authorSoispha <soispha@vhack.eu>2023-04-12 10:36:08 +0200
committerSoispha <soispha@vhack.eu>2023-05-09 19:30:24 +0200
commit4e17f32353f4cf58f417fed91ff2f0e67224449e (patch)
parentFix(hm/pkgs): Change anki to anki-bin (diff)
Feat(system/services/backup): Add
'snap-sync-forced'[https://github.com/qubidt/snap-sync-forked] is not longer developed (as of the commit date) and thus some
changes are necessary to get it working with nixos. Alternatives
(although both similarly discontinued):
- the original snap-sync [https://github.com/qubidt/snap-sync]
        -> Is effectively snap-sync-forced but without 50+ commits
- 'dsnap-sync' [https://github.com/rzerres/dsnap-sync]
        -> Was forked long ago, now abandoned. Is rewritten in dash with
        lots of extra features, but sort of breaks even worse on nixos.
4 files changed, 602 insertions, 5 deletions
@@ -31,10 +31,10 @@
           # extra information
           # bins
@@ -42,12 +42,12 @@
           # external deps
           # modules
@@ -68,7 +68,7 @@
   defaultSpecialArgs = {
     nixpkgs-as-input = nixpkgs;
-    inherit templates;
+    inherit templates sysLib;
 in {
   tiamat = nixpkgs.lib.nixosSystem {
+++ b/system/services/backup/default.nix
@@ -0,0 +1,67 @@
+# vim: ts=2
+  lib,
+  sysLib,
+  pkgs,
+  config,
+  ...
+}: let
+  snap-sync-forked = sysLib.makeShellScriptWithLibrary {
+    name = "snap-sync-forked";
+    script = ./snap-sync-forked;
+    dependencies = with pkgs; [
+      bash
+      btrfs-progs
+      coreutils
+      gawk
+      gnugrep
+      snapper
+      util-linux
+      # optional:
+      libnotify
+      openssh
+      pv
+      rsync
+      sudo
+    ];
+  };
+  backup-script = pkgs.writeShellScriptBin "backsnap" ''
+    ${pkgs.util-linux}/bin/mount --mkdir "/dev/disk/by-uuid/${cfg.backupDiskUuid}" "/run/media/${cfg.backupDiskUuid}";
+    ${snap-sync-forked}/bin/snap-sync-forked --UUID "${cfg.backupDiskUuid}" --noconfirm;
+    ${pkgs.util-linux}/bin/umount "/run/media/${cfg.backupDiskUuid}";
+  '';
+  cfg = config.soispha.fs.backup;
+in {
+  options.soispha.fs.backup = {
+    enable = lib.mkEnableOption (lib.mdDoc "backups with snap-sync");
+    backupDiskUuid = lib.mkOption {
+      type = lib.types.str;
+      example = lib.literalExpression "d1d20ae7-3d8a-44da-86da-677dbbb10c89";
+      description = lib.mdDoc "The UUID of the backup disk";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd = {
+      services.backup = {
+        unitConfig = {
+          Description = "Backup the last snapshots of the persitent-storage subvolume.";
+        };
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "${backup-script}/bin/backsnap";
+        };
+      };
+      timers.backup = {
+        wantedBy = ["timers.target"];
+        wants = ["backup.service"];
+        unitConfig = {
+          Description = "Backup 15min after boot";
+        };
+        timerConfig = {
+          OnBootSec = "15min";
+        };
+      };
+    };
+  };
+++ b/system/services/backup/snap-sync-forked
@@ -0,0 +1,529 @@
+#!/usr/bin/env bash
+# snap-sync
+# https://github.com/wesbarnett/snap-sync
+# Copyright (C) 2016-2021 Wes Barnett
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# -------------------------------------------------------------------------
+# Takes snapshots of each snapper configuration. It then sends the snapshot to
+# a location on an external drive. After the initial transfer, it does
+# incremental snapshots on later calls. It's important not to delete the
+# snapshot created on your system since that will be used to determine the
+# difference for the next incremental snapshot.
