From 6e521e2fbd758fb0650ae64359d94e4c4cc37964 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Sun, 2 Jun 2024 21:35:28 +0200
Subject: [PATCH] Add initial version

---
 backup.nix | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 flake.nix  | 34 +++++++++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 backup.nix
 create mode 100644 flake.nix

diff --git a/backup.nix b/backup.nix
new file mode 100644
index 0000000..12c1476
--- /dev/null
+++ b/backup.nix
@@ -0,0 +1,73 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.backup-helper;
+  restic-wrapper = pkgs.writeShellApplication {
+    name = "restic-wrapper";
+    runtimeInputs = [
+      pkgs.restic
+      pkgs.systemd
+    ];
+    text = ''
+      echo "Starting backup.";
+      path="$(systemd-escape -u --path ''${1})";
+      restic backup "$path";
+      restic forget -d 7 -w 4 -m 6 --keep-within 1d --prune
+    '';
+  };
+in
+{
+  options.backup-helper.enable = lib.mkEnableOption "Enable backup-helper";
+  options.backup-helper = {
+    restic-repository = lib.mkOption {
+      type = lib.types.str;
+      default = "rest:http://10.69.12.52:8000/backup-nix";
+      description = "Repository to use for restic backup.";
+    };
+    backup-dirs = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      description = "Directories to be backed up.";
+    };
+    schedule = lib.mkOption {
+      type = lib.types.str;
+      default = "*-*-* 00:00:00";
+      description = "Schedule for backups. Needs to be valid systemd OnCalendar value.";
+    };
+    password-file = lib.mkOption {
+      type = lib.types.str;
+      defaullt = null;
+      description = "File containing the restic password.";
+    };
+    randomized-delay = lib.mkOption {
+      type = lib.types.int;
+      default = 0;
+      description = "Randomized delay in seconds to spread out backups.";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services."backup-helper@" = {
+      after = "network-online.target";
+      enable = false;
+      environment = {
+        RESTIC_REPOSITORY = cfg.restic-repository;
+      } // lib.attrsets.optionalAttrs (builtins.hasAttr "password-file" cfg) {
+        RESTIC_PASSWORD_FILE = cfg.password-file;
+      };
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${restic-wrapper}/bin/restic-wrapper %i";
+      };
+    };
+    systemd.timers."backup-helper@" = {
+      enable = false;
+      environment = {
+        timerConfig = {
+          OnCalendar = cfg.schedule;
+          Persistent = true;
+          RandomizedDelaySec = cfg.randomized-delay;
+        };
+      };
+    };
+  };
+}
+
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..52ac2bd
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,34 @@
+{
+  description = "OpoenGL testing";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+  outputs = { self, nixpkgs }:
+    let
+      allSystems = [
+        "x86_64-linux"
+        "aarch64-linux"
+        "x86_64-darwin"
+        "aarch64-darwin"
+      ];
+      forAllSystems = f: nixpkgs.lib.genAttrs allSystems (system: f {
+        pkgs = import nixpkgs { inherit system; };
+      });
+    in
+    {
+      nixosModules.backup-helper = import ./backup.nix;
+      nixosModules.default = self.nixosModules.backup-helper;
+
+      devShells = forAllSystems ({ pkgs }: {
+        default = pkgs.mkShell {
+          packages = with pkgs;
+            [
+              restic
+              bash
+              jq
+              curl
+            ];
+        };
+      });
+    };
+}