nixos/borgbackup: let borg write to disk and see /tmp, add extraArgs

2024-11-01 15:11:25 +00:00 · 2018-05-03 16:18:56 +02:00 · 2018-05-03 16:18:56 +02:00 · 1433ec60af
commit 1433ec60af
parent 400484008c
1 changed files with 42 additions and 6 deletions
--- a/nixos/modules/services/backup/borgbackup.nix
+++ b/nixos/modules/services/backup/borgbackup.nix
@ -35,25 +35,26 @@ let
    ${cfg.preHook}
  '' + optionalString cfg.doInit ''
    # Run borg init if the repo doesn't exist yet
-    if ! borg list > /dev/null; then
-      borg init \
+    if ! borg list ${cfg.extraArgs} > /dev/null; then
+      borg init ${cfg.extraArgs} \
        --encryption ${cfg.encryption.mode} \
        $extraInitArgs
      ${cfg.postInit}
    fi
  '' + ''
-    borg create \
+    borg create ${cfg.extraArgs} \
      --compression ${cfg.compression} \
      --exclude-from ${mkExcludeFile cfg} \
      $extraCreateArgs \
      "::$archiveName$archiveSuffix" \
      ${escapeShellArgs cfg.paths}
  '' + optionalString cfg.appendFailedSuffix ''
-    borg rename "::$archiveName$archiveSuffix" "$archiveName"
+    borg rename ${cfg.extraArgs} \
+      "::$archiveName$archiveSuffix" "$archiveName"
  '' + ''
    ${cfg.postCreate}
  '' + optionalString (cfg.prune.keep != { }) ''
-    borg prune \
+    borg prune ${cfg.extraArgs} \
      ${mkKeepArgs cfg} \
      --prefix ${escapeShellArg cfg.prune.prefix} \
      $extraPruneArgs
@ -85,9 +86,10 @@ let
        ProtectSystem = "strict";
        ReadWritePaths =
          [ "${userHome}/.config/borg" "${userHome}/.cache/borg" ]
+          ++ cfg.readWritePaths
          # Borg needs write access to repo if it is not remote
          ++ optional (isLocalPath cfg.repo) cfg.repo;
-        PrivateTmp = true;
+        PrivateTmp = cfg.privateTmp;
      };
      environment = {
        BORG_REPO = cfg.repo;
@ -318,6 +320,30 @@ in {
            ];
          };

+          readWritePaths = mkOption {
+            type = with types; listOf path;
+            description = ''
+              By default, borg cannot write anywhere on the system but
+              <literal>$HOME/.config/borg</literal> and <literal>$HOME/.cache/borg</literal>.
+              If, for example, your preHook script needs to dump files
+              somewhere, put those directories here.
+            '';
+            default = [ ];
+            example = [
+              "/var/backup/mysqldump"
+            ];
+          };
+
+          privateTmp = mkOption {
+            type = types.bool;
+            description = ''
+              Set the <literal>PrivateTmp</literal> option for
+              the systemd-service. Set to false if you need sockets
+              or other files from global /tmp.
+            '';
+            default = true;
+          };
+
          doInit = mkOption {
            type = types.bool;
            description = ''
@ -430,6 +456,16 @@ in {
            default = "";
          };

+          extraArgs = mkOption {
+            type = types.str;
+            description = ''
+              Additional arguments for all <command>borg</command> calls the
+              service has. Handle with care.
+            '';
+            default = "";
+            example = "--remote-path=borg1";
+          };
+
          extraInitArgs = mkOption {
            type = types.str;
            description = ''