7 Commits 3e864bba1c ... cb6b0c3f8d

Author SHA1 Message Date
  Oleg Pykhalov cb6b0c3f8d services: backup: Backup whonix-gateway-direct. 1 month ago
  Oleg Pykhalov 27bdaf139e services: backup: Add restic-openwrt-backup. 1 month ago
  Oleg Pykhalov a884f9453b services: backup: Use variables instead of procedures. 1 month ago
  Oleg Pykhalov 0c0c7faa77 services: backup: Use RESTIC_PASSWORD_FILE environment variable. 1 month ago
  Oleg Pykhalov 7216316326 services: backup: Backup openwrt. 1 month ago
  Oleg Pykhalov a5d95788f5 services: backup: Add restic-repository-init. 1 month ago
  Oleg Pykhalov efbab3c901 services: backup: Replace duplicated procedures. 1 month ago
2 changed files with 82 additions and 79 deletions
  1. 9 5
      dotfiles/guixsd/guixsd.scm
  2. 73 74
      dotfiles/guixsd/modules/services/backup.scm

+ 9 - 5
dotfiles/guixsd/guixsd.scm

@@ -1137,11 +1137,15 @@ location / {
                               lvm2
                               smartmontools)
                         (map package-from-program-file
-                             (list (restic-system-backup)
-                                   (restic-guix-backup)
-                                   (restic-win10-backup)
-                                   (restic-win2022-backup)
-                                   (restic-ntfsgames-backup)))
+                             (list restic-system-backup
+                                   restic-guix-backup
+                                   restic-win10-backup
+                                   restic-win2022-backup
+                                   restic-ntfsgames-backup
+                                   restic-openwrt-init
+                                   restic-openwrt-backup
+                                   restic-whonix-gateway-direct-init
+                                   restic-whonix-gateway-direct-backup))
                         %my-system-packages))
 
       (groups (cons* ;; (user-group (name "nixbld")

+ 73 - 74
dotfiles/guixsd/modules/services/backup.scm

@@ -38,6 +38,12 @@
             restic-win2022-backup
             restic-ntfsgames-backup
 
+            restic-openwrt-init
+            restic-openwrt-backup
+
+            restic-whonix-gateway-direct-init
+            restic-whonix-gateway-direct-backup
+
             restic-command))
 
 ;;; Commentary:
@@ -171,7 +177,7 @@
 (define %user-home
   (passwd:dir (getpw "oleg")))
 
-(define (restic-system-backup)
+(define restic-system-backup
   (program-file
    "restic-backup-system"
    #~(begin
@@ -191,7 +197,7 @@
                       (map (lambda (directory)
                              (string-append #$%user-home "/" directory))
                            '#$%user-directories))))
-         (setenv "RESTIC_PASSWORD"
+         (setenv "RESTIC_PASSWORD_FILE"
                  (string-trim-right
                   (with-input-from-file "/etc/guix/secrets/restic"
                     read-string)))
@@ -209,7 +215,7 @@
 (define* (restic-lv-backup vg lv
                            #:key (predicate #~(begin #t))
                            restic-repository
-                           restic-password
+                           restic-password-file
                            (lvm2-snapshot-size "32G"))
   "Return a GEXP which defines a logical volume backup steps."
   (let* ((device (string-append "/dev/" vg "/" lv))
@@ -220,10 +226,10 @@
      #~(begin
          (use-modules (ice-9 rdelim)
                       (srfi srfi-1))
-         (if #$(predicate)
+         (if #$predicate
              (begin
                (format #t "Creating new Restic ~a snapshot~%" #$device)
-               (setenv "RESTIC_PASSWORD" #$(restic-password))
+               (setenv "RESTIC_PASSWORD_FILE" #$restic-password-file)
                (zero?
                 (system
                  (string-join
@@ -245,7 +251,7 @@
                                 "--snapshot" #$device))
                      (begin
                        (format #t "Creating new Restic ~a snapshot~%" #$device)
-                       (setenv "RESTIC_PASSWORD" #$(restic-password))
+                       (setenv "RESTIC_PASSWORD_FILE" #$restic-password-file)
                        (zero?
                         (system
                          (string-join
@@ -265,99 +271,92 @@
                         (system* #$lvremove-binary "--yes"
                                  #$lvm2-snapshot-device))))))))))
 
-(define (win10-shut-off?)
+(define (virtual-machine-shut-off? virtual-machine-name)
   #~(begin
       (use-modules (ice-9 popen)
                    (ice-9 rdelim))
       (let* ((port (open-pipe* OPEN_READ #$virsh-binary
-                               "domstate" "win10"))
+                               "domstate" #$virtual-machine-name))
              (output (read-string port)))
         (close-port port)
         (string= (string-trim-right output #\newline)
                  "shut off"))))
 
