nixos/borgbackup: add option to allow removable devices

When having backup jobs that persist to a removable device like an external HDD, the directory shouldn't be created by an activation script as this might confuse auto-mounting tools such as udiskie(8). In this case the job will simply fail, with the former approach udiskie ran into some issues as the path `/run/media/ma27/backup` was already there and owned by root.
2019-09-30 17:35:13 +02:00 · 2019-09-30 17:35:13 +02:00 · 2dfc67517a
commit 2dfc67517a
parent 593867effb
1 changed files with 19 additions and 6 deletions
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@ -8,7 +8,7 @@ let
    builtins.substring 0 1 x == "/"      # absolute path
    || builtins.substring 0 1 x == "."   # relative path
    || builtins.match "[.*:.*]" == null; # not machine:path
- 
+
  mkExcludeFile = cfg:
    # Write each exclude pattern to a new line
    pkgs.writeText "excludefile" (concatStringsSep "\n" cfg.exclude);
@ -104,12 +104,12 @@ let
      install = "install -o ${cfg.user} -g ${cfg.group}";
    in
      nameValuePair "borgbackup-job-${name}" (stringAfter [ "users" ] (''
-        # Eensure that the home directory already exists
+        # Ensure that the home directory already exists
        # We can't assert createHome == true because that's not the case for root
-        cd "${config.users.users.${cfg.user}.home}"                                                                                                         
+        cd "${config.users.users.${cfg.user}.home}"
        ${install} -d .config/borg
        ${install} -d .cache/borg
-      '' + optionalString (isLocalPath cfg.repo) ''
+      '' + optionalString (isLocalPath cfg.repo && !cfg.removableDevice) ''
        ${install} -d ${escapeShellArg cfg.repo}
      ''));

@ -163,6 +163,13 @@ let
      + " without at least one public key";
  };

+  mkRemovableDeviceAssertions = name: cfg: {
+    assertion = !(isLocalPath cfg.repo) -> !cfg.removableDevice;
+    message = ''
+      borgbackup.repos.${name}: repo isn't a local path, thus it can't be a removable device!
+    '';
+  };
+
 in {
  meta.maintainers = with maintainers; [ dotlambda ];

@ -202,6 +209,12 @@ in {
            example = "user@machine:/path/to/repo";
          };

+          removableDevice = mkOption {
+            type = types.bool;
+            default = false;
+            description = "Whether the repo (which must be local) is a removable device.";
+          };
+
          archiveBaseName = mkOption {
            type = types.strMatching "[^/{}]+";
            default = "${globalConfig.networking.hostName}-${name}";
@ -511,7 +524,6 @@ in {
    type = types.attrsOf (types.submodule (
      { ... }: {
        options = {
-          
          path = mkOption {
            type = types.path;
            description = ''
@ -598,7 +610,8 @@ in {
    (with config.services.borgbackup; {
      assertions =
        mapAttrsToList mkPassAssertion jobs
-        ++ mapAttrsToList mkKeysAssertion repos;
+        ++ mapAttrsToList mkKeysAssertion repos
+        ++ mapAttrsToList mkRemovableDeviceAssertions jobs;

      system.activationScripts = mapAttrs' mkActivationScript jobs;