uniworx/k8s-gitlab-borg
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

nixos module

Browse Source
This commit is contained in:
Gregor Kleen 2023-05-07 16:00:55 +02:00
parent 91acea56c7
commit 3252c60666
2 changed files with 137 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
flake.nix
View File

@ -101,8 +101,10 @@
};
flake.nixosModules = {
k8s-gitlab-borg = import ./k8s-gitlab-borg.nix;
default = {config, ...}: {
imports = with self.nixosModules; [];
imports = with self.nixosModules; [k8s-gitlab-borg];
config.nixpkgs.overlays = [self.overlays.default];
};

134
k8s-gitlab-borg.nix Normal file
View File

@ -0,0 +1,134 @@
# SPDX-FileCopyrightText: 2023 Gregor Kleen
#
# SPDX-License-Identifier: GPL-3.0-or-later
{
config,
pkgs,
lib,
flakeInputs,
hostName,
...
}:
with lib; let
cfg = config.services.k8s-gitlab-borg;
toml = pkgs.formats.toml {};
in {
options = {
services.k8s-gitlab-borg = {
enable = mkEnableOption "k8s-gitlab-borg service";
package = mkOption {
type = types.package;
default = pkgs.k8s-gitlab-borg;
defaultText = "pkgs.k8s-gitlab-borg";
};
execInterval = mkOption {
type = types.str;
default = "*-*-* *:00";
};
target = mkOption {
type = types.str;
};
archive-prefix = mkOption {
type = types.str;
default = "${config.networking.hostName}.gitlab.";
defaultText = ''
"''${config.networking.hostName}.gitlab."
'';
};
verbosity = mkOption {
type = types.int;
default = 2;
};
sshConfig = mkOption {
type = with types; nullOr str;
default = null;
};
keyfile = mkOption {
type = with types; nullOr str;
default = null;
};
unknownUnencryptedRepoAccessOk = mkOption {
type = types.bool;
default = false;
};
hostnameIsUnique = mkOption {
type = types.bool;
default = true;
};
borgBaseDir = mkOption {
type = types.nullOr types.str;
default = "/var/lib/borg";
};
config = mkOption {
type = toml.type;
default = {};
};
extraArgs = mkOption {
type = with types; listOf str;
default = [];
};
};
};
config = mkIf cfg.enable {
services.k8s-gitlab-borg.config = {
k8s-gitlab-borg.timezone = mkIf (config.time.timeZone != null) config.time.timeZone;
keep."4h".count = 6;
keep.daily.count = 7;
copy.daily.count = 1;
};
systemd.services."k8s-gitlab-borg" = {
description = "Copy GitLab backups to borg";
after = optional config.services.k3s.enable "k3s.service";
bindsTo = optional config.services.k3s.enable "k3s.service";
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/k8s-gitlab-borg ${escapeShellArgs ([
"--verbosity=${toString cfg.verbosity}"
"--target=${cfg.target}"
"--archive-prefix=${cfg.archive-prefix}"
(toml.generate "k8s-gitlab-borg.toml" cfg.config)
]
++ cfg.extraArgs)}";
LogRateLimitIntervalSec = 0;
Environment =
optionals (!(isNull cfg.borgBaseDir)) [
"BORG_BASE_DIR=${cfg.borgBaseDir}"
"BORG_CONFIG_DIR=${cfg.borgBaseDir}/config"
"BORG_CACHE_DIR=${cfg.borgBaseDir}/cache"
"BORG_SECURITY_DIR=${cfg.borgBaseDir}/security"
"BORG_KEYS_DIR=${cfg.borgBaseDir}/keys"
]
++ optional cfg.unknownUnencryptedRepoAccessOk "BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes"
++ optional cfg.hostnameIsUnique "BORG_HOSTNAME_IS_UNIQUE=yes"
++ optional (!(isNull cfg.sshConfig)) "BORG_RSH=\"${pkgs.openssh}/bin/ssh -F ${pkgs.writeText "config" cfg.sshConfig}\""
++ optional (!(isNull cfg.keyfile)) "BORG_KEY_FILE=${cfg.keyfile}";
LoadCredential = optional config.services.k3s.enable "k8s.yaml:/etc/rancher/k3s/k3s.yaml";
};
};
systemd.timers."k8s-gitlab-borg" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = cfg.execInterval;
Persistent = true;
};
};
};
}