+set -o errtrace
+printf "\nsnap-sync version %s, Copyright (C) 2016-2021 Wes Barnett\n" "$version"
+printf "snap-sync comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the license for more information. \n\n"
+# The following line is modified by the Makefile or
+# find_snapper_config script
+if ! command -v notify-send &> /dev/null; then
+    donotify=1
+if ! command -v pv &> /dev/null; then
+    doprogress=1
+error() {
+    printf "==> ERROR: %s\n" "$@"
+    notify_error 'Error' 'Check journal for more information.'
+} >&2
+die() {
+    error "$@"
+    exit 1
+traperror() {
+    printf "Exited due to error on line %s.\n" "$1"
+    printf "exit status: %s\n" "$2"
+    printf "command: %s\n" "$3"
+    printf "bash line: %s\n" "$4"
+    printf "function name: %s\n" "$5"
+    exit 1
+trapkill() {
+    die "Exited due to user intervention."
+trap 'traperror ${LINENO} $? "$BASH_COMMAND" $BASH_LINENO "${FUNCNAME[@]}"' ERR
+trap trapkill SIGTERM SIGINT
+usage() {
+  cat <<EOF
+$name $version
+Usage: $name [options]
+ -c, --config <config>    snapper configuration to backup
+ -d, --description <desc> snapper description
+ -h, --help               print this message
+ -n, --noconfirm          do not ask for confirmation
+ -k, --keepold            keep old incremental snapshots instead of deleting them
+                          after backup is performed
+ -p, --port <port>        remote port; used with '--remote'.
+ -q, --quiet              do not send notifications; instead print them.
+ -r, --remote <address>   ip address of a remote machine to backup to
+ --sudo                   use sudo on the remote machine
+ -s, --subvolid <subvlid> subvolume id of the mounted BTRFS subvolume to back up to
+ -u, --UUID <UUID>        UUID of the mounted BTRFS subvolume to back up to
+See 'man snap-sync' for more details.
+while [[ $# -gt 0 ]]; do
+    key="$1"
+    case $key in
+        -d|--description)
+            description="$2"
+            shift 2
+        ;;
+        -c|--config)
+            selected_configs="$2"
+            shift 2
+        ;;
+        -u|--UUID)
+            uuid_cmdline="$2"
+            shift 2
+        ;;
+        -s|--subvolid)
+            subvolid_cmdline="$2"
+            shift 2
+        ;;
+        -k|--keepold)
+            keep="yes"
+            shift
+        ;;
+        -n|--noconfirm)
+            noconfirm="yes"
+            shift
+        ;;
+        -h|--help)
+            usage
+            exit 1
+        ;;
+        -q|--quiet)
+            donotify=1
+            shift
+        ;;
+	    -r|--remote)
+            remote=$2
+            shift 2
+	    ;;
+	    -p|--port)
+            port=$2
+            shift 2
+	    ;;
+        --sudo)
+            sudo=1
+            shift
+        ;;
+        *)
+            die "Unknown option: '$key'. Run '$name -h' for valid options."
+        ;;
+    esac
+notify() {
+    for u in $(users | tr ' ' '\n' | sort -u); do
+        sudo -u "$u" DISPLAY=:0 \
+        DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(sudo -u "$u" id -u)/bus" \
+        notify-send -a $name "$1" "$2" --icon="dialog-$3"
+    done
+notify_info() {
+    if [[ $donotify -eq 0 ]]; then
+        notify "$1" "$2" "information"
+    else
+        printf '%s\n' "$1: $2"
+    fi
+notify_error() {
+    if [[ $donotify -eq 0 ]]; then
+        notify "$1" "$2" "error"
+    else
+        printf '%s\n' "$1: $2"
+    fi
+[[ $EUID -ne 0 ]] && die "Script must be run as root. See '$name -h' for a description of options"
+! [[ -f $SNAPPER_CONFIG ]] && die "$SNAPPER_CONFIG does not exist."
