public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/borgbackup: let borg write to disk and see /tmp, add extraArgs

Browse Source
This commit is contained in:
Simon Lackerbauer 2018-05-03 16:18:56 +02:00 committed by Robin Gloster
parent 400484008c
commit 1433ec60af
No known key found for this signature in database
GPG Key ID: D5C458DF6DD97EDF
1 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
nixos/modules/services/backup/borgbackup.nix
View File

@ -35,25 +35,26 @@ let
${cfg.preHook} ${cfg.preHook}
'' + optionalString cfg.doInit '' '' + optionalString cfg.doInit ''
# Run borg init if the repo doesn't exist yet # Run borg init if the repo doesn't exist yet
if ! borg list > /dev/null; then if ! borg list ${cfg.extraArgs} > /dev/null; then
borg init \ borg init ${cfg.extraArgs} \
--encryption ${cfg.encryption.mode} \ --encryption ${cfg.encryption.mode} \
$extraInitArgs $extraInitArgs
${cfg.postInit} ${cfg.postInit}
fi fi
'' + '' '' + ''
borg create \ borg create ${cfg.extraArgs} \
--compression ${cfg.compression} \ --compression ${cfg.compression} \
--exclude-from ${mkExcludeFile cfg} \ --exclude-from ${mkExcludeFile cfg} \
$extraCreateArgs \ $extraCreateArgs \
"::$archiveName$archiveSuffix" \ "::$archiveName$archiveSuffix" \
${escapeShellArgs cfg.paths} ${escapeShellArgs cfg.paths}
'' + optionalString cfg.appendFailedSuffix '' '' + optionalString cfg.appendFailedSuffix ''
borg rename "::$archiveName$archiveSuffix" "$archiveName" borg rename ${cfg.extraArgs} \
"::$archiveName$archiveSuffix" "$archiveName"
'' + '' '' + ''
${cfg.postCreate} ${cfg.postCreate}
'' + optionalString (cfg.prune.keep != { }) '' '' + optionalString (cfg.prune.keep != { }) ''
borg prune \ borg prune ${cfg.extraArgs} \
${mkKeepArgs cfg} \ ${mkKeepArgs cfg} \
--prefix ${escapeShellArg cfg.prune.prefix} \ --prefix ${escapeShellArg cfg.prune.prefix} \
$extraPruneArgs $extraPruneArgs
@ -85,9 +86,10 @@ let
ProtectSystem = "strict"; ProtectSystem = "strict";
ReadWritePaths = ReadWritePaths =
[ "${userHome}/.config/borg" "${userHome}/.cache/borg" ] [ "${userHome}/.config/borg" "${userHome}/.cache/borg" ]
++ cfg.readWritePaths
# Borg needs write access to repo if it is not remote # Borg needs write access to repo if it is not remote
++ optional (isLocalPath cfg.repo) cfg.repo; ++ optional (isLocalPath cfg.repo) cfg.repo;
PrivateTmp = true; PrivateTmp = cfg.privateTmp;
}; };
environment = { environment = {
BORG_REPO = cfg.repo; BORG_REPO = cfg.repo;
@ -318,6 +320,30 @@ in {
]; ];
}; };
readWritePaths = mkOption {
type = with types; listOf path;
description = ''
By default, borg cannot write anywhere on the system but
<literal>$HOME/.config/borg</literal> and <literal>$HOME/.cache/borg</literal>.
If, for example, your preHook script needs to dump files
somewhere, put those directories here.
'';
default = [ ];
example = [
"/var/backup/mysqldump"
];
};
privateTmp = mkOption {
type = types.bool;
description = ''
Set the <literal>PrivateTmp</literal> option for
the systemd-service. Set to false if you need sockets
or other files from global /tmp.
'';
default = true;
};
doInit = mkOption { doInit = mkOption {
type = types.bool; type = types.bool;
description = '' description = ''
@ -430,6 +456,16 @@ in {
default = ""; default = "";
}; };
extraArgs = mkOption {
type = types.str;
description = ''
Additional arguments for all <command>borg</command> calls the
service has. Handle with care.
'';
default = "";
example = "--remote-path=borg1";
};
extraInitArgs = mkOption { extraInitArgs = mkOption {
type = types.str; type = types.str;
description = '' description = ''