From 059bee06233d1987746f625905d552e219d4bfbc Mon Sep 17 00:00:00 2001
From: Profpatsch <mail@profpatsch.de>
Date: Sat, 13 Feb 2021 13:45:29 +0100
Subject: feat(pkgs/profpatsch): add backup script

Small wrapper around duplicity to restore/create my backups with.
The legosi backup is created by `services.duplicity`, but can be
restored from the script via the read-only application key.
---
 pkgs/profpatsch/backup/default.nix | 153 +++++++++++++++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 pkgs/profpatsch/backup/default.nix

(limited to 'pkgs/profpatsch/backup')

diff --git a/pkgs/profpatsch/backup/default.nix b/pkgs/profpatsch/backup/default.nix
new file mode 100644
index 00000000..f817354e
--- /dev/null
+++ b/pkgs/profpatsch/backup/default.nix
@@ -0,0 +1,153 @@
+{ pkgs, getBins, writeExecline, backtick }:
+
+let
+
+  bins = getBins pkgs.duplicity [ "duplicity" ]
+      // getBins pkgs.pass [ "pass" ]
+      // getBins pkgs.coreutils [ "printf" "echo" ];
+
+  gpgKeyId = "4ACFD7592710266E18CEBB28C5CFD08B22247CDF";
+
+  fetchSecretIntoEnv = writeExecline "fetch-secret-into-env" { readNArgs = 2; } [
+    "backtick" "-in" "$1" [
+      bins.pass "show" "$2"
+    ]
+    "$@"
+  ];
+
+  debugExec = msg: writeExecline "debug-exec" {} [
+    "if" [
+      "fdmove" "-c" "1" "2"
+      "if" [ bins.printf "%s: " msg ]
+      "if" [ bins.echo "$@" ]
+    ]
+    "$@"
+  ];
+
+  # TODO: create ncdu script by removing trailing slashes
+  # from excludes
+
+  exclude-home-dirs = [
+    # archived not backupped
+    "Downloads/"
+    "Music/"
+    "Documents/"
+    "Dropbox/"
+    "Pictures/"
+    "videos/"
+    "games/"
+    # local tmp dir
+    "tmp/"
+    # big uninteresting stuff
+    ".cache/"
+    ".local/share/Steam/"
+    ".local/share/Trash/"
+    ".config/chromium/Default/Service?Worker/"
+    ".config/chromium/Default/IndexedDB/"
+    ".config/chromium/Default/Local?Storage/"
+    ".config/chromium/Default/Application?Cache/"
+    ".stack/"
+    ".cargo/"
+    ".mozilla/firefox/*.default/storage/"
+    ".cabal/"
+    ".go/"
+    ".vagrant.d/"
+    ".minecraft/"
+    ".npm/"
+    ".gem/"
+    # consistently updating caches
+    ".Mail/.notmuch/xapian/"
+    # tmp stuff
+    "Mail-bak/"
+  ];
+
+  exclude-code-build-dirs = [
+    ".stack-work/"
+    "target/"
+    "node_modules/"
+    "dist/"
+  ];
+
+  commonOptions = root:
+    pkgs.lib.concatMap (e: [ "--exclude" "${root}/${e}" ]) exclude-home-dirs ++
+    pkgs.lib.concatMap (e: [ "--exclude" "${root}/kot/**/${e}" ]) exclude-code-build-dirs ++ [
+    # "--dry-run"
+    "--progress"
+    "--verbosity" "debug"
+    "--asynchronous-upload"
+    "--full-if-older-than" "60D"
+    "--num-retries" "3"
+    "--use-agent"
+    # TODO "--log-fd"
+  ];
+
+  callDuplicity = name: argv: writeExecline name {} ([
+    # used by duplicity for all kinds of backends
+    fetchSecretIntoEnv "FTP_PASSWORD" "backups/backblaze.com/application-keys/profpatsch-restore/applicationKey"
+    (debugExec "duplicity call")
+    bins.duplicity
+  ] ++ argv);
+
+  duplicity-verify = { name, local, write, read }: callDuplicity "duplicity-verify-${name}"
+    ([ "verify" ]
+    ++ (commonOptions local) ++ [
+      "--name" name
+      read
+      local
+    ]);
+
+  duplicity-restore = { name, local, write, read }: callDuplicity "duplicity-restore-${name}"
+    ([ "restore" ]
+    ++ (commonOptions local) ++ [
+      "--name" name
+      # extra flags
+      "$@"
+      read
+      local
+    ]);
+
+  duplicity-list = { name, local, write, read }: callDuplicity "duplicity-list-${name}"
+    ([ "list-current-files" ]
+    ++ (commonOptions local) ++ [
+      "--name" name
+      read
+    ]);
+
+  duplicity-incremental = { name, local, write, read }: callDuplicity "duplicity-incremental-${name}"
+    ([ "incremental" ]
+    ++ (commonOptions local) ++ [
+      "--encrypt-sign-key" gpgKeyId
+      "--name" name
+      local
+      write
+    ]);
+
+  home = {
+    name = "home";
+    local = "/home/philip";
+    write = "b2://000efe88f7148a00000000001@profpatsch-main-backup/home";
+    read = "b2://000efe88f7148a00000000004@profpatsch-main-backup/home";
+  };
+
+  legosi = {
+    name = "legosi-root";
+    local = "/home/philip/tmp/legosi-root";
+    write = "b2://000efe88f7148a00000000003@profpatsch-legosi/";
+    read = "b2://000efe88f7148a00000000004@profpatsch-legosi/";
+  };
+
+  incremental = duplicity-incremental home;
+  verify = duplicity-verify home;
+  verify-legosi = duplicity-verify legosi;
+  restore-legosi = duplicity-restore legosi;
+  list-legosi = duplicity-list legosi;
+
+in {
+  inherit
+    incremental
+    verify
+    verify-legosi
+    restore-legosi
+    list-legosi
+    ;
+}
-- 
cgit 1.4.1