blob: 30fb9e43b5cf7efa4db99474d327dcc51b100485 (
plain) (
tree)
|
|
{ pkgs, config, ... }:
let
syncJobs = [
{
name = "movies";
source = "/data/media/movies/";
destination = "/volume1/media/movies/";
}
{
name = "videos";
source = "/data/media/videos/";
destination = "/volume1/media/videos/";
}
];
remoteHost = "192.168.1.68";
remoteUser = "nas";
in
{
age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
systemd.timers = pkgs.lib.listToAttrs (
map (job: {
name = "rsync-backup-${job.name}";
value = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
}) syncJobs
);
systemd.services = pkgs.lib.listToAttrs (
map (job: {
name = "rsync-backup-${job.name}";
value = {
description = "Rsync backup for ${job.name}";
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}";
PrivateTmp = true;
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" ''
${pkgs.rsync}/bin/rsync \
-avz \
-e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \
${job.source} \
${remoteUser}@${remoteHost}:${job.destination}
'';
};
};
}) syncJobs
);
}
|
