add mail backups

2016-09-20 20:05:45 +02:00 · 2016-09-20 20:05:45 +02:00 · 4b596dea0f
parent 7fc153bcfb
commit 4b596dea0f
2 changed files with 72 additions and 0 deletions
--- a/modules/backup.nix
+++ b/modules/backup.nix
@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+let
+cfg = config.services.backup;
+inherit (lib) mkEnableOption mkOption types mkIf
+flip mapAttrs' nameValuePair;
+in
+{
+
+  options.services.backup = {
+    enable = mkOption { type = types.bool; default = false; };
+    backups = mkOption {
+      type = types.loaOf types.optionSet;
+      options = {
+        dir = mkOption { type = types.str; };
+        user = mkOption { type = types.str; };
+        remote = mkOption { type = types.str; };
+        keyfile = mkOption { type = types.str; };
+        exclude = mkOption { type = types.str; default = ""; };
+        interval = mkOption { type = types.str; default = "weekly"; };
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    systemd.services = let
+      sectionToService = name: data: with data; {
+        description = "Back up ${name}";
+        serviceConfig = {
+          IOSchedulingClass="idle";
+          User=user;
+          #Type = "oneshot";
+        };
+        script = ''
+          source ${keyfile}
+          ${pkgs.duplicity}/bin/duplicity ${dir} ${remote} \
+            --ssl-cacert-file /etc/ssl/certs/ca-bundle.crt \
+            --encrypt-key ${user} \
+            --exclude-filelist ${pkgs.writeText "dupignore" exclude} \
+            --asynchronous-upload \
+            --volsize 100 \
+            --allow-source-mismatch
+        '';
+        after = ["network.target" "network-online.target"];
+        wants = ["network-online.target"];
+      };
+  in flip mapAttrs' cfg.backups (name: data: nameValuePair
+    ("backup-${name}")
+    (sectionToService name data));
+  systemd.timers = flip mapAttrs' cfg.backups (name: data: nameValuePair
+    ("backup-${name}")
+    ({
+      description = "Periodically backups ${name}";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = data.interval;
+        Unit = "backup-${name}.service";
+      };
+    }));
+  };
+}
--- a/pennyworth/configuration.nix
+++ b/pennyworth/configuration.nix
@ -19,6 +19,7 @@ in
      ../modules/nginx.nix
      ../modules/tor-hidden-service.nix
      ../modules/muflax-blog.nix
+      ../modules/backup.nix
  ];

  networking.hostName = secrets.hostnames.pennyworth;
@ -47,6 +48,18 @@ in
      };
    };
  };
+  services.backup = {
+    enable = true;
+    backups = {
+      mail = {
+        dir = "/var/spool/mail";
+        user = config.services.mailz.user;
+        remote = "webdavs://mail@yorickvp.stackstorage.com/remote.php/webdav//mail_bak";
+        keyfile = "/var/backup/mail_creds";
+        interval = "daily";
+      };
+    };
+  };
  # website + lets encrypt challenge hosting
  nginxssl = {
    enable = true;