services.duplicity.secretFile = config.sops.secrets.duplicity_passphrase.path;
|
||||
# NB: manually trigger with `systemctl start duplicity`
|
||||
services.duplicity.frequency = "daily";
|
||||
services.duplicity.exclude = [
|
||||
# impermanent/inconsequential data:
|
||||
"/dev"
|
||||
"/proc"
|
||||
"/run"
|
||||
"/sys"
|
||||
"/tmp"
|
||||
# bind mounted (dupes):
|
||||
"/var/lib/pleroma"
|
||||
"/var/lib/transmission/Downloads"
|
||||
"/var/lib/transmission/.incomplete"
|
||||
# other mounts
|
||||
"/mnt"
|
||||
# data that's not worth the cost to backup:
|
||||
"/opt/uninsane/media"
|
||||
];
|
||||
|
||||
services.duplicity.extraFlags = [
|
||||
# without --allow-source-mismatch, duplicity will abort if you change the hostname between backups
|
||||
"--allow-source-mismatch"
|
||||
];
|
||||
|
||||
# set this for the FIRST backup, then remove it to enable incremental backups
|
||||
# (that the first backup *isn't* full i think is a defect)
|
||||
# services.duplicity.fullIfOlderThan = "always";
|
||||
|
||||
sops.secrets."duplicity_passphrase" = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
# owner = "duplicity";
|
||||
};
|
||||
}
|
|
@ -4,6 +4,7 @@
|
|||
imports = [
|
||||
./gui
|
||||
./hardware
|
||||
./services/duplicity.nix
|
||||
./universal
|
||||
];
|
||||
}
|
||||
|
|
51
modules/services/duplicity.nix
Normal file
51
modules/services/duplicity.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
# docs: https://search.nixos.org/options?channel=21.11&query=duplicity
|
||||
{ config, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.colinsane.services.duplicity;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
colinsane.services.duplicity.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.duplicity.enable = true;
|
||||
services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
|
||||
services.duplicity.escapeUrl = false;
|
||||
# format: PASSPHRASE=<cleartext> \n DUPLICITY_URL=b2://...
|
||||
# two sisters
|
||||
# TODO: s/duplicity_passphrase/duplicity_env/
|
||||
services.duplicity.secretFile = config.sops.secrets.duplicity_passphrase.path;
|
||||
# NB: manually trigger with `systemctl start duplicity`
|
||||
services.duplicity.frequency = "daily";
|
||||
services.duplicity.exclude = [
|
||||
# impermanent/inconsequential data:
|
||||
"/dev"
|
||||
"/proc"
|
||||
"/run"
|
||||
"/sys"
|
||||
"/tmp"
|
||||
# bind mounted (dupes):
|
||||
"/var/lib/pleroma"
|
||||
"/var/lib/transmission/Downloads"
|
||||
"/var/lib/transmission/.incomplete"
|
||||
# other mounts
|
||||
"/mnt"
|
||||
# data that's not worth the cost to backup:
|
||||
"/opt/uninsane/media"
|
||||
];
|
||||
|
||||
services.duplicity.extraFlags = [
|
||||
# without --allow-source-mismatch, duplicity will abort if you change the hostname between backups
|
||||
"--allow-source-mismatch"
|
||||
];
|
||||
|
||||
# set this for the FIRST backup, then remove it to enable incremental backups
|
||||
# (that the first backup *isn't* full i think is a defect)
|
||||
# services.duplicity.fullIfOlderThan = "always";
|
||||
}
|
Loading…
Reference in New Issue
Block a user