+description=${description:-"latest incremental backup"}
+if [[ -z $remote ]]; then
+    if ! command -v rsync &> /dev/null; then
+        die "--remote specified but rsync command not found"
+    fi
+if [[ "$uuid_cmdline" != "none" ]]; then
+    if [[ -z $remote ]]; then
+        notify_info "Backup started" "Starting backups to $uuid_cmdline subvolid=$subvolid_cmdline..."
+    else
+        notify_info "Backup started" "Starting backups to $uuid_cmdline subvolid $subvolid_cmdline at $remote..."
+    fi
+    if [[ -z $remote ]]; then
+        notify_info "Backup started" "Starting backups. Use command line menu to select disk."
+    else
+        notify_info "Backup started" "Starting backups. Use command line menu to select disk on $remote."
+    fi
+if [[ -n $remote ]]; then
+    ssh="ssh $remote"
+    if [[ -n $port ]]; then
+        ssh="$ssh -p $port"
+    fi
+    if [[ $sudo -eq 1 ]]; then
+        ssh="$ssh sudo"
+    fi
+if [[ "$($ssh findmnt -n -v --target / -o FSTYPE)" == "btrfs" ]]; then
+    EXCLUDE_UUID=$($ssh findmnt -n -v -t btrfs --target / -o UUID)
+    TARGETS=$($ssh findmnt -n -v -t btrfs -o UUID,TARGET --list | grep -v "$EXCLUDE_UUID" | awk '{print $2}')
+    UUIDS=$($ssh findmnt -n -v -t btrfs -o UUID,TARGET --list | grep -v "$EXCLUDE_UUID" | awk '{print $1}')
+    TARGETS=$($ssh findmnt -n -v -t btrfs -o TARGET --list)
+    UUIDS=$($ssh findmnt -n -v -t btrfs -o UUID --list)
+declare -a TARGETS_ARRAY
+declare -a UUIDS_ARRAY
+for x in $TARGETS; do
+    SUBVOLIDS_ARRAY[$i]=$($ssh btrfs subvolume show "$x" | awk '/Subvolume ID:/ { print $3 }')
+    TARGETS_ARRAY[$i]=$x
+    i=$((i+1))
+for x in $UUIDS; do
+    UUIDS_ARRAY[$i]=$x
+    if [[ "$x" == "$uuid_cmdline" && ${SUBVOLIDS_ARRAY[$((i))]} == "$subvolid_cmdline" ]]; then
+        disk=$i
+        disk_count=$((disk_count+1))
+    fi
+    i=$((i+1))
+if [[ "${#UUIDS_ARRAY[$@]}" -eq 0 ]]; then
+    die "No external btrfs subvolumes found to backup to. Run '$name -h' for more options."
+if [[ "$disk_count" -gt 1 ]]; then
+    printf "Multiple mount points were found with UUID %s and subvolid %s.\n" "$uuid_cmdline" "$subvolid_cmdline"
+    disk="-1"
+if [[ "$disk" == -1 ]]; then
+    if [[ "$disk_count" == 0 && "$uuid_cmdline" != "none" ]]; then
+        error "A device with UUID $uuid_cmdline and subvolid $subvolid_cmdline was not found to be mounted, or it is not a BTRFS device."
