forked from M-Labs/it-infra
67 lines
1.8 KiB
Nix
67 lines
1.8 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let
|
|
python-github-backup = pkgs.python3Packages.buildPythonApplication {
|
|
name = "python-github-backup";
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "josegonzalez";
|
|
repo = "python-github-backup";
|
|
rev = "18e78a4d66120961590836e63d1fa939e4d036f3";
|
|
sha256 = "1c5qxyv322z5zkx8mxdwdqrnjgqhk00aqcgwkn53b4xkfr2idkbn";
|
|
};
|
|
propagatedBuildInputs = [ pkgs.git ];
|
|
};
|
|
token = (import /etc/nixos/secret/github_tokens.nix).backup;
|
|
makeBackup = pkgs.writeScript "make-ghbackup" ''
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
set -e
|
|
|
|
${python-github-backup}/bin/github-backup m-labs -t ${token} --all -i -o /var/lib/ghbackup/m-labs
|
|
${python-github-backup}/bin/github-backup quartiq -t ${token} --all -i -o /var/lib/ghbackup/quartiq
|
|
${python-github-backup}/bin/github-backup sinara-hw -t ${token} --all -i -o /var/lib/ghbackup/sinara-hw
|
|
|
|
echo GitHub backup done
|
|
'';
|
|
|
|
cfg = config.services.ghbackup;
|
|
in
|
|
{
|
|
options.services.ghbackup = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Enable GitHub backups";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.ghbackup = {
|
|
description = "GitHub backup";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "ghbackup";
|
|
Group = "ghbackup";
|
|
ExecStart = "${makeBackup}";
|
|
};
|
|
};
|
|
|
|
users.users.ghbackup = {
|
|
name = "ghbackup";
|
|
group = "ghbackup";
|
|
description = "GitHub backups user";
|
|
isSystemUser = true;
|
|
createHome = true;
|
|
home = "/var/lib/ghbackup";
|
|
useDefaultShell = true;
|
|
};
|
|
users.extraGroups.ghbackup = {};
|
|
|
|
systemd.timers.ghbackup = {
|
|
description = "GitHub backup";
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig.OnCalendar = "daily";
|
|
};
|
|
};
|
|
}
|