From a34238b3a9ec03891e8c93da81601c753800fd60 Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sun, 9 Apr 2023 13:06:15 -0600 Subject: [PATCH] Easily run restic commands on a backup group --- common/backups.nix | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/common/backups.nix b/common/backups.nix index b56f0bd..2289050 100644 --- a/common/backups.nix +++ b/common/backups.nix @@ -1,11 +1,13 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.backup; hostname = config.networking.hostName; + mkRespository = group: "s3:s3.us-west-004.backblazeb2.com/D22TgIt0-main-backup/${group}"; + mkBackup = group: paths: { - repository = "s3:s3.us-west-004.backblazeb2.com/D22TgIt0-main-backup/${group}"; + repository = mkRespository group; inherit paths; initialize = true; @@ -29,6 +31,20 @@ let environmentFile = "/run/agenix/backblaze-s3-backups"; passwordFile = "/run/agenix/restic-password"; }; + + # example usage: "sudo restic_samba unlock" (removes lockfile) + mkResticGroupCmd = group: pkgs.writeShellScriptBin "restic_${group}" '' + if [ "$EUID" -ne 0 ] + then echo "Run as root" + exit + fi + . /run/agenix/backblaze-s3-backups + export AWS_SECRET_ACCESS_KEY + export AWS_ACCESS_KEY_ID + export RESTIC_PASSWORD_FILE=/run/agenix/restic-password + export RESTIC_REPOSITORY="${mkRespository group}" + exec ${pkgs.restic}/bin/restic "$@" + ''; in { options.backup = { @@ -56,5 +72,7 @@ in age.secrets.backblaze-s3-backups.file = ../secrets/backblaze-s3-backups.age; age.secrets.restic-password.file = ../secrets/restic-password.age; + + environment.systemPackages = map mkResticGroupCmd (builtins.attrNames cfg.group); }; }