Add rbbackup service, configure LDAP backups

redbrick · Mar 14, 2021 · c2ea84f · c2ea84f
1 parent 1a2b5a7
commit c2ea84f
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 0 deletions.
diff --git a/common/options.nix b/common/options.nix
@@ -71,6 +71,35 @@ with lib;
       example = "zbackup/nfs";
       type = types.str;
     };
+
+    rbbackup = with types; {
+      destination = mkOption {
+        description = "Where to rsync the backup data to.";
+        default = "[email protected]:/zbackup/generic/${config.networking.hostName}/";
+        type = str;
+      };
+
+      sources = mkOption {
+        description = "Paths on the current system to be backed up.";
+        default = [];
+        type = listOf str;
+      };
+
+      commands = mkOption {
+        description = (
+          "Commands to run before commencing copy of backups. Files created"
+          + " in the current working directory will be deleted after backups are completed."
+        );
+        default = "";
+        type = str;
+      };
+
+      extraPackages = mkOption {
+        description = "Packages to make available in the backup commands scripts.";
+        default = [];
+        type = listOf path;
+      };
+    };
   };
 
   config.assertions = [

diff --git a/common/sysconfig.nix b/common/sysconfig.nix
@@ -7,6 +7,7 @@ in {
     ./options.nix
     ./ldap.nix
     ../packages/overlays
+    ../services/rbbackup.nix
   ];
 
   time.timeZone = "Europe/Dublin";

diff --git a/hosts/albus/configuration.nix b/hosts/albus/configuration.nix
@@ -33,6 +33,9 @@ in {
   # Keep longer monthly snapshots
   services.zfs.autoSnapshot.monthly = lib.mkForce 3;
 
+  # Albus _is_ the backup hosts - change rbbackup destination
+  redbrick.rbbackup.destination = "/zbackup/generic/albus/";
+
   users.users.rbbackup = {
     useDefaultShell = true;
     openssh.authorizedKeys.keys = [

diff --git a/services/ldap/default.nix b/services/ldap/default.nix
@@ -108,5 +108,13 @@ in {
     };
   };
 
+  # Configure backups of LDAP
+  redbrick.rbbackup.sources = [ "ldap.ldif.gz" ];
+  redbrick.rbbackup.extraPackages = with pkgs; [ openldap gzip ];
+  redbrick.rbbackup.commands = ''
+    ldapsearch -b o=redbrick -xLLL -D ${slurpdDN} -y ${slurpdpwFile} | gzip -8 > ldap.ldif.gz
+    chmod 400 ldap.ldif.gz
+  '';
+
   networking.firewall.allowedTCPPorts = [ 389 ];
 }
diff --git a/services/rbbackup.nix b/services/rbbackup.nix
@@ -0,0 +1,41 @@
+{ pkgs, config, lib, ... }:
+with config.redbrick.rbbackup;
+let
+  # Quote and join paths for arguments to rsync
+  sourcePaths = lib.concatStringsSep " " (builtins.map
+    (srcPath: "'${srcPath}'")
+    sources);
+
+in lib.mkIf (sources != []) {
+  systemd.services.redbrick-backup = {
+    aliases = [ "rbbackup.service" "redbrick-backups.service" ];
+    description = "Redbrick backup script. Copies data to ${destination}";
+    wants = [ "multi-user.target" ];
+    requires = [ "local-fs.target" "network-online.target" ];
+    path = with pkgs; [ rsync openssh ] ++ extraPackages;
+    script = ''
+      set -euxo pipefail
+      echo "Backup starting"
+      rsync -a --progress --delete ${sourcePaths} ${destination}
+      echo "Backup successful"
+    '';
+    preStart = commands;
+    postStart = ''
+      rm -rf $CACHE_DIRECTORY
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      CacheDirectory = "redbrick-backups";
+      WorkingDirectory = "/var/cache/redbrick-backups";
+    };
+  };
+
+  systemd.timers.redbrick-backup = {
+    description = "Start Redbrick backup script";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "hourly";
+      RandomizedDelaySec = 60 * 30;
+    };
+  };
+}