public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #91424 from i077/restic-rclone-opts

Browse Source 
nixos/restic: Add rclone options
This commit is contained in:
Florian Klink 2020-07-11 23:57:47 +02:00 committed by GitHub
commit 8c0708f0bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 112 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
nixos/modules/services/backup/restic.nix
View File

@ -31,6 +31,59 @@ in
''; '';
}; };
rcloneOptions = mkOption {
type = with types; nullOr (attrsOf (oneOf [ str bool ]));
default = null;
description = ''
Options to pass to rclone to control its behavior.
See <link xlink:href="https://rclone.org/docs/#options"/> for
available options. When specifying option names, strip the
leading <literal>--</literal>. To set a flag such as
<literal>--drive-use-trash</literal>, which does not take a value,
set the value to the Boolean <literal>true</literal>.
'';
example = {
bwlimit = "10M";
drive-use-trash = "true";
};
};
rcloneConfig = mkOption {
type = with types; nullOr (attrsOf (oneOf [ str bool ]));
default = null;
description = ''
Configuration for the rclone remote being used for backup.
See the remote's specific options under rclone's docs at
<link xlink:href="https://rclone.org/docs/"/>. When specifying
option names, use the "config" name specified in the docs.
For example, to set <literal>--b2-hard-delete</literal> for a B2
remote, use <literal>hard_delete = true</literal> in the
attribute set.
Warning: Secrets set in here will be world-readable in the Nix
store! Consider using the <literal>rcloneConfigFile</literal>
option instead to specify secret values separately. Note that
options set here will override those set in the config file.
'';
example = {
type = "b2";
account = "xxx";
key = "xxx";
hard_delete = true;
};
};
rcloneConfigFile = mkOption {
type = with types; nullOr path;
default = null;
description = ''
Path to the file containing rclone configuration. This file
must contain configuration for the remote specified in this backup
set and also must be readable by root. Options set in
<literal>rcloneConfig</literal> will override those set in this
file.
'';
};
repository = mkOption { repository = mkOption {
type = types.str; type = types.str;
description = '' description = ''
@ -170,11 +223,22 @@ in
( resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts) ) ( resticCmd + " forget --prune " + (concatStringsSep " " backup.pruneOpts) )
( resticCmd + " check" ) ( resticCmd + " check" )
]; ];
# Helper functions for rclone remotes
rcloneRemoteName = builtins.elemAt (splitString ":" backup.repository) 1;
rcloneAttrToOpt = v: "RCLONE_" + toUpper (builtins.replaceStrings [ "-" ] [ "_" ] v);
rcloneAttrToConf = v: "RCLONE_CONFIG_" + toUpper (rcloneRemoteName + "_" + v);
toRcloneVal = v: if lib.isBool v then lib.boolToString v else v;
in nameValuePair "restic-backups-${name}" ({ in nameValuePair "restic-backups-${name}" ({
environment = { environment = {
RESTIC_PASSWORD_FILE = backup.passwordFile; RESTIC_PASSWORD_FILE = backup.passwordFile;
RESTIC_REPOSITORY = backup.repository; RESTIC_REPOSITORY = backup.repository;
}; } // optionalAttrs (backup.rcloneOptions != null) (mapAttrs' (name: value:
nameValuePair (rcloneAttrToOpt name) (toRcloneVal value)
) backup.rcloneOptions) // optionalAttrs (backup.rcloneConfigFile != null) {
RCLONE_CONFIG = backup.rcloneConfigFile;
} // optionalAttrs (backup.rcloneConfig != null) (mapAttrs' (name: value:
nameValuePair (rcloneAttrToConf name) (toRcloneVal value)
) backup.rcloneConfig);
path = [ pkgs.openssh ]; path = [ pkgs.openssh ];
restartIfChanged = false; restartIfChanged = false;
serviceConfig = { serviceConfig = {

