66 lines
1.9 KiB
Nix
66 lines
1.9 KiB
Nix
# root.nix - Main backup system module
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; let
|
|
cfg = config.system.backups;
|
|
|
|
# Filter backups by backend
|
|
getBackupsByBackend = backend:
|
|
filterAttrs (_: backup: backup.backend == backend && backup.enable) cfg.backups;
|
|
in {
|
|
options.system.backups = {
|
|
# Backend registration system - backends register themselves here
|
|
backends = mkOption {
|
|
type = with types; attrsOf (functionTo attrs);
|
|
internal = true;
|
|
default = {};
|
|
description = ''
|
|
Attribute set of backends where the value is a function that accepts
|
|
backend-specific arguments and returns an attribute set for the backend's options.
|
|
'';
|
|
};
|
|
|
|
# Import the backups option from separate file, passing cfg for backend inference
|
|
backups = import ./backups-option.nix cfg;
|
|
|
|
# Pass lib to the backups-option for access to mkOption, types, etc.
|
|
lib = mkOption {
|
|
type = types.attrs;
|
|
internal = true;
|
|
default = lib;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
# Re-export backups at root level for convenience
|
|
# backups = cfg.backups;
|
|
|
|
# Common backup packages
|
|
environment.systemPackages = with pkgs; [
|
|
# Add common backup utilities here
|
|
];
|
|
|
|
# Common systemd service modifications for all backup services
|
|
systemd.services = let
|
|
allBackupServices = flatten (
|
|
mapAttrsToList (
|
|
backendName: backups:
|
|
mapAttrsToList (name: backup: "${backendName}-backups-${name}") backups
|
|
) (genAttrs (attrNames cfg.backends) (backend: getBackupsByBackend backend))
|
|
);
|
|
in
|
|
genAttrs allBackupServices (serviceName: {
|
|
serviceConfig = {
|
|
# Common hardening for all backup services
|
|
ProtectSystem = "strict";
|
|
ProtectHome = "read-only";
|
|
PrivateTmp = true;
|
|
NoNewPrivileges = true;
|
|
};
|
|
});
|
|
};
|
|
}
|