some backup fixes

2024-01-24 17:28:12 +03:00 · 2024-01-24 17:28:12 +03:00 · 237a8e9ded
commit 237a8e9ded
parent d31c49ed15
5 changed files with 41 additions and 13 deletions
--- a/machines/Home-Hypervisor/backups.nix
+++ b/machines/Home-Hypervisor/backups.nix
@ -1,6 +1,6 @@
 { config, inputs, ... }: {
-  sops.secrets.rustic-nas-pass.sopsFile = inputs.self.secretsDir + /backup-conf.yaml;
-  sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /backup-conf.yaml;
+  sops.secrets.rustic-nas-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
+  sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml;
  services.rustic.backups = rec {
    nas-backup = {
      backup = true;
--- a/machines/Home-Hypervisor/dns-mapping.nix
+++ b/machines/Home-Hypervisor/dns-mapping.nix
@ -63,6 +63,12 @@
    { name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
  ];
  dnsmasq-list = [
+    # TODO: Fix dns resolution in blocky for unmapped subdomains of ataraxiadev.com
+    "/element.ataraxiadev.com/83.138.55.118"
+    "/matrix.ataraxiadev.com/83.138.55.118"
+    "/stats.ataraxiadev.com/83.138.55.118"
+    "/turn.ataraxiadev.com/83.138.55.118"
+
    "/api.ataraxiadev.com/192.168.0.10"
    "/auth.ataraxiadev.com/192.168.0.10"
    "/cache.ataraxiadev.com/192.168.0.10"
--- a/machines/NixOS-VPS/services/backups.nix
+++ b/machines/NixOS-VPS/services/backups.nix
@ -1,6 +1,6 @@
 { config, inputs, ... }: {
-  sops.secrets.rustic-vps-pass.sopsFile = inputs.self.secretsDir + /backup-conf.yaml;
-  sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /backup-conf.yaml;
+  sops.secrets.rustic-vps-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
+  sops.secrets.rclone-rustic-backups.sopsFile = inputs.self.secretsDir + /rustic.yaml;
  services.rustic.backups = rec {
    vps-backup = {
      backup = true;
--- a/modules/rustic.nix
+++ b/modules/rustic.nix
@ -176,6 +176,21 @@ in
          ];
        };

+        backupCommandPrefix = mkOption {
+          type = types.str;
+          default = "";
+          description = lib.mdDoc ''
+            Prefix for backup command.
+          '';
+        };
+
+        backupCommandSuffix = mkOption {
+          type = types.str;
+          default = "";
+          description = lib.mdDoc ''
+            Suffix for backup command.
+          '';
+        };

