add mail backups
parent
7fc153bcfb
commit
4b596dea0f
|
@ -0,0 +1,59 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.backup;
|
||||
inherit (lib) mkEnableOption mkOption types mkIf
|
||||
flip mapAttrs' nameValuePair;
|
||||
in
|
||||
{
|
||||
|
||||
options.services.backup = {
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
backups = mkOption {
|
||||
type = types.loaOf types.optionSet;
|
||||
options = {
|
||||
dir = mkOption { type = types.str; };
|
||||
user = mkOption { type = types.str; };
|
||||
remote = mkOption { type = types.str; };
|
||||
keyfile = mkOption { type = types.str; };
|
||||
exclude = mkOption { type = types.str; default = ""; };
|
||||
interval = mkOption { type = types.str; default = "weekly"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services = let
|
||||
sectionToService = name: data: with data; {
|
||||
description = "Back up ${name}";
|
||||
serviceConfig = {
|
||||
IOSchedulingClass="idle";
|
||||
User=user;
|
||||
#Type = "oneshot";
|
||||
};
|
||||
script = ''
|
||||
source ${keyfile}
|
||||
${pkgs.duplicity}/bin/duplicity ${dir} ${remote} \
|
||||
--ssl-cacert-file /etc/ssl/certs/ca-bundle.crt \
|
||||
--encrypt-key ${user} \
|
||||
--exclude-filelist ${pkgs.writeText "dupignore" exclude} \
|
||||
--asynchronous-upload \
|
||||
--volsize 100 \
|
||||
--allow-source-mismatch
|
||||
'';
|
||||
after = ["network.target" "network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
};
|
||||
in flip mapAttrs' cfg.backups (name: data: nameValuePair
|
||||
("backup-${name}")
|
||||
(sectionToService name data));
|
||||
systemd.timers = flip mapAttrs' cfg.backups (name: data: nameValuePair
|
||||
("backup-${name}")
|
||||
({
|
||||
description = "Periodically backups ${name}";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = data.interval;
|
||||
Unit = "backup-${name}.service";
|
||||
};
|
||||
}));
|
||||
};
|
||||
}
|
|
@ -19,6 +19,7 @@ in
|
|||
../modules/nginx.nix
|
||||
../modules/tor-hidden-service.nix
|
||||
../modules/muflax-blog.nix
|
||||
../modules/backup.nix
|
||||
];
|
||||
|
||||
networking.hostName = secrets.hostnames.pennyworth;
|
||||
|
@ -47,6 +48,18 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
services.backup = {
|
||||
enable = true;
|
||||
backups = {
|
||||
mail = {
|
||||
dir = "/var/spool/mail";
|
||||
user = config.services.mailz.user;
|
||||
remote = "webdavs://mail@yorickvp.stackstorage.com/remote.php/webdav//mail_bak";
|
||||
keyfile = "/var/backup/mail_creds";
|
||||
interval = "daily";
|
||||
};
|
||||
};
|
||||
};
|
||||
# website + lets encrypt challenge hosting
|
||||
nginxssl = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in New Issue