55
nixos/tests/restic.nix
View File

@ -4,33 +4,50 @@ import ./make-test-python.nix (
let let
password = "some_password"; password = "some_password";
repository = "/tmp/restic-backup"; repository = "/tmp/restic-backup";
passwordFile = pkgs.writeText "password" "correcthorsebatterystaple"; rcloneRepository = "rclone:local:/tmp/restic-rclone-backup";
passwordFile = "${pkgs.writeText "password" "correcthorsebatterystaple"}";
initialize = true;
paths = [ "/opt" ];
pruneOpts = [
"--keep-daily 2"
"--keep-weekly 1"
"--keep-monthly 1"
"--keep-yearly 99"
];
in in
{ {
name = "restic"; name = "restic";
meta = with pkgs.stdenv.lib.maintainers; { meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ bbigras ]; maintainers = [ bbigras i077 ];
}; };
nodes = { nodes = {
server = server =
{ ... }: { pkgs, ... }:
{ {
services.restic.backups = { services.restic.backups = {
remotebackup = { remotebackup = {
inherit repository; inherit repository passwordFile initialize paths pruneOpts;
passwordFile = "${passwordFile}"; };
initialize = true; rclonebackup = {
paths = [ "/opt" ]; repository = rcloneRepository;
pruneOpts = [ rcloneConfig = {
"--keep-daily 2" type = "local";
"--keep-weekly 1" one_file_system = true;
"--keep-monthly 1" };
"--keep-yearly 99"
]; # This gets overridden by rcloneConfig.type
rcloneConfigFile = pkgs.writeText "rclone.conf" ''
[local]
type=ftp
'';
inherit passwordFile initialize paths pruneOpts;
}; };
}; };
environment.sessionVariables.RCLONE_CONFIG_LOCAL_TYPE = "local";
}; };
}; };
@ -38,25 +55,35 @@ import ./make-test-python.nix (
server.start() server.start()
server.wait_for_unit("dbus.socket") server.wait_for_unit("dbus.socket")
server.fail( server.fail(
"${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots" "${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots",
"${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots",
) )
server.succeed( server.succeed(
"mkdir -p /opt", "mkdir -p /opt",
"touch /opt/some_file", "touch /opt/some_file",
"mkdir -p /tmp/restic-rclone-backup",
"timedatectl set-time '2016-12-13 13:45'", "timedatectl set-time '2016-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service", "systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-rclonebackup.service",
'${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"', '${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
'${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots -c | grep -e "^1 snapshot"',
"timedatectl set-time '2017-12-13 13:45'", "timedatectl set-time '2017-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service", "systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-rclonebackup.service",
"timedatectl set-time '2018-12-13 13:45'", "timedatectl set-time '2018-12-13 13:45'",
"systemctl start restic-backups-remotebackup.service", "systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-rclonebackup.service",
"timedatectl set-time '2018-12-14 13:45'", "timedatectl set-time '2018-12-14 13:45'",
"systemctl start restic-backups-remotebackup.service", "systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-rclonebackup.service",
"timedatectl set-time '2018-12-15 13:45'", "timedatectl set-time '2018-12-15 13:45'",
"systemctl start restic-backups-remotebackup.service", "systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-rclonebackup.service",
"timedatectl set-time '2018-12-16 13:45'", "timedatectl set-time '2018-12-16 13:45'",
"systemctl start restic-backups-remotebackup.service", "systemctl start restic-backups-remotebackup.service",
"systemctl start restic-backups-rclonebackup.service",
'${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots -c | grep -e "^4 snapshot"', '${pkgs.restic}/bin/restic -r ${repository} -p ${passwordFile} snapshots -c | grep -e "^4 snapshot"',
'${pkgs.restic}/bin/restic -r ${rcloneRepository} -p ${passwordFile} snapshots -c | grep -e "^4 snapshot"',
) )
''; '';
} }

9
pkgs/tools/backup/restic/default.nix
View File

@ -1,4 +1,5 @@
{ stdenv, lib, buildGoPackage, fetchFromGitHub, installShellFiles, nixosTests}: { stdenv, lib, buildGoPackage, fetchFromGitHub, installShellFiles, makeWrapper
, nixosTests, rclone }:
buildGoPackage rec { buildGoPackage rec {
pname = "restic"; pname = "restic";
@ -15,11 +16,13 @@ buildGoPackage rec {
subPackages = [ "cmd/restic" ]; subPackages = [ "cmd/restic" ];
nativeBuildInputs = [ installShellFiles ]; nativeBuildInputs = [ installShellFiles makeWrapper ];
passthru.tests.restic = nixosTests.restic; passthru.tests.restic = nixosTests.restic;
postInstall = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) '' postInstall = ''
wrapProgram $out/bin/restic --prefix PATH : '${rclone}/bin'
'' + lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
$out/bin/restic generate \ $out/bin/restic generate \
--bash-completion restic.bash \ --bash-completion restic.bash \
--zsh-completion restic.zsh \ --zsh-completion restic.zsh \