From fa2ff2bd39499f4519a0234f285b74d76ba57c81 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 17 Jul 2022 20:40:12 +0200 Subject: [PATCH] expose the path to the backup passphrase as an option --- nixos/gorgon/configuration.nix | 5 ++--- nixos/modules/backup.nix | 33 +++++++++++++++++++++++++-------- nixos/pruflas/configuration.nix | 3 +-- nixos/surgat/configuration.nix | 3 +-- 4 files changed, 29 insertions(+), 15 deletions(-) diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 520998b..10f8778 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -46,9 +46,8 @@ in vpnExtension = "3"; }; backupClient = { - enable = true; - bs = true; - gs = false; + bs.enable = true; + gs.enable = false; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index c5855e0..adb2c15 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -24,14 +24,30 @@ in { options = { dadada.backupClient = { - enable = mkEnableOption "Enable backup client"; - gs = mkEnableOption "Enable backup to GS location"; - bs = mkEnableOption "Enable backup to BS location"; + gs = { + enable = mkEnableOption "Enable backup to GS location"; + passphrasePath = mkOption { + type = with types; nullOr str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/gs/passphrase"; + }; + }; + bs = { + enable = mkEnableOption "Enable backup to BS location"; + passphrasePath = mkOption { + type = with types; nullOr str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/bs/passphrase"; + }; + }; }; }; - config = mkIf cfg.enable { - + config = mkIf cfg.gs.enable { fileSystems = mkIf cfg.gs { "/backup" = { device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; @@ -47,7 +63,7 @@ in doInit = false; encryption = { mode = "repokey"; - passCommand = "cat /var/lib/borgbackup/gs/passphrase"; + passCommand = "cat ${cfg.gs.passphrasePath}"; }; compression = "auto,lz4"; prune.keep = { @@ -58,7 +74,7 @@ in yearly = -1; # Keep at least one archive for each year }; startAt = "monthly"; - }; + } // mkIf cfg.bs.enable { services.borgbackup.jobs.bs = mkIf cfg.bs { paths = "/"; @@ -70,7 +86,7 @@ in }; encryption = { mode = "repokey"; - passCommand = "cat /var/lib/borgbackup/bs/passphrase"; + passCommand = "cat ${cfg.bs.passphrasePath}"; }; compression = "auto,lz4"; startAt = "daily"; @@ -79,4 +95,5 @@ in }; }; }; + }; } diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix index 1709888..6aca8a7 100644 --- a/nixos/pruflas/configuration.nix +++ b/nixos/pruflas/configuration.nix @@ -42,8 +42,7 @@ in { dadada.admin.enable = true; dadada.backupClient = { - enable = true; - bs = true; + bs.enable = true; }; networking.useDHCP = false; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 4d0f879..c1ed89e 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -49,8 +49,7 @@ in dadada.homePage.enable = true; dadada.share.enable = true; dadada.backupClient = { - enable = true; - bs = true; + bs.enable = true; }; networking.useDHCP = false;