From 4b596dea0f3ae785c99a2856eca38b1bac956e0b Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorickvanpelt@gmail.com>
Date: Tue, 20 Sep 2016 20:05:45 +0200
Subject: [PATCH] add mail backups

---
 modules/backup.nix           | 59 ++++++++++++++++++++++++++++++++++++
 pennyworth/configuration.nix | 13 ++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 modules/backup.nix

diff --git a/modules/backup.nix b/modules/backup.nix
new file mode 100644
index 0000000..8823f3f
--- /dev/null
+++ b/modules/backup.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+let
+cfg = config.services.backup;
+inherit (lib) mkEnableOption mkOption types mkIf
+flip mapAttrs' nameValuePair;
+in
+{
+
+  options.services.backup = {
+    enable = mkOption { type = types.bool; default = false; };
+    backups = mkOption {
+      type = types.loaOf types.optionSet;
+      options = {
+        dir = mkOption { type = types.str; };
+        user = mkOption { type = types.str; };
+        remote = mkOption { type = types.str; };
+        keyfile = mkOption { type = types.str; };
+        exclude = mkOption { type = types.str; default = ""; };
+        interval = mkOption { type = types.str; default = "weekly"; };
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    systemd.services = let
+      sectionToService = name: data: with data; {
+        description = "Back up ${name}";
+        serviceConfig = {
+          IOSchedulingClass="idle";
+          User=user;
+          #Type = "oneshot";
+        };
+        script = ''
+          source ${keyfile}
+          ${pkgs.duplicity}/bin/duplicity ${dir} ${remote} \
+            --ssl-cacert-file /etc/ssl/certs/ca-bundle.crt \
+            --encrypt-key ${user} \
+            --exclude-filelist ${pkgs.writeText "dupignore" exclude} \
+            --asynchronous-upload \
+            --volsize 100 \
+            --allow-source-mismatch
+        '';
+        after = ["network.target" "network-online.target"];
+        wants = ["network-online.target"];
+      };
+  in flip mapAttrs' cfg.backups (name: data: nameValuePair
+    ("backup-${name}")
+    (sectionToService name data));
+  systemd.timers = flip mapAttrs' cfg.backups (name: data: nameValuePair
+    ("backup-${name}")
+    ({
+      description = "Periodically backups ${name}";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = data.interval;
+        Unit = "backup-${name}.service";
+      };
+    }));
+  };
+}
diff --git a/pennyworth/configuration.nix b/pennyworth/configuration.nix
index 85825f2..e4d8333 100644
--- a/pennyworth/configuration.nix
+++ b/pennyworth/configuration.nix
@@ -19,6 +19,7 @@ in
       ../modules/nginx.nix
       ../modules/tor-hidden-service.nix
       ../modules/muflax-blog.nix
+      ../modules/backup.nix
   ];
 
   networking.hostName = secrets.hostnames.pennyworth;
@@ -47,6 +48,18 @@ in
       };
     };
   };
+  services.backup = {
+    enable = true;
+    backups = {
+      mail = {
+        dir = "/var/spool/mail";
+        user = config.services.mailz.user;
+        remote = "webdavs://mail@yorickvp.stackstorage.com/remote.php/webdav//mail_bak";
+        keyfile = "/var/backup/mail_creds";
+        interval = "daily";
+      };
+    };
+  };
   # website + lets encrypt challenge hosting
   nginxssl = {
     enable = true;