From 547b122ff2f274750f1aba5206079b79b132fad9 Mon Sep 17 00:00:00 2001 From: Giacomo Leidi Date: Wed, 1 May 2024 23:15:07 +0200 Subject: services: Add restic-backup service. * gnu/services/backup.scm: New file. * gnu/local.mk: Add this. * doc/guix.texi: Document this. Change-Id: I9efd5559bb445b484107a7c27c2d0a65ccad1e66 --- doc/guix.texi | 112 +++++++++++++++++++++++ gnu/local.mk | 1 + gnu/services/backup.scm | 236 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 349 insertions(+) create mode 100644 gnu/services/backup.scm diff --git a/doc/guix.texi b/doc/guix.texi index 3f5d4e7f0d..1b52c43c34 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40946,6 +40946,118 @@ Mode for filter. @c End of auto-generated fail2ban documentation. +@cindex Backup +@subsubheading Backup Services + +The @code{(gnu services backup)} module offers services for backing up +file system trees. For now, it provides the @code{restic-backup-service-type}. + +With @code{restic-backup-service-type}, you can periodically back up +directories and files with @uref{https://restic.net/, Restic}, which +supports end-to-end encryption and deduplication. Consider the +following configuration: + +@lisp +(operating-system + + (packages (list "rclone")) + + (services + (list + (service restic-backup-service-type + (restic-backup-configuration + (jobs + (list (restic-backup-job + (name "remote-ftp") + (repository "rclone:remote-ftp:backup/restic") + (password-file "/root/.restic") + ;; Every day at 23. + (schedule "0 23 * * *") + (files '("/root/.restic" + "/root/.config/rclone" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/guix/signing-key.pub" + "/etc/guix/signing-key.sec")))))))))) +@end lisp + +Each @code{restic-backup-job} translates to an mcron job which sets the +@env{RESTIC_PASSWORD} environment variable by reading the first line of +@code{password-file} and runs @command{restic backup}. + +The @code{restic-backup-service-type} installs as well @code{restic-guix} +to the system profile, a @code{restic} utility wrapper that allows for easier +interaction with the Guix configured backup jobs. For example the following +could be used to instantaneusly trigger a backup for the above shown +configuration, without waiting for the scheduled job: + +@example +restic-guix backup remote-ftp +@end example + +@c %start of fragment + +@deftp {Data Type} restic-backup-configuration +Available @code{restic-backup-configuration} fields are: + +@table @asis +@item @code{jobs} (default: @code{'()}) (type: list-of-restic-backup-jobs) +The list of backup jobs for the current system. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} restic-backup-job +Available @code{restic-backup-job} fields are: + +@table @asis +@item @code{restic} (default: @code{restic}) (type: package) +The restic package to be used for the current job. + +@item @code{user} (default: @code{"root"}) (type: string) +The user used for running the current job. + +@item @code{repository} (type: string) +The restic repository target of this job. + +@item @code{name} (type: string) +A string denoting a name for this job. + +@item @code{password-file} (type: string) +Name of the password file, readable by the configured @code{user}, +that will be used to set the @env{RESTIC_PASSWORD} environment variable +for the current job. + +@item @code{schedule} (type: gexp-or-string) +A string or a gexp that will be passed as time specification in the +mcron job specification (@pxref{Syntax, mcron job specifications,, +mcron,GNU@tie{}mcron}). + +@item @code{files} (default: @code{'()}) (type: list-of-lowerables) +The list of files or directories to be backed up. It must be a list of +values that can be lowered to strings. + +@item @code{verbose?} (default: @code{#f}) (type: boolean) +Whether to enable verbose output for the current backup job. + +@item @code{extra-flags} (default: @code{'()}) (type: list-of-lowerables) +A list of values that are lowered to strings. These will be passed as +command-line arguments to the current job @command{restic backup} +invokation. + +@end table + +@end deftp + + +@c %end of fragment + @node Setuid Programs @section Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mk index 42961e60b2..3781d97323 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -699,6 +699,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/auditd.scm \ %D%/services/avahi.scm \ %D%/services/base.scm \ + %D%/services/backup.scm \ %D%/services/certbot.scm \ %D%/services/cgit.scm \ %D%/services/ci.scm \ diff --git a/gnu/services/backup.scm b/gnu/services/backup.scm new file mode 100644 index 0000000000..555e9fc959 --- /dev/null +++ b/gnu/services/backup.scm @@ -0,0 +1,236 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Giacomo Leidi +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services backup) + #:use-module (gnu packages backup) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services mcron) + #:use-module (guix build-system copy) + #:use-module (guix gexp) + #:use-module ((guix licenses) + #:prefix license:) + #:use-module (guix modules) + #:use-module (guix packages) + #:use-module (srfi srfi-1) + #:export (restic-backup-job + restic-backup-job? + restic-backup-job-fields + restic-backup-job-restic + restic-backup-job-user + restic-backup-job-name + restic-backup-job-repository + restic-backup-job-password-file + restic-backup-job-schedule + restic-backup-job-files + restic-backup-job-verbose? + restic-backup-job-extra-flags + + restic-backup-configuration + restic-backup-configuration? + restic-backup-configuration-fields + restic-backup-configuration-jobs + + restic-backup-job-program + restic-backup-job->mcron-job + restic-guix + restic-guix-wrapper-package + restic-backup-service-profile + restic-backup-service-type)) + +(define (gexp-or-string? value) + (or (gexp? value) + (string? value))) + +(define (lowerable? value) + (or (file-like? value) + (gexp-or-string? value))) + +(define list-of-lowerables? + (list-of lowerable?)) + +(define-configuration/no-serialization restic-backup-job + (restic + (package restic) + "The restic package to be used for the current job.") + (user + (string "root") + "The user used for running the current job.") + (name + (string) + "A string denoting a name for this job.") + (repository + (string) + "The restic repository target of this job.") + (password-file + (string) + "Name of the password file, readable by the configured @code{user}, that +will be used to set the @code{RESTIC_PASSWORD} environment variable for the +current job.") + (schedule + (gexp-or-string) + "A string or a gexp that will be passed as time specification in the mcron +job specification (@pxref{Syntax, mcron job specifications,, mcron, +GNU@tie{}mcron}).") + (files + (list-of-lowerables '()) + "The list of files or directories to be backed up. It must be a list of +values that can be lowered to strings.") + (verbose? + (boolean #f) + "Whether to enable verbose output for the current backup job.") + (extra-flags + (list-of-lowerables '()) + "A list of values that are lowered to strings. These will be passed as +command-line arguments to the current job @command{restic backup} invokation.")) + +(define list-of-restic-backup-jobs? + (list-of restic-backup-job?)) + +(define-configuration/no-serialization restic-backup-configuration + (jobs + (list-of-restic-backup-jobs '()) + "The list of backup jobs for the current system.")) + +(define (restic-backup-job-program config) + (let ((restic + (file-append (restic-backup-job-restic config) "/bin/restic")) + (repository + (restic-backup-job-repository config)) + (password-file + (restic-backup-job-password-file config)) + (files + (restic-backup-job-files config)) + (extra-flags + (restic-backup-job-extra-flags config)) + (verbose + (if (restic-backup-job-verbose? config) + '("--verbose") + '()))) + (program-file + "restic-backup-job.scm" + #~(begin + (use-modules (ice-9 popen) + (ice-9 rdelim)) + (setenv "RESTIC_PASSWORD" + (with-input-from-file #$password-file read-line)) + + (execlp #$restic #$restic #$@verbose + "-r" #$repository + #$@extra-flags + "backup" #$@files))))) + +(define (restic-guix jobs) + (program-file + "restic-guix" + #~(begin + (use-modules (ice-9 match) + (srfi srfi-1)) + + (define names '#$(map restic-backup-job-name jobs)) + (define programs '#$(map restic-backup-job-program jobs)) + + (define (get-program name) + (define idx + (list-index (lambda (n) (string=? n name)) names)) + (unless idx + (error (string-append "Unknown job name " name "\n\n" + "Possible job names are: " + (string-join names " ")))) + (list-ref programs idx)) + + (define (backup args) + (define name (third args)) + (define program (get-program name)) + (execlp program program)) + + (define (validate-args args) + (when (not (>= (length args) 3)) + (error (string-append "Usage: " (basename (car args)) + " backup NAME")))) + + (define (main args) + (validate-args args) + (define action (second args)) + (match action + ("backup" + (backup args)) + (_ + (error (string-append "Unknown action: " action))))) + + (main (command-line))))) + +(define (restic-backup-job->mcron-job config) + (let ((user + (restic-backup-job-user config)) + (schedule + (restic-backup-job-schedule config)) + (name + (restic-backup-job-name config))) + #~(job #$schedule + #$(string-append "restic-guix backup " name) + #:user #$user))) + +(define (restic-guix-wrapper-package jobs) + (package + (name "restic-backup-service-wrapper") + (version "0.0.0") + (source (restic-guix jobs)) + (build-system copy-build-system) + (arguments + (list #:install-plan #~'(("./" "/bin")))) + (home-page "https://restic.net") + (synopsis + "Easily interact from the CLI with Guix configured backups") + (description + "This package provides a simple wrapper around @code{restic}, handled +by the @code{restic-backup-service-type}. It allows for easily interacting +with Guix configured backup jobs, for example for manually triggering a backup +without waiting for the scheduled job to run.") + (license license:gpl3+))) + +(define restic-backup-service-profile + (lambda (config) + (define jobs (restic-backup-configuration-jobs config)) + (if (> (length jobs) 0) + (list + (restic-guix-wrapper-package jobs)) + '()))) + +(define restic-backup-service-type + (service-type (name 'restic-backup) + (extensions + (list + (service-extension profile-service-type + restic-backup-service-profile) + (service-extension mcron-service-type + (lambda (config) + (map restic-backup-job->mcron-job + (restic-backup-configuration-jobs + config)))))) + (compose concatenate) + (extend + (lambda (config jobs) + (restic-backup-configuration + (inherit config) + (jobs (append (restic-backup-configuration-jobs config) + jobs))))) + (default-value (restic-backup-configuration)) + (description + "This service configures @code{mcron} jobs for running backups +with @code{restic}."))) -- cgit v1.2.3