+    fi
+    if [[ -z $ssh ]]; then
+        printf "Select a mounted BTRFS device on your local machine to backup to.\nFor more options, exit and run '%s -h'.\n" "$name"
+    else
+        printf "Select a mounted BTRFS device on %s to backup to.\nFor more options, exit and run '%s -h'.\n" "$remote" "$name"
+    fi
+    while [[ $disk -lt 0 || $disk -gt $i ]]; do
+        for x in "${!TARGETS_ARRAY[@]}"; do
+            printf "%4s) %s (uuid=%s, subvolid=%s)\n" "$((x+1))" "${TARGETS_ARRAY[$x]}" "${UUIDS_ARRAY[$x]}" "${SUBVOLIDS_ARRAY[$x]}"
+        done
+        printf "%4s) Exit\n" "0"
+        read -e -r -p "Enter a number: " disk
+        if ! [[ $disk == ?(-)+([0-9]) ]] || [[ $disk -lt 0 || $disk -gt $i ]]; then
+            printf "\nNo disk selected. Select a disk to continue.\n"
+            disk=-1
+        fi
+    done
+    if [[ $disk == 0 ]]; then
+        exit 0
+    fi
+    disk=$((disk-1))
+printf "\nYou selected the disk with uuid=%s, subvolid=%s.\n" "$selected_uuid" "$selected_subvolid"
+if [[ -z $ssh ]]; then
+    printf "The disk is mounted at '%s'.\n" "$selected_mnt"
+    printf "The disk is mounted at '%s:%s'.\n" "$remote" "$selected_mnt"
+# shellcheck source=/etc/default/snapper
+if [[ -z $selected_configs ]]; then
+    printf "\nInteractively cycling through all snapper configurations...\n"
+declare -a OLD_NUM_ARRAY
+declare -a OLD_SNAP_ARRAY
+declare -a NEW_NUM_ARRAY
+declare -a NEW_SNAP_ARRAY
+declare -a NEW_INFO_ARRAY
+# Initial configuration of where backup directories are
+for x in $selected_configs; do
+    if [[ "$(snapper -c "$x" list --disable-used-space -t single | awk '/'"subvolid=$selected_subvolid, uuid=$selected_uuid"'/ {cnt++} END {print cnt}')" -gt 1 ]]; then
+        error "More than one snapper entry found with UUID $selected_uuid subvolid $selected_subvolid for configuration $x. Skipping configuration $x."
+        continue
+    fi
+    if [[ "$(snapper -c "$x" list --disable-used-space -t single | awk '/'$name' backup in progress/ {cnt++} END {print cnt}')" -gt 0 ]]; then
+        printf "\nNOTE: Previous failed %s backup snapshots found for '%s'.\n" "$name" "$x"
+        if [[ $noconfirm == "yes" ]]; then
+            printf "'noconfirm' option passed. Failed backups will not be deleted.\n"
+        else
+            read -e -r -p "Delete failed backup snapshot(s)? (These local snapshots from failed backups are not used.) [y/N]? " delete_failed
+            while [[ -n "$delete_failed" && "$delete_failed" != [Yy]"es" &&
+                "$delete_failed" != [Yy] && "$delete_failed" != [Nn]"o" &&
+                "$delete_failed" != [Nn] ]]; do
+                read -e -r -p "Delete failed backup snapshot(s)? (These local snapshots from failed backups are not used.) [y/N] " delete_failed
+                if [[ -n "$delete_failed" && "$delete_failed" != [Yy]"es" &&
+                "$delete_failed" != [Yy] && "$delete_failed" != [Nn]"o" &&
+                "$delete_failed" != [Nn] ]]; then
+                    printf "Select 'y' or 'N'.\n"
+                fi
+            done
+            if [[ "$delete_failed" == [Yy]"es" || "$delete_failed" == [Yy] ]]; then
+                # explicit split list of snapshots (on whitespace) into multiple arguments
+                # shellcheck disable=SC2046
+                snapper -c "$x" delete $(snapper -c "$x" list --disable-used-space | awk '/'$name' backup in progress/ {print $1}')
+            fi
+        fi
+    fi
+    if [[ -f "/etc/snapper/configs/$x" ]]; then
+        # shellcheck source=/etc/snapper/config-templates/default
+        source "/etc/snapper/configs/$x"
+    else
+        die "Selected snapper configuration $x does not exist."
