From patchwork Sat Mar 2 20:51:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: paul X-Patchwork-Id: 61301 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7DAFD27BBE9; Sat, 2 Mar 2024 20:54:46 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 02C2D27BBE2 for ; Sat, 2 Mar 2024 20:54:44 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rgWNQ-00051K-6T; Sat, 02 Mar 2024 15:54:36 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rgWNO-000519-Go for guix-patches@gnu.org; Sat, 02 Mar 2024 15:54:34 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rgWNO-0002wM-3z for guix-patches@gnu.org; Sat, 02 Mar 2024 15:54:34 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rgWNq-0001u6-6w for guix-patches@gnu.org; Sat, 02 Mar 2024 15:55:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#69513] [PATCH] services: Add restic-backup service. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 02 Mar 2024 20:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 69513 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 69513@debbugs.gnu.org Cc: Giacomo Leidi X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17094128527257 (code B ref -1); Sat, 02 Mar 2024 20:55:02 +0000 Received: (at submit) by debbugs.gnu.org; 2 Mar 2024 20:54:12 +0000 Received: from localhost ([127.0.0.1]:39391 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rgWN1-0001sx-4t for submit@debbugs.gnu.org; Sat, 02 Mar 2024 15:54:11 -0500 Received: from lists.gnu.org ([209.51.188.17]:55694) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rgWMx-0001so-9u for submit@debbugs.gnu.org; Sat, 02 Mar 2024 15:54:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rgWMU-0004wk-3f for guix-patches@gnu.org; Sat, 02 Mar 2024 15:53:38 -0500 Received: from confino.investici.org ([93.190.126.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rgWMQ-0002t0-Pu for guix-patches@gnu.org; Sat, 02 Mar 2024 15:53:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1709412803; bh=wArggADkbOhR4EOItOzSNzsgXk2zVXQRxNSiQnvaDZk=; h=From:To:Cc:Subject:Date:From; b=DxQjtZ72KZa48Dk5Q7VNOaB5gB64rOIiF4ty0URUeib0VzCeFswssSKEEk9x/aGy2 4eSt5AYEr/dXDo9nTUIVT6iodUhVZ5dDxu64CCbuqE0L2rDZmxz1RDqVQS/5Z8Dvs2 plIwPg6l48blDi2Qe1ZLUr85E+h7X0vYyDFhEDQE= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4TnHH72cH2z11CT; Sat, 2 Mar 2024 20:53:23 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4TnHH71l2Pz11Bv; Sat, 2 Mar 2024 20:53:23 +0000 (UTC) Date: Sat, 2 Mar 2024 21:51:24 +0100 Message-ID: <3afc07b0f3e6663a9fb64203544bce1659f97364.1709412684.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Received-SPF: pass client-ip=93.190.126.19; envelope-from=goodoldpaul@autistici.org; helo=confino.investici.org X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Giacomo Leidi X-ACL-Warn: , Giacomo Leidi via Guix-patches X-Patchwork-Original-From: Giacomo Leidi via Guix-patches via From: paul Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/backup.scm: New file. * gnu/local.mk: Add this. * doc/guix.texi: Document this. Change-Id: I9efd5559bb445b484107a7c27c2d0a65ccad1e66 --- doc/guix.texi | 95 +++++++++++++++++++++++- gnu/local.mk | 1 + gnu/services/backup.scm | 160 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 255 insertions(+), 1 deletion(-) create mode 100644 gnu/services/backup.scm base-commit: 6f5ea7ac1acb3d1c53baf7620cca66cc87fe5a73 diff --git a/doc/guix.texi b/doc/guix.texi index 87fe9f803c..4e53d22c5a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -111,7 +111,7 @@ Copyright @copyright{} 2022 John Kehayias@* Copyright @copyright{} 2022⁠–⁠2023 Bruno Victal@* Copyright @copyright{} 2022 Ivan Vilata-i-Balaguer@* -Copyright @copyright{} 2023 Giacomo Leidi@* +Copyright @copyright{} 2023, 2024 Giacomo Leidi@* Copyright @copyright{} 2022 Antero Mejr@* Copyright @copyright{} 2023 Karl Hallsby@* Copyright @copyright{} 2023 Nathaniel Nicandro@* @@ -41045,6 +41045,99 @@ Miscellaneous Services @c End of auto-generated fail2ban documentation. +@cindex Backup +@subsubheading Backup services + +The @code{(gnu services backup)} module offers services for backing up +file system trees. For now, it provides the @code{restic-backup-service-type}. + +To backup a list of file system trees to a pre-initialized, end-to-end +encrypted, deduplicated data repository, you could so with the +@code{restic-backup-service-type}. For example with the following +configuration: + +@lisp +(service restic-backup-service-type + (restic-backup-configuration + (jobs + (list (restic-backup-job + (repository "rclone:remote-ftp:backup/restic") + (password-file "/root/.restic") + ;; Every day at 23. + (specification "0 23 * * *") + (included '("/root/.restic" + "/root/.config/rclone" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/guix/signing-key.pub" + "/etc/guix/signing-key.sec"))))))) +@end lisp + +Each @code{restic-backup-job} translates to an mcron job which sets the +@code{RESTIC_PASSWORD} environment variable by reading the first line of +@code{password-file} and runs @command{restic backup}. + +@c %start of fragment + +@deftp {Data Type} restic-backup-configuration +Available @code{restic-backup-configuration} fields are: + +@table @asis +@item @code{jobs} (default: @code{'()}) (type: list-of-restic-backup-jobs) +The list of backup jobs for the current system. + +@end table + +@end deftp + + +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} restic-backup-job +Available @code{restic-backup-job} fields are: + +@table @asis +@item @code{restic} (default: @code{restic}) (type: package) +The restic package to be used for the current job. + +@item @code{user} (default: @code{"root"}) (type: string) +The user used for running the current job. + +@item @code{repository} (type: string) +The restic repository target of this job. + +@item @code{password-file} (type: string) +The path of a password file, readable by the configured @code{user}, +that will be used to set the @code{RESTIC_PASSWORD} environment variable +for the current job. + +@item @code{specification} (type: gexp-or-string) +A string or a gexp that will be passed as time specification in the +mcron job specification (@pxref{Syntax, mcron job specifications,, +mcron,GNU@tie{}mcron}). + +@item @code{included} (default: @code{'()}) (type: list-of-lowerables) +A list of values that are lowered to strings representing filesystem +paths. These are the paths that will be recursively included in the +current job. + +@item @code{verbose?} (default: @code{#f}) (type: boolean) +Whether to enable verbose output for the current backup job. + +@item @code{extra-flags} (default: @code{'()}) (type: list-of-lowerables) +A list of values that are lowered to strings. These will be passed as +command-line arguments to the current job @command{restic backup} +invokation. + +@end table + +@end deftp + + +@c %end of fragment + @node Setuid Programs @section Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mk index cabd82f532..bf911327f4 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -693,6 +693,7 @@ GNU_SYSTEM_MODULES = \ %D%/services/auditd.scm \ %D%/services/avahi.scm \ %D%/services/base.scm \ + %D%/services/backup.scm \ %D%/services/certbot.scm \ %D%/services/cgit.scm \ %D%/services/ci.scm \ diff --git a/gnu/services/backup.scm b/gnu/services/backup.scm new file mode 100644 index 0000000000..e9172af8c4 --- /dev/null +++ b/gnu/services/backup.scm @@ -0,0 +1,160 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Giacomo Leidi +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu services backup) + #:use-module (gnu packages backup) + #:use-module (gnu services) + #:use-module (gnu services configuration) + #:use-module (gnu services mcron) + #:use-module (guