public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #12202 from thoughtpolice/nixos/tarsnap/sep-cachedirs

Browse Source 
nixos: tarsnap - allow and document concurrent backups
This commit is contained in:
Domen Kožar 2016-01-17 12:48:59 +01:00
commit 2d681fdcf7
1 changed files with 47 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
nixos/modules/services/backup/tarsnap.nix
View File

@ -5,9 +5,9 @@ with lib;
let let
cfg = config.services.tarsnap; cfg = config.services.tarsnap;
configFile = cfg: '' configFile = name: cfg: ''
cachedir ${config.services.tarsnap.cachedir} cachedir ${config.services.tarsnap.cachedir}/${name}
keyfile ${config.services.tarsnap.keyfile} keyfile ${cfg.keyfile}
${optionalString cfg.nodump "nodump"} ${optionalString cfg.nodump "nodump"}
${optionalString cfg.printStats "print-stats"} ${optionalString cfg.printStats "print-stats"}
${optionalString cfg.printStats "humanize-numbers"} ${optionalString cfg.printStats "humanize-numbers"}
@ -41,6 +41,20 @@ in
account. account.
Create the keyfile with <command>tarsnap-keygen</command>. Create the keyfile with <command>tarsnap-keygen</command>.
Note that each individual archive (specified below) may also have its
own individual keyfile specified. Tarsnap does not allow multiple
concurrent backups with the same cache directory and key (starting a
new backup will cause another one to fail). If you have multiple
archives specified, you should either spread out your backups to be
far apart, or specify a separate key for each archive. By default
every archive defaults to using
<literal>"/root/tarsnap.key"</literal>.
It's recommended for backups that you generate a key for every archive
using <literal>tarsnap-keygen(1)</literal>, and then generate a
write-only tarsnap key using <literal>tarsnap-keymgmt(1)</literal>,
and keep your master key(s) for a particular machine off-site.
The keyfile name should be given as a string and not a path, to The keyfile name should be given as a string and not a path, to
avoid the key being copied into the Nix store. avoid the key being copied into the Nix store.
''; '';
@ -57,6 +71,12 @@ in
will refuse to run until you manually rebuild the cache with will refuse to run until you manually rebuild the cache with
<command>tarsnap --fsck</command>. <command>tarsnap --fsck</command>.
Note that each individual archive (specified below) has its own cache
directory specified under <literal>cachedir</literal>; this is because
tarsnap locks the cache during backups, meaning multiple services
archives cannot be backed up concurrently or overlap with a shared
cache.
Set to <literal>null</literal> to disable caching. Set to <literal>null</literal> to disable caching.
''; '';
}; };
@ -65,6 +85,28 @@ in
type = types.attrsOf (types.submodule ( type = types.attrsOf (types.submodule (
{ {
options = { options = {
keyfile = mkOption {
type = types.str;
default = config.services.tarsnap.keyfile;
description = ''
Set a specific keyfile for this archive. This defaults to
<literal>"/root/tarsnap.key"</literal> if left unspecified.
Use this option if you want to run multiple backups
concurrently - each archive must have a unique key. You can
generate a write-only key derived from your master key (which
is recommended) using <literal>tarsnap-keymgmt(1)</literal>.
Note: every archive must have an individual master key. You
must generate multiple keys with
<literal>tarsnap-keygen(1)</literal>, and then generate write
only keys from those.
The keyfile name should be given as a string and not a path, to
avoid the key being copied into the Nix store.
'';
};
nodump = mkOption { nodump = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
@ -258,6 +300,7 @@ in
mkdir -p -m 0700 ${cfg.cachedir} mkdir -p -m 0700 ${cfg.cachedir}
chown root:root ${cfg.cachedir} chown root:root ${cfg.cachedir}
chmod 0700 ${cfg.cachedir} chmod 0700 ${cfg.cachedir}
mkdir -p -m 0700 ${cfg.cachedir}/$1
DIRS=`cat /etc/tarsnap/$1.dirs` DIRS=`cat /etc/tarsnap/$1.dirs`
exec tarsnap --configfile /etc/tarsnap/$1.conf -c -f $1-$(date +"%Y%m%d%H%M%S") $DIRS exec tarsnap --configfile /etc/tarsnap/$1.conf -c -f $1-$(date +"%Y%m%d%H%M%S") $DIRS
''; '';
@ -280,7 +323,7 @@ in
environment.etc = environment.etc =
(mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf" (mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.conf"
{ text = configFile cfg; { text = configFile name cfg;
}) cfg.archives) // }) cfg.archives) //
(mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.dirs" (mapAttrs' (name: cfg: nameValuePair "tarsnap/${name}.dirs"
{ text = concatStringsSep " " cfg.directories; { text = concatStringsSep " " cfg.directories;