+    fi
+    if [[ $SNAP_SYNC_EXCLUDE == "yes" ]]; then
+        continue
+    fi
+    printf "\n"
+    old_num=$(snapper -c "$x" list --disable-used-space -t single | awk '/'"subvolid=$selected_subvolid, uuid=$selected_uuid"'/ {print $1}')
+    old_snap=$SUBVOLUME/.snapshots/$old_num/snapshot
+    OLD_NUM_ARRAY[$i]=$old_num
+    OLD_SNAP_ARRAY[$i]=$old_snap
+    if [[ -z "$old_num" ]]; then
+        printf "No backups have been performed for '%s' on this disk.\n" "$x"
+        read -e -r -p "Enter name of subvolume to store backups, relative to $selected_mnt (to be created if not existing): " mybackupdir
+        printf "This will be the initial backup for snapper configuration '%s' to this disk. This could take awhile.\n" "$x"
+        BACKUPDIR="$selected_mnt/$mybackupdir"
+        $ssh test -d "$BACKUPDIR" || $ssh btrfs subvolume create "$BACKUPDIR"
+    else
+        mybackupdir=$(snapper -c "$x" list --disable-used-space -t single | awk -F"|" '/'"subvolid=$selected_subvolid, uuid=$selected_uuid"'/ {print $5}' | awk -F "," '/backupdir/ {print $1}' | awk -F"=" '{print $2}')
+        BACKUPDIR="$selected_mnt/$mybackupdir"
+        $ssh test -d "$BACKUPDIR" || die "%s is not a directory on %s.\n" "$BACKUPDIR" "$selected_uuid"
+    fi
+    MYBACKUPDIR_ARRAY[$i]="$mybackupdir"
+    printf "Creating new local snapshot for '%s' configuration...\n" "$x"
+    new_num=$(snapper -c "$x" create --print-number -d "$name backup in progress")
+    new_snap=$SUBVOLUME/.snapshots/$new_num/snapshot
+    new_info=$SUBVOLUME/.snapshots/$new_num/info.xml
+    sync
+    backup_location=$BACKUPDIR/$x/$new_num/
+    if [[ -z $ssh ]]; then
+        printf "Will backup %s to %s\n" "$new_snap" "$backup_location/snapshot"
+    else
+        printf "Will backup %s to %s\n" "$new_snap" "$remote":"$backup_location/snapshot"
+    fi
+    if ($ssh test -d "$backup_location/snapshot") ; then
+        printf "WARNING: Backup directory '%s' already exists. This configuration will be skipped!\n" "$backup_location/snapshot"
+        printf "Move or delete destination directory and try backup again.\n"
+    fi
+    NEW_NUM_ARRAY[$i]="$new_num"
+    NEW_SNAP_ARRAY[$i]="$new_snap"
+    NEW_INFO_ARRAY[$i]="$new_info"
+    BACKUPLOC_ARRAY[$i]="$backup_location"
+    cont_backup="K"
+    CONT_BACKUP_ARRAY[$i]="yes"
+    if [[ $noconfirm == "yes" ]]; then
+        cont_backup="yes"
+    else
+        while [[ -n "$cont_backup" && "$cont_backup" != [Yy]"es" &&
+            "$cont_backup" != [Yy] && "$cont_backup" != [Nn]"o" &&
+            "$cont_backup" != [Nn] ]]; do
+            read -e -r -p "Proceed with backup of '$x' configuration [Y/n]? " cont_backup
+            if [[ -n "$cont_backup" && "$cont_backup" != [Yy]"es" &&
+            "$cont_backup" != [Yy] && "$cont_backup" != [Nn]"o" &&
+            "$cont_backup" != [Nn] ]]; then
+                printf "Select 'Y' or 'n'.\n"
+            fi
+        done
+    fi
+    if [[ "$cont_backup" != [Yy]"es" && "$cont_backup" != [Yy] && -n "$cont_backup" ]]; then
+        CONT_BACKUP_ARRAY[$i]="no"
+        printf "Not backing up '%s' configuration.\n" "$x"
+        snapper -c "$x" delete "$new_num"
+    fi
+    i=$((i+1))
+# Actual backing up
+printf "\nPerforming backups...\n"
+for x in $selected_configs; do
+    i=$((i+1))
+    if [[ -f "/etc/snapper/configs/$x" ]]; then
+        # shellcheck source=/etc/snapper/config-templates/default
+        source "/etc/snapper/configs/$x"
+    else
+        die "Selected snapper configuration $x does not exist."