        backupPrepareCommand = mkOption {
          type = with types; nullOr str;
@ -224,10 +239,6 @@ in
            profile = settingsFormat.generate "${name}.toml" backup.settings;
            extraOptions = concatMapStrings (arg: " -o ${arg}") backup.extraOptions;
            rusticCmd = "${backup.package}/bin/rustic -P ${lib.strings.removeSuffix ".toml" profile}${extraOptions}";
-            pruneCmd = optionals (backup.prune) [
-              (rusticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts))
-              (rusticCmd + " check " + (concatStringsSep " " backup.checkOpts))
-            ];
            # Helper functions for rclone remotes
            rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v);
            toRcloneVal = v: if lib.isBool v then lib.boolToString v else v;
@ -247,10 +258,17 @@ in
            restartIfChanged = false;
            wants = [ "network-online.target" ];
            after = [ "network-online.target" ];
+            script = ''
+              ${optionalString (backup.backup) ''
+                ${backup.backupCommandPrefix} ${rusticCmd} backup ${concatStringsSep " " backup.extraBackupArgs} ${backup.backupCommandSuffix}
+              ''}
+              ${optionalString (backup.prune) ''
+                ${rusticCmd} forget --prune ${concatStringsSep " " backup.pruneOpts}
+                ${rusticCmd} check ${concatStringsSep " " backup.checkOpts}
+              ''}
+            '';
            serviceConfig = {
              Type = "oneshot";
-              ExecStart = (optionals backup.backup [ "${rusticCmd} backup ${concatStringsSep " " backup.extraBackupArgs}" ])
-                ++ pruneCmd;
              User = backup.user;
              RuntimeDirectory = "rustic-backups-${name}";
              CacheDirectory = "rustic-backups-${name}";
@ -265,7 +283,7 @@ in
                ${pkgs.writeScript "backupPrepareCommand" backup.backupPrepareCommand}
              ''}
              ${optionalString (backup.initialize) ''
-                ${rusticCmd} snapshots || ${rusticCmd} init ${concatStringsSep " " backup.initializeOpts}
+                ${rusticCmd} init ${concatStringsSep " " backup.initializeOpts} || true
              ''}
            '';
          } // optionalAttrs (backup.backupCleanupCommand != null) {
--- a/secrets/backup-conf.yaml
+++ b/secrets/backup-conf.yaml
@ -1,14 +1,18 @@
 rclone-rustic-backups: ENC[AES256_GCM,data:78Ch7VVk/9rPy8pTQCTmuSSXWVKlNwlaTxnrM4yBi8/AQ6B4QJYQr1ibtxbgFs4aGHMddJbARLILT9afzXVF3dwyZ5490v8b+6NmGQ/ECdLpQ3LUGWzQHSkTQRib8s2ks2v3XC7AAzUr4hNdXHxL4/11WrKIL5wJyn2YP/KngQoIjijkpzoAoKZgr9cTZDSQ3FsnDv6WlQ4lTneRSkssFmHrytgFWEj/EXTqeZo5/2E7GrqFC161iO/p6+ZM9dNFoSsLxj4SI5gF2HsUChZbDfMyMdzYCHTt,iv:a1Vgs89rKIDJ//CCN94F3rzUSBtbrBB9fB8nZpFacTg=,tag:Y4QA6YKOUAWN5uhnG2C95Q==,type:str]
+rclone-postgresql-backups: ENC[AES256_GCM,data:rEINBfZezX3YSfQQhYm9JsgHOZE4c4us3dl5FvgZv2L+uIsoVVSNt0gr6My/nk19hL7IGY1I7ab2YgEwKE3w4rV3wpZ6+lCAucNM2YvGXWoqpvOvhH0YGfASA7yOSDaLZ69zL07UGX0WK2Z2dDrLOEz8NJsPbOn55XvDXVwjtR1o3R7j7bLKUHgcm8S/JGF0IQXvJWBN/WQzF66rFjNf0SxReEfa/mYLr3w+qdBpRVsZ3yiXQrvFUWj9GNS3FYfG6wro5SLGLuX7hDkGE+KiKv7j0cuMkphlQu0IyQ==,iv:NodSsCEPz6dMfSbHKE3sIfehaZ7cD3tq3gVtTceHmrg=,tag:lBDzO4QmOGyUBX5aAm2TYA==,type:str]
 rustic-nas-pass: ENC[AES256_GCM,data:uDiQQRxlpBfbwihXDR32aGjP41iZ,iv:qx6FJEllahkP9BPYFFfv9LHnnVTOl6B7Jv9OSfNkPok=,tag:MBUT77ccG/acr/U/X2zrCA==,type:str]
 rustic-vps-pass: ENC[AES256_GCM,data:LMdVK6j/TV9JLAxwWUtIfF//nf6r,iv:PjOYcNeLjlRx6uoZo+jr0oA9N60NJNNPloc9fc44raw=,tag:AjOzsfVIhDCb5a5D3yIdUA==,type:str]
+rustic-postgresql-pass: ENC[AES256_GCM,data:oUHakvIPSwkNy1lkQ4k14+CWIofO,iv:v3EFeZCkFyeY/ADK8vqYvAD0XDmnQFIq6XGd9B8jvXY=,tag:6+kGWMq+9iVLSf5p/TIp8g==,type:str]
+rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3RtZiMshuZdZTv0Y+tHteZB2i27Ka+u,iv:R2FEEhe+EoqFDQYbLJ3hrb+ENVvsP2c++WA0z3QQrxA=,tag:bifjyNyNouUhFGV6SpAg7Q==,type:str]
+rclone-s3-sync: ENC[AES256_GCM,data:xM7ufaVNhuLPKCU1XYCA7PGinrkPLeTYSH6zx1di6/Vnq8YjgD6X2F3SUxX/zi0LAe0y5SuP0QpOkPq9jF1wnuKojPRK4xOqurURdIztQnDtF1CP3slWzx5CjDYLdkPWpOm6LWuMA+84ghxfFjA/mb4hbpg8W90avrYd+8uyOYIiHxFSC27n6kuIRjWERxgcVth+8tK2gSyEC3Y2P+jodA1Yqxt++exFMaM53KDhFE9W5Z9uBOZTFI0CeRHkJWOnbRw6ArtAm8XuWaRCvbLf0PCr4ULdzO+POpebSI3F9HK983omaCYbqm37Cnvn7EFECatMLLcx3EHBNXHkzDGEDosUAp2HCB1dFiL2H444SIxDLcA9uqgsts8VfwbHbmy1Nh2jJ7nUhykPbmg17FWlXwGJoY9izLP/jbuGroiBgEPliorbvzYwxybudDJsamvdO9XDdqUIblHlXyWZLqNl2d7PS4Gom6YZ6Xdkf8Ffpq87EUOWC+Ey7q2rOsnwatANyjDIKQB2fMZ5zIYPntOBJ4tsjPqVvjXLA7O/bRjmD9Acy2OPyiXtw7mwtT32upUyZxHpCjp1zIYM,iv:2pXnmuz+Lrv/7p6CsqAElRovFdERV03VMA+X7vQF+Gw=,tag:mZbTfZRih4inCGrHdeH6EQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2024-01-19T11:27:22Z"
-    mac: ENC[AES256_GCM,data:EskxLpbdlrpB5yvUsyzgjoozqwPgDnqPLSkA8WcHmreqR+v1mEM/xY2GAije2TA4Bg7WGSKEBonuapk5hMHtehXy7+9iytdloDNQtXJWAoOy2PLd55E7shUdBVilEAa2mCUz5VDBz9jXMtlW0jv13W4iwXQ9ixKmzaUr/JSpnCk=,iv:t2MBxAtKrMOG/BoBOszkTu+o4bELfmU2cVLbvZK+BZw=,tag:u6E7DZDrC58zbpYf9tqDYA==,type:str]
+    lastmodified: "2024-01-23T15:17:00Z"
+    mac: ENC[AES256_GCM,data:Ws5QPNDrb/xHj9/F6d14l2juemaVzLecYs4SeN/Fwo0DSztJsZhSK9JV2gx+iZk1R5i5WKJumr+2SPeEbFzfQkIuemj32ECHGBPKI0UB1O48hEMWOxIMN03zXf56MujWWXoIeVK+bzVNPot9+qtU0mZQ/VvLlVpWF35vb8tkORE=,iv:nJKM7qFqK1ezTiMe8sXAOz+Bpg+BnKCZOGDKCgUEEHE=,tag:01+MqoF0jfGjauVeaVatyQ==,type:str]
    pgp:
        - created_at: "2024-01-22T10:23:32Z"
          enc: |-