modules/backup: refactor to be more configurable

modules/modules/backup.nix

@@ -5,30 +5,21 @@
 with lib;
 with lib.our;
 let
-  excludes = {
-    "/home/infinidoge" = [
-      ".cache"
-      "*/cache2"
-      "*/Cache"
-    ];
-  };
-
   append = root: path: (root + "/" + path);
 
   excludes' = concatLists
     (mapAttrsToList
       (root: map (append root))
-      excludes
+      cfg.excludes
     );
 
-
   commonArgs = {
     environment = {
       BORG_RSH = "ssh -i ${config.secrets.borg-ssh-key}";
       BORG_REMOTE_PATH = "/usr/local/bin/borg1/borg1";
       BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
     };
-    extraCreateArgs = "--verbose --stats --checkpoint-interval 600";
+    extraCreateArgs = "--verbose --stats --checkpoint-interval 300";
     compression = "auto,zstd,3";
     doInit = true;
     persistentTimer = true;
@@ -37,37 +28,6 @@ let
       mode = "repokey-blake2";
       passCommand = "cat ${config.secrets.borg-password}";
     };
-  };
-
-  repo = "rsync.net:backups/hosts";
-
-  backupTimes = {
-    "Infini-FRAMEWORK" = "00:00";
-    "Infini-OPTIPLEX" = "01:00";
-    "Infini-SERVER" = "02:00";
-    "Infini-DESKTOP" = "03:00";
-    "Infini-SD" = "04:00";
-
-  };
-in
-{
-  users.groups."borg" = { };
-
-  environment.systemPackages = with pkgs; [
-    borgbackup
-  ];
-
-  environment.variables = {
-    inherit (commonArgs.environment) BORG_RSH BORG_REMOTE_PATH;
-    BORG_REPO = repo;
-    BORG_PASSCOMMAND = commonArgs.encryption.passCommand;
-  };
-
-  services.borgbackup.jobs."persist" = commonArgs // rec {
-    paths = "/persist";
-    inherit repo;
-    exclude = map (append paths) excludes';
-    startAt = "*-*-* ${backupTimes.${config.networking.hostName}}";
     prune.keep = {
       within = "1d"; # Keep all archives from the last day
       daily = 7;
@@ -76,7 +36,80 @@ in
     };
   };
 
-  systemd.timers."borgbackup-job-persist" = {
+  mkJob = paths: commonArgs // {
-    requires = [ "network-online.target" ];
+    inherit paths;
+    inherit (cfg) repo;
+    exclude = cfg.extraExcludes ++ (map (append paths) excludes');
+    startAt = "*-*-* ${cfg.backupTimes.${config.networking.hostName}}";
   };
+
+  cfg = config.modules.backups;
+in
+{
+  options.modules.backups = with types; {
+    enable = mkBoolOpt true;
+    userEnvironment = mkBoolOpt true;
+    repo = mkOpt str "rsync.net:backups/hosts";
+    excludes = mkOpt (attrsOf (listOf str)) {};
+    extraExcludes = mkOpt (listOf str) [ ];
+    backupTimes = mkOpt (attrsOf str) { };
+    jobs = mkOpt (attrsOf str) { };
+  };
+
+  config = mkMerge [
+    {
+      modules.backups.excludes = {
+        "/home/infinidoge" = [
+          ".cache"
+          "*/cache2"
+          "*/Cache"
+          ".local/share/Steam"
+        ];
+      };
+
+      modules.backups.backupTimes = {
+        "Infini-FRAMEWORK" = "00:00";
+        "Infini-OPTIPLEX" = "01:00";
+        "Infini-SERVER" = "02:00";
+        "Infini-DESKTOP" = "03:00";
+        "Infini-SD" = "04:00";
+      };
+
+      modules.backups.jobs = {
+        "persist" = "/persist";
+      };
+
+      common.backups = {
+        inherit commonArgs;
+      };
+
+      # For allowing user access to borg password
+      # See secrets/default.nix
+      users.groups."borg" = { };
+    }
+    (mkIf cfg.userEnvironment {
+      environment.systemPackages = with pkgs; [
+        borgbackup
+      ];
+
+      environment.variables = {
+        inherit (commonArgs.environment) BORG_RSH BORG_REMOTE_PATH;
+        BORG_REPO = cfg.repo;
+        BORG_PASSCOMMAND = commonArgs.encryption.passCommand;
+      };
+    })
+    (mkIf cfg.enable {
+      services.borgbackup.jobs = mapAttrs (_: mkJob) cfg.jobs;
+
+      systemd.timers = lib.mapAttrs'
+        (n: _: lib.nameValuePair "borgbackup-job-${n}" {
+          requires = [ "network-online.target" ];
+        })
+        cfg.jobs;
+
+      persist.directories = [
+        "/root/.cache/borg"
+      ];
+    })
+  ];
 }