nixos/restic: Add rclone options #91424
Conversation
|
@i077 I didn't get the kernel panic. Wild shot into the blue: Try booting into a more recent kernel ;-) However, the test fails, as I believe we want to prefix |
I'm actually on kernel 5.7.4 right now. Maybe that's too new?
Oh yeah, that makes sense, since restic doesn't magically know where rclone is outside of the systemd service. Should I just add EDIT: Booted into a previous generation with kernel 5.6.18 and tests there work fine. |
i077
force-pushed
the
restic-rclone-opts
branch
2 times, most recently
from
67dc600
to
608dc71
Compare
|
Okay, I've updated the test so rclone is in |
I'd prefer that approach, as it wouldn't require users to also have |
|
Rclone is already in the PATH of the systemd service (see line 242 of the restic module), if that's what you're asking. Users don't need to install rclone separately to start a backup service. I'm not sure how to add it outside other than exporting a new PATH or just adding it to |
|
Is this PR ready to be merged? Everything works on my end. |
|
As written in #91424 (comment), I think wrapping
That's how I'd do it: diff --git a/pkgs/tools/backup/restic/default.nix b/pkgs/tools/backup/restic/default.nix
index f366533f9bf..e8d7ea3346a 100644
--- a/pkgs/tools/backup/restic/default.nix
+++ b/pkgs/tools/backup/restic/default.nix
@@ -1,4 +1,11 @@
-{ stdenv, lib, buildGoPackage, fetchFromGitHub, installShellFiles, nixosTests}:
+{ stdenv
+, lib
+, buildGoPackage
+, fetchFromGitHub
+, installShellFiles
+, makeWrapper
+, nixosTests
+, rclone }:
buildGoPackage rec {
pname = "restic";
@@ -15,11 +22,13 @@ buildGoPackage rec {
subPackages = [ "cmd/restic" ];
- nativeBuildInputs = [ installShellFiles ];
+ nativeBuildInputs = [ installShellFiles makeWrapper ];
passthru.tests.restic = nixosTests.restic;
- postInstall = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
+ postInstall = ''
+ wrapProgram $out/bin/restic --prefix PATH : '${rclone}/bin'
+ '' + lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
$out/bin/restic generate \
--bash-completion restic.bash \
--zsh-completion restic.zsh \And then of course rclone doesn't need to be in |
|
Ah, I didn't realize you were talking about the actual derivations for restic (and borg and ssh). I added the wrapper you mentioned and pushed everything up again. Test is still passing. |
ofborg
bot
added
10.rebuild-darwin: 1-10
10.rebuild-darwin: 1
and removed
10.rebuild-darwin: 0
10.rebuild-linux: 1
labels
| Warning: Secrets set in here will be world-readable in the Nix | ||
| store! Consider using the <literal>rcloneConfigFile</literal> | ||
| option instead to specify secret values, which will take precedence | ||
| over options set here. |
There was a problem hiding this comment.
How well does using a config file and using these options play together?
There was a problem hiding this comment.
The environment variables essentially set the "default" value for rclone, but if it finds that value also set in the config file, rclone will use the value in the latter.
For example, if I specified RCLONE_CONFIG_REMOTEA_TYPE=s3, but then in the config file I had
[remoteA]
type=b2
rclone will treat remoteA as a B2 remote.
So the user can set both values, but on a conflict, the config file will win.
EDIT: Looks like this doesn't actually happen. I'm updating the test so that rcloneConfig.type = "ftp", which would get overridden by a config file I'd add that says the type is local, but rclone still seems to think the remote is of type ftp.
EDIT 2: Okay, looks like it's the other way around. On conflict, the env variables win. I'll update the options and test to reflect that.
There was a problem hiding this comment.
Is this intended behaviour? I'd doubt. Maybe open a bug upstream and don't specify it here (or at least link to the bug).
We shouldn't mark this as a feature, so people don't rely on it.
There was a problem hiding this comment.
I opened a question on their forums here to confirm whether this is intended behavior. If it turns out I'm not supposed to do this (or that we shouldn't rely on it regardless), I can either
- Remove
rcloneConfigand just have users usercloneConfigFileon its own, or - Keep both options, but add an assertion to the module that only one option can be used at a time. Users can use one option or the other, but not both.
Which would be preferable?
There was a problem hiding this comment.
https://rclone.org/docs/#environment-variables reads like environment variables should set the default, but not win over command line arguments or config files.
Given rclone also supports config file encryption, we should definitely keep rcloneConfigFile.
I'm not sure if we need both rcloneConfig and rcloneOptions (if they provide the same feature set). WDYT?
There was a problem hiding this comment.
Yeah, that wording in their docs wasn't the best. Hopefully they'll clear things up. I agree we should keep the rcloneConfigFile option.
rcloneConfig and rcloneOptions provide different things:
rcloneOptionswas meant to control global rclone behavior, i.e. options that are listed at https://rclone.org/docs/#options. This is stuff like bandwidth limits, using checksums to compare files, etc.rcloneConfigis used to configure specific remotes, e.g. S3 access credentials, etc, i.e. stuff available in the docs for specific remote types (for example, https://rclone.org/s3/#standard-options for S3 remotes).
There was a problem hiding this comment.
Looks like this is intended behavior. See linked post for the order of precedence. I think since they specified the order (and it seems like they plan on keeping that behavior around) we should keep both options and allow users to specify both simultaneously.
There was a problem hiding this comment.
@flokli if you're good with keeping both options, I'm going to resolve this thread.
|
Thanks for your patience and the PR! |
My PR in NixOS/nixpkgs#91424 was merged!
Motivation for this change
Restic provides the ability to backup to rclone remotes, but options to specify rclone configuration for restic are not available here. Rclone allows global options (bandwidth limits, use checksums, etc.) to be set via environment variables, and remote-specific config to be set via either environment variables or a config file, the latter of which takes precedence.
I'm adding 3 new options to the restic module here,
rcloneOptions,rcloneConfig, andrcloneConfigFile, which allows the user to specify the above options respectively.I also modified the existing restic test to backup to a new local repository just using rclone. It backs up the exact same stuff in the same way. Unfortunately I can't actually run this test because I'm running into a weird kernel panic error no matter what test I run. If someone could either help me diagnose this error (here is the log, the error seems to happen at line 366) or just run the
restic.nixtest themselves, I'd be grateful.I do know that this works: I tested it on my own config with a OneDrive rclone remote, which produces the exact same systemd service file.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)