+    fi
+    cont_backup=${CONT_BACKUP_ARRAY[$i]}
+    if [[ $cont_backup == "no" || $SNAP_SYNC_EXCLUDE == "yes" ]]; then
+        notify_info "Backup in progress" "NOTE: Skipping $x configuration."
+        continue
+    fi
+    notify_info "Backup in progress" "Backing up $x configuration."
+    printf "\n"
+    old_num="${OLD_NUM_ARRAY[$i]}"
+    old_snap="${OLD_SNAP_ARRAY[$i]}"
+    mybackupdir="${MYBACKUPDIR_ARRAY[$i]}"
+    new_num="${NEW_NUM_ARRAY[$i]}"
+    new_snap="${NEW_SNAP_ARRAY[$i]}"
+    new_info="${NEW_INFO_ARRAY[$i]}"
+    backup_location="${BACKUPLOC_ARRAY[$i]}"
+    if ($ssh test -d "$backup_location/snapshot") ; then
+        printf "ERROR: Backup directory '%s' already exists. Skipping backup of this configuration!\n" "$backup_location/snapshot"
+        continue
+    fi
+    $ssh mkdir -p "$backup_location"
+    if [[ -z "$old_num" ]]; then
+        printf "Sending first snapshot for '%s' configuration...\n" "$x"
+        if [[ $doprogress -eq 0 ]]; then
+            btrfs send "$new_snap" | pv | $ssh btrfs receive "$backup_location" &>/dev/null
+        else
+            btrfs send "$new_snap" | $ssh btrfs receive "$backup_location" &>/dev/null
+        fi
+    else
+        printf "Sending incremental snapshot for '%s' configuration...\n" "$x"
+        # Sends the difference between the new snapshot and old snapshot to the
+        # backup location. Using the -c flag instead of -p tells it that there
+        # is an identical subvolume to the old snapshot at the receiving
+        # location where it can get its data. This helps speed up the transfer.
+        if [[ $doprogress -eq 0 ]]; then
+            btrfs send -c "$old_snap" "$new_snap" | pv | $ssh btrfs receive "$backup_location"
+        else
+            btrfs send -c "$old_snap" "$new_snap" | $ssh btrfs receive "$backup_location"
+        fi
+        if [[ $keep == "yes" ]]; then
+            printf "Modifying data for old local snapshot for '%s' configuration...\n" "$x"
+            snapper -v -c "$x" modify -d "old snap-sync snapshot (you may remove)" -u "backupdir=,subvolid=,uuid=" -c "number" "$old_num"
+        else
+            printf "Deleting old snapshot for %s...\n" "$x"
+            snapper -c "$x" delete "$old_num"
+        fi
+    fi
+    if [[ -z $remote ]]; then
+        cp "$new_info" "$backup_location"
+    else
+        if [[ -z $port ]]; then
+            rsync -avzq "$new_info" "$remote":"$backup_location"
+        else
+            rsync -avzqe "ssh -p $port" "$new_info" "$remote":"$backup_location"
+        fi
+    fi
+    # It's important not to change this userdata in the snapshots, since that's how
+    # we find the previous one.
+    userdata="backupdir=$mybackupdir, subvolid=$selected_subvolid, uuid=$selected_uuid"
+    # Tag new snapshot as the latest
+    printf "Tagging local snapshot as latest backup for '%s' configuration...\n" "$x"
+    snapper -v -c "$x" modify -d "$description" -u "$userdata" "$new_num"
+    printf "Backup complete for '%s' configuration.\n" "$x"
+printf "\nDone!\n"
+if [[ "$uuid_cmdline" != "none" ]]; then
+    notify_info "Finished" "Backups to $uuid_cmdline complete!"
+    notify_info "Finished" "Backups complete!"
@@ -6,5 +6,6 @@
+    ./backup