modules/backup: Make backup preparing a separate service

This change also removes the auto mount stuff from the local backup. This is just not really useful for an on-demand backup
author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-05-04 22:50:22 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-05-04 22:50:22 +0200
commit: daa09e5a14ff369d00acc49368e7b1f191fed49f (patch)
tree: 3ad6eccab6bd360b45839ab0eb2801ea3f108b02 /modules/by-name
parent: modules/nvim/plgs/luasnip: Remove useless `./lua` directory (diff)
download: nixos-config-daa09e5a14ff369d00acc49368e7b1f191fed49f.zip
1 files changed, 65 insertions, 42 deletions
diff --git a/modules/by-name/ba/backup/module.nix b/modules/by-name/ba/backup/module.nix
index 8d7d6bbb..eb7fedf0 100644
--- a/modules/by-name/ba/backup/module.nix
+++ b/modules/by-name/ba/backup/module.nix
@@ -14,6 +14,8 @@
   ...
 }: let
   cfg = config.soispha.services.backup;
+
+  snapshotDir = "/srv/last_snapshot";
 in {
   options.soispha.services.backup = {
     storagebox = {
@@ -46,9 +48,10 @@ in {
         default = ./secrets/local/repository_password.age;
       };
 
-      backupDiskUuid = lib.mkOption {
-        example = lib.literalExpression "d1d20ae7-3d8a-44da-86da-677dbbb10c89";
-        description = "The UUID of the backup disk";
+      backupMountPoint = lib.mkOption {
+        type = lib.types.path;
+        description = "The path where to expect the mounted backup disk";
+        default = "/mnt/backup";
       };
     };
   };
@@ -82,8 +85,56 @@ in {
       };
     };
 
+    systemd.services = {
+      prepare-backup = {
+        requires = [];
+        after = [];
+
+        description = "Prepare a backup by snapshotting the system.";
+
+        serviceConfig = {
+          ExecStart = lib.getExe (pkgs.writeShellApplication {
+            name = "prepareBackup";
+            text = ''
+              set -x
+
+              [ -d "${snapshotDir}" ] && btrfs subvolume delete "${snapshotDir}"
+
+              # -r := Make the snapshot read-only
+              btrfs subvolume snapshot -r /srv "${snapshotDir}";
+            '';
+
+            inheritPath = false;
+            runtimeInputs = [
+              pkgs.btrfs-progs
+            ];
+          });
+
+          Type = "oneshot";
+
+          User = "root";
+          Group = "root";
+
+          # TODO: Hardening <2025-05-04>
+        };
+      };
+
+      restic-backups-storagebox = lib.mkIf cfg.storagebox.enable {
+        requires = ["prepare-backup.service"];
+        after = ["prepare-backup.service"];
+      };
+
+      restic-backups-local = lib.mkIf cfg.local.enable {
+        requires = ["prepare-backup.service"];
+        after = ["prepare-backup.service"];
+
+        serviceConfig = {
+          ConditionPathIsDirectory = "${cfg.local.backupMountPoint}";
+        };
+      };
+    };
+
     services.restic.backups = let
-      snapshotDir = "/srv/last_snapshot";
       homeDir = "${snapshotDir}/home";
 
       paths = [
@@ -95,54 +146,26 @@ in {
       extraBackupArgs = [
         "--verbose=2"
       ];
-
-      backupPrepareCommand = extra:
-      # bash
-        extra
-        + ''
-          [ -d "${snapshotDir}" ] && ${lib.getExe' pkgs.btrfs-progs "btrfs"} subvolume delete "${snapshotDir}"
-
-          # -r := Make the snapshot read-only
-          ${lib.getExe' pkgs.btrfs-progs "btrfs"} subvolume snapshot -r /srv "${snapshotDir}";
-        '';
     in {
-      local = let
-        backupMountPoint = "/run/media/${cfg.local.backupDiskUuid}";
-      in
-        lib.mkIf cfg.local.enable {
-          inhibitsSleep = true;
-          initialize = true;
-
-          inherit paths exclude extraBackupArgs;
-
-          # TODO: We could maybe use systemd's built-in system for this mounting. <2025-05-01>
-          backupPrepareCommand =
-            backupPrepareCommand
-            # bash
-            ''
-              set -xeu
-              ${lib.getExe' pkgs.util-linux "mount"} --mkdir "/dev/disk/by-uuid/${cfg.local.backupDiskUuid}" "${backupMountPoint}"
-            '';
-          backupCleanupCommand =
-            # bash
-            ''
-              ${lib.getExe' pkgs.util-linux "umount"} "${backupMountPoint}"
-            '';
+      local = lib.mkIf cfg.local.enable {
+        inhibitsSleep = true;
+        initialize = true;
 
-          passwordFile = config.age.secrets.resticLocalRepositoryPassword.path;
+        inherit paths exclude extraBackupArgs;
 
-          repository = "${backupMountPoint}/restic-backup-data/";
+        passwordFile = config.age.secrets.resticLocalRepositoryPassword.path;
 
-          # Start on demand.
-          timerConfig = null;
-        };
+        repository = "${cfg.local.backupMountPoint}/restic-backup-data/";
+
+        # Start on demand.
+        timerConfig = null;
+      };
 
       storagebox = lib.mkIf cfg.storagebox.enable {
         inhibitsSleep = true;
         initialize = true;
 
         inherit paths exclude extraBackupArgs;
-        backupPrepareCommand = backupPrepareCommand "";
 
         passwordFile = config.age.secrets.resticStorageboxRepositoryPassword.path;
         extraOptions = [
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-05-04 22:50:22 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-05-04 22:50:22 +0200
commit	daa09e5a14ff369d00acc49368e7b1f191fed49f (patch)
tree	3ad6eccab6bd360b45839ab0eb2801ea3f108b02 /modules/by-name
parent	modules/nvim/plgs/luasnip: Remove useless `./lua` directory (diff)
download	nixos-config-daa09e5a14ff369d00acc49368e7b1f191fed49f.zip