nixos/borgbackup: add option to allow removable devices

When having backup jobs that persist to a removable device like an
external HDD, the directory shouldn't be created by an activation script
as this might confuse auto-mounting tools such as udiskie(8).

In this case the job will simply fail, with the former approach
udiskie ran into some issues as the path `/run/media/ma27/backup` was
already there and owned by root.
This commit is contained in:
Maximilian Bosch 2019-09-30 17:35:13 +02:00
parent 593867effb
commit 2dfc67517a
No known key found for this signature in database
GPG key ID: 091DBF4D1FC46B8E

View file

@ -8,7 +8,7 @@ let
builtins.substring 0 1 x == "/" # absolute path
|| builtins.substring 0 1 x == "." # relative path
|| builtins.match "[.*:.*]" == null; # not machine:path
mkExcludeFile = cfg:
# Write each exclude pattern to a new line
pkgs.writeText "excludefile" (concatStringsSep "\n" cfg.exclude);
@ -104,12 +104,12 @@ let
install = "install -o ${cfg.user} -g ${cfg.group}";
in
nameValuePair "borgbackup-job-${name}" (stringAfter [ "users" ] (''
# Eensure that the home directory already exists
# Ensure that the home directory already exists
# We can't assert createHome == true because that's not the case for root
cd "${config.users.users.${cfg.user}.home}"
cd "${config.users.users.${cfg.user}.home}"
${install} -d .config/borg
${install} -d .cache/borg
'' + optionalString (isLocalPath cfg.repo) ''
'' + optionalString (isLocalPath cfg.repo && !cfg.removableDevice) ''
${install} -d ${escapeShellArg cfg.repo}
''));
@ -163,6 +163,13 @@ let
+ " without at least one public key";
};
mkRemovableDeviceAssertions = name: cfg: {
assertion = !(isLocalPath cfg.repo) -> !cfg.removableDevice;
message = ''
borgbackup.repos.${name}: repo isn't a local path, thus it can't be a removable device!
'';
};
in {
meta.maintainers = with maintainers; [ dotlambda ];
@ -202,6 +209,12 @@ in {
example = "user@machine:/path/to/repo";
};
removableDevice = mkOption {
type = types.bool;
default = false;
description = "Whether the repo (which must be local) is a removable device.";
};
archiveBaseName = mkOption {
type = types.strMatching "[^/{}]+";
default = "${globalConfig.networking.hostName}-${name}";
@ -511,7 +524,6 @@ in {
type = types.attrsOf (types.submodule (
{ ... }: {
options = {
path = mkOption {
type = types.path;
description = ''
@ -598,7 +610,8 @@ in {
(with config.services.borgbackup; {
assertions =
mapAttrsToList mkPassAssertion jobs
++ mapAttrsToList mkKeysAssertion repos;
++ mapAttrsToList mkKeysAssertion repos
++ mapAttrsToList mkRemovableDeviceAssertions jobs;
system.activationScripts = mapAttrs' mkActivationScript jobs;