rsync some medias to the NAS

1 files changed, 61 insertions, 0 deletions

diff --git a/profiles/storage-media.nix b/profiles/storage-media.nix
new file mode 100644
index 0000000..30fb9e4
--- /dev/null
+++ b/profiles/storage-media.nix
@@ -0,0 +1,61 @@
+{ pkgs, config, ... }:
+let
+  syncJobs = [
+    {
+      name = "movies";
+      source = "/data/media/movies/";
+      destination = "/volume1/media/movies/";
+    }
+    {
+      name = "videos";
+      source = "/data/media/videos/";
+      destination = "/volume1/media/videos/";
+    }
+  ];
+  remoteHost = "192.168.1.68";
+  remoteUser = "nas";
+in
+{
+  age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
+
+  systemd.timers = pkgs.lib.listToAttrs (
+    map (job: {
+      name = "rsync-backup-${job.name}";
+      value = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "daily";
+          Persistent = true;
+          RandomizedDelaySec = "1h";
+        };
+      };
+    }) syncJobs
+  );
+
+  systemd.services = pkgs.lib.listToAttrs (
+    map (job: {
+      name = "rsync-backup-${job.name}";
+      value = {
+        description = "Rsync backup for ${job.name}";
+
+        serviceConfig = {
+          Type = "oneshot";
+          DynamicUser = true;
+          LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}";
+          PrivateTmp = true;
+          NoNewPrivileges = true;
+          ProtectSystem = "strict";
+          ProtectHome = true;
+
+          ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" ''
+            ${pkgs.rsync}/bin/rsync \
+              -avz \
+              -e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \
+              ${job.source} \
+              ${remoteUser}@${remoteHost}:${job.destination}
+          '';
+        };
+      };
+    }) syncJobs
+  );
+}