blob: 29f6f27095138f07ce90e0d434e2b3f5396e21b7 (
plain) (
tree)
|
|
{ pkgs, config, ... }:
let
syncJobs = [
{
name = "movies";
source = "/data/media/movies/";
destination = "/volume1/media/movies/";
}
{
name = "videos";
source = "/data/media/videos/";
destination = "/volume1/media/videos/";
}
];
remoteHost = "192.168.1.68";
remoteUser = "nas";
in
{
age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
environment.systemPackages = with pkgs; [
mkvtoolnix-cli
];
systemd.timers = pkgs.lib.listToAttrs (
map (job: {
name = "rsync-backup-${job.name}";
value = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
}) syncJobs
);
systemd.services = pkgs.lib.listToAttrs (
map (job: {
name = "rsync-backup-${job.name}";
value = {
description = "Rsync backup for ${job.name}";
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}";
PrivateTmp = true;
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" ''
${pkgs.rsync}/bin/rsync \
-avz \
-e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \
${job.source} \
${remoteUser}@${remoteHost}:${job.destination}
'';
};
};
}) syncJobs
);
}
|
