New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
duplicityBackup module: init at v1.3.0 #28850
Conversation
}; | ||
|
||
extraConfig = mkOption { | ||
type = types.str; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider types.lines
here, I think it has more intuitive merge semantics for an option like this.
}; | ||
script = '' | ||
${cfgPackage}/bin/duplicity-backup.sh \ | ||
-c /etc/duplicity-backup.conf \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of writing to /etc
could you pass the config file directly here or is there some other use for storing the config under /etc
specifically?
''; | ||
}; | ||
|
||
onCalendar = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A potential improvement for the future is to support multiple backup jobs.
then "yes" else "no" | ||
}" | ||
${optionalString cfg.encryption.enable '' | ||
PASSPHRASE="${cfg.encryption.passphrase}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that the passphrase will end up in the Nix store. Is that a problem?
} | ||
]; | ||
|
||
system.activationScripts.duplicity-backup = stringAfter [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can do this in the service's preStart
. Then it'll run only when the service is started, not on all nixos system activations (likely to be a waste of time).
|
||
stdenv.mkDerivation rec { | ||
name = "duplicity-backup-sh-${version}"; | ||
version = "v1.3.0"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The v
is not supposed to be in the version
part.
|
||
buildInputs = [ makeWrapper ]; | ||
|
||
phases = [ "unpackPhase" "installPhase" ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try not to set phases
, that should typically only be done by more generic builders. In this case you likely want buildPhase = ":";
.
This is superseded by #53463. |
Motivation for this change
I wanted to be able to configure encrypted backup using duplicity.
this service is using duplicity-backup.sh to configure and run duplicity
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandbox
innix.conf
on non-NixOS)
nix-shell -p nox --run "nox-review wip"
./result/bin/
)