From 7d073e371c589df5d8ee6738a35559dd4da86c4f Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Sat, 7 Aug 2021 17:46:09 +0800
Subject: [PATCH] nixbld: add github backups

---
 nixbld-etc-nixos/configuration.nix        |  2 +
 nixbld-etc-nixos/github-backup-module.nix | 66 +++++++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 nixbld-etc-nixos/github-backup-module.nix

diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index c43485d..27651ed 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -16,6 +16,7 @@ in
     [
       ./hardware-configuration.nix
       ./backup-module.nix
+      ./github-backup-module.nix
     ];
 
   boot.loader.grub.enable = true;
@@ -397,6 +398,7 @@ in
      '';
   };
   services.mlabs-backup.enable = true;
+  services.ghbackup.enable = true;
 
   services.gitea = {
     enable = true;
diff --git a/nixbld-etc-nixos/github-backup-module.nix b/nixbld-etc-nixos/github-backup-module.nix
new file mode 100644
index 0000000..933232b
--- /dev/null
+++ b/nixbld-etc-nixos/github-backup-module.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  python-github-backup = pkgs.python3Packages.buildPythonApplication {
+    name = "python-github-backup";
+    src = pkgs.fetchFromGitHub {
+      owner = "josegonzalez";
+      repo = "python-github-backup";
+      rev = "18e78a4d66120961590836e63d1fa939e4d036f3";
+      sha256 = "1c5qxyv322z5zkx8mxdwdqrnjgqhk00aqcgwkn53b4xkfr2idkbn";
+    };
+    propagatedBuildInputs = [ pkgs.git ];
+  };
+  token = (import /etc/nixos/secret/github_tokens.nix).backup;
+  makeBackup = pkgs.writeScript "make-ghbackup" ''
+    #!${pkgs.bash}/bin/bash
+
+    set -e
+
+    ${python-github-backup}/bin/github-backup m-labs -t ${token} --all -i -o /var/lib/ghbackup/m-labs
+    ${python-github-backup}/bin/github-backup quartiq -t ${token} --all -i -o /var/lib/ghbackup/quartiq
+    ${python-github-backup}/bin/github-backup sinara-hw -t ${token} --all -i -o /var/lib/ghbackup/sinara-hw
+
+    echo GitHub backup done
+  '';
+
+  cfg = config.services.ghbackup;
+in
+{
+  options.services.ghbackup = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable GitHub backups";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.ghbackup = {
+      description = "GitHub backup";
+      serviceConfig = {
+        Type = "oneshot";
+        User = "ghbackup";
+        Group = "ghbackup";
+        ExecStart = "${makeBackup}";
+      };
+    };
+
+    users.users.ghbackup = {
+      name = "ghbackup";
+      group = "ghbackup";
+      description = "GitHub backups user";
+      isSystemUser = true;
+      createHome = true;
+      home = "/var/lib/ghbackup";
+      useDefaultShell = true;
+    };
+    users.extraGroups.ghbackup = {};
+
+    systemd.timers.ghbackup = {
+      description = "GitHub backup";
+      wantedBy = [ "timers.target" ];
+      timerConfig.OnCalendar = "daily";
+    };
+  };
+}