From b62f3c20ac7551ec0cf8a70818f75d70f6f36307 Mon Sep 17 00:00:00 2001 From: hektor Date: Sun, 19 Apr 2026 17:50:53 +0200 Subject: [PATCH] refactor(backups): simplify backups module --- hosts/andromache/default.nix | 1 + hosts/astyanax/default.nix | 1 + modules/backups/default.nix | 44 ++++++++++++++++-------------------- 3 files changed, 22 insertions(+), 24 deletions(-) diff --git a/hosts/andromache/default.nix b/hosts/andromache/default.nix index 337e541b..fe2c6e46 100644 --- a/hosts/andromache/default.nix +++ b/hosts/andromache/default.nix @@ -57,6 +57,7 @@ in secrets.nixSigningKey.enable = true; + restic-backup.enable = true; tailscale.enable = true; docker.enable = true; diff --git a/hosts/astyanax/default.nix b/hosts/astyanax/default.nix index 40d7be77..26905937 100644 --- a/hosts/astyanax/default.nix +++ b/hosts/astyanax/default.nix @@ -53,6 +53,7 @@ in secrets.nixSigningKey.enable = true; + restic-backup.enable = true; tailscale.enable = true; docker.enable = true; nfc.enable = true; diff --git a/modules/backups/default.nix b/modules/backups/default.nix index b1ffbdba..5ff81388 100644 --- a/modules/backups/default.nix +++ b/modules/backups/default.nix @@ -8,38 +8,35 @@ let cfg = config.restic-backup; inherit (config.secrets) sopsDir; + mkSopsSecrets = myUtils.mkSopsSecrets sopsDir; + host = config.networking.hostName; in { - options = { - restic-backup = { - repository = lib.mkOption { - type = lib.types.str; - default = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${config.networking.hostName}"; - }; + options.restic-backup = { + enable = lib.mkEnableOption "restic backups"; - passwordFile = lib.mkOption { - type = lib.types.str; - default = config.sops.secrets."restic/password".path; - }; + passwordFile = lib.mkOption { + type = lib.types.str; + default = config.sops.secrets."restic/password".path; + }; - paths = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "/home" ]; - }; + paths = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "/home" ]; }; }; - config = { + config = lib.mkIf cfg.enable { sops = { secrets = lib.mkMerge [ - (myUtils.mkSopsSecrets sopsDir "restic" [ "password" ] { }) - (myUtils.mkSopsSecrets sopsDir "backblaze-b2" [ "bucket-name" "account-id" "account-key" ] { }) + (mkSopsSecrets "restic" [ "password" ] { }) + (mkSopsSecrets "backblaze-b2" [ "bucket-name" "account-id" "account-key" ] { }) ]; templates = { - "restic/repo-${config.networking.hostName}" = { - content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${config.networking.hostName}"; + "restic/repo-${host}" = { + content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${host}"; }; - "restic/b2-env-${config.networking.hostName}" = { + "restic/b2-env-${host}" = { content = '' B2_ACCOUNT_ID=${config.sops.placeholder."backblaze-b2/account-id"} B2_ACCOUNT_KEY=${config.sops.placeholder."backblaze-b2/account-key"} @@ -49,9 +46,8 @@ in }; services.restic.backups.home = { - repositoryFile = config.sops.templates."restic/repo-${config.networking.hostName}".path; - inherit (cfg) passwordFile; - inherit (cfg) paths; + repositoryFile = config.sops.templates."restic/repo-${host}".path; + inherit (cfg) passwordFile paths; timerConfig = { OnCalendar = "daily"; Persistent = true; @@ -64,7 +60,7 @@ in "--keep-monthly 6" "--keep-yearly 1" ]; - environmentFile = config.sops.templates."restic/b2-env-${config.networking.hostName}".path; + environmentFile = config.sops.templates."restic/b2-env-${host}".path; }; }; }