-(define (win10-password)
-  #~(begin
-      (use-modules (ice-9 rdelim))
-      (string-trim-right
-       (with-input-from-file "/etc/guix/secrets/windows"
-         read-string))))
-
-(define (restic-win10-backup)
+(define restic-win10-backup
   (restic-lv-backup "lvm1" "win10"
                     #:restic-repository "/srv/backup/win10"
-                    #:restic-password win10-password
-                    #:predicate win10-shut-off?))
-
-(define (win2022-password)
-  #~(begin
-      (use-modules (ice-9 rdelim))
-      (string-trim-right
-       (with-input-from-file "/etc/guix/secrets/windows"
-         read-string))))
-
-(define (restic-win2022-backup)
-  (restic-lv-backup "lvm2" "win2022"
-                    #:restic-repository "/srv/backup/win2022"
-                    #:restic-password win2022-password
-                    #:predicate win2022-shut-off?))
-
-(define (win2022-shut-off?)
-  #~(begin
-      (use-modules (ice-9 popen)
-                   (ice-9 rdelim))
-      (let* ((port (open-pipe* OPEN_READ #$virsh-binary
-                               "domstate" "win2022"))
-             (output (read-string port)))
-        (close-port port)
-        (string= (string-trim-right output #\newline)
-                 "shut off"))))
+                    #:restic-password-file "/etc/guix/secrets/windows"
+                    #:predicate (virtual-machine-shut-off? "win10")))
 
-(define (restic-win2022-backup)
+(define restic-win2022-backup
   (restic-lv-backup "lvm2" "win2022"
                     #:restic-repository "/srv/backup/win2022"
-                    #:restic-password win2022-password
-                    #:predicate win2022-shut-off?))
+                    #:restic-password-file "/etc/guix/secrets/windows"
+                    #:predicate (virtual-machine-shut-off? "win2022")))
 
-(define (restic-ntfsgames-backup)
+(define restic-ntfsgames-backup
   (restic-lv-backup "lvm2" "ntfsgames"
                     #:restic-repository "/srv/backup/ntfsgames"
-                    #:restic-password win10-password
-                    #:predicate win10-shut-off?))
-
-(define (guix-password)
-  #~(begin
-      (use-modules (ice-9 rdelim))
-      (string-trim-right
-       (with-input-from-file "/etc/guix/secrets/guix"
-         read-string))))
+                    #:restic-password-file "/etc/guix/secrets/guix"
+                    #:predicate (virtual-machine-shut-off? "win10")))
 
-(define (guix-shut-off?)
-  #~(begin
-      (use-modules (ice-9 popen)
-                   (ice-9 rdelim))
-      (let* ((port (open-pipe* OPEN_READ #$virsh-binary
-                               "domstate" "guix"))
-             (output (read-string port)))
-        (close-port port)
-        (string= (string-trim-right output #\newline)
-                 "shut off"))))
-
-(define (restic-guix-backup)
+(define restic-guix-backup
   (restic-lv-backup "lvm2" "guix"
                     #:restic-repository "/srv/backup/guix"
-                    #:restic-password guix-password
-                    #:predicate guix-shut-off?))
+                    #:restic-password-file "/etc/guix/secrets/guix"
+                    #:predicate (virtual-machine-shut-off? "guix")))
+
+(define restic-openwrt-backup
+  (restic-lv-backup "lvm1" "openwrt"
+                    #:restic-repository "/srv/backup/openwrt"
+                    #:restic-password-file "/etc/guix/secrets/restic-openwrt"
+                    #:predicate (virtual-machine-shut-off? "openwrt")))
+
+(define restic-whonix-gateway-direct-backup
+  (restic-lv-backup "lvm1" "whonix-gateway-direct"
+                    #:restic-repository "/srv/backup/whonix-gateway-direct"
+                    #:restic-password-file "/etc/guix/secrets/restic-whonix-gateway-direct"
+                    #:predicate (virtual-machine-shut-off? "whonix-gateway-direct")))
+
+(define (restic-repository-init restic-repository-name
+                                restic-repository-directory
+                                restic-password-file)
+  (program-file
+   (string-append "restic-repository-init-" restic-repository-name)
+   #~(unless (file-exists? #$restic-repository-directory)
+       (use-modules (ice-9 rdelim))
+       (setenv "RESTIC_PASSWORD_FILE" #$restic-password-file)
+       (format #t "Creating new Restic ~a repository~%"
+               #$restic-repository-directory)
+       (zero?
+        (apply system*
+               (append (list #$restic-binary "--no-cache"
+                             "--repo" #$restic-repository-directory)
+                       (list "init")))))))
+
+(define restic-openwrt-init
+  (restic-repository-init "openwrt"
+                          "/srv/backup/openwrt"
+                          "/etc/guix/secrets/restic-openwrt"))
+
+(define restic-whonix-gateway-direct-init
+  (restic-repository-init "whonix-gateway-direct"
+                          "/srv/backup/whonix-gateway-direct"
+                          "/etc/guix/secrets/restic-whonix-gateway-direct"))
 
 (define (restic-command)
   (program-file
    "restic-commands"
    #~(map (lambda (program)
             (zero? (system* program)))
-          (list #$(restic-system-backup)
-                #$(restic-guix-backup)
-                #$(restic-win10-backup)
-                #$(restic-win2022-backup)
-                #$(restic-ntfsgames-backup)))))
+          (list #$restic-system-backup
+                #$restic-guix-backup
+                #$restic-win10-backup
+                #$restic-win2022-backup
+                #$restic-ntfsgames-backup
+                #$restic-openwrt-init
+                #$restic-openwrt-backup
+                #$restic-whonix-gateway-direct-init
+                #$restic-whonix-gateway-direct-backup))))
 
 ;;; backup.scm ends here