add mail backups
parent
7fc153bcfb
commit
4b596dea0f
|
@ -0,0 +1,59 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.backup;
|
||||||
|
inherit (lib) mkEnableOption mkOption types mkIf
|
||||||
|
flip mapAttrs' nameValuePair;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
|
||||||
|
options.services.backup = {
|
||||||
|
enable = mkOption { type = types.bool; default = false; };
|
||||||
|
backups = mkOption {
|
||||||
|
type = types.loaOf types.optionSet;
|
||||||
|
options = {
|
||||||
|
dir = mkOption { type = types.str; };
|
||||||
|
user = mkOption { type = types.str; };
|
||||||
|
remote = mkOption { type = types.str; };
|
||||||
|
keyfile = mkOption { type = types.str; };
|
||||||
|
exclude = mkOption { type = types.str; default = ""; };
|
||||||
|
interval = mkOption { type = types.str; default = "weekly"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services = let
|
||||||
|
sectionToService = name: data: with data; {
|
||||||
|
description = "Back up ${name}";
|
||||||
|
serviceConfig = {
|
||||||
|
IOSchedulingClass="idle";
|
||||||
|
User=user;
|
||||||
|
#Type = "oneshot";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
source ${keyfile}
|
||||||
|
${pkgs.duplicity}/bin/duplicity ${dir} ${remote} \
|
||||||
|
--ssl-cacert-file /etc/ssl/certs/ca-bundle.crt \
|
||||||
|
--encrypt-key ${user} \
|
||||||
|
--exclude-filelist ${pkgs.writeText "dupignore" exclude} \
|
||||||
|
--asynchronous-upload \
|
||||||
|
--volsize 100 \
|
||||||
|
--allow-source-mismatch
|
||||||
|
'';
|
||||||
|
after = ["network.target" "network-online.target"];
|
||||||
|
wants = ["network-online.target"];
|
||||||
|
};
|
||||||
|
in flip mapAttrs' cfg.backups (name: data: nameValuePair
|
||||||
|
("backup-${name}")
|
||||||
|
(sectionToService name data));
|
||||||
|
systemd.timers = flip mapAttrs' cfg.backups (name: data: nameValuePair
|
||||||
|
("backup-${name}")
|
||||||
|
({
|
||||||
|
description = "Periodically backups ${name}";
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = data.interval;
|
||||||
|
Unit = "backup-${name}.service";
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
};
|
||||||
|
}
|
|
@ -19,6 +19,7 @@ in
|
||||||
../modules/nginx.nix
|
../modules/nginx.nix
|
||||||
../modules/tor-hidden-service.nix
|
../modules/tor-hidden-service.nix
|
||||||
../modules/muflax-blog.nix
|
../modules/muflax-blog.nix
|
||||||
|
../modules/backup.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = secrets.hostnames.pennyworth;
|
networking.hostName = secrets.hostnames.pennyworth;
|
||||||
|
@ -47,6 +48,18 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
services.backup = {
|
||||||
|
enable = true;
|
||||||
|
backups = {
|
||||||
|
mail = {
|
||||||
|
dir = "/var/spool/mail";
|
||||||
|
user = config.services.mailz.user;
|
||||||
|
remote = "webdavs://mail@yorickvp.stackstorage.com/remote.php/webdav//mail_bak";
|
||||||
|
keyfile = "/var/backup/mail_creds";
|
||||||
|
interval = "daily";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
# website + lets encrypt challenge hosting
|
# website + lets encrypt challenge hosting
|
||||||
nginxssl = {
|
nginxssl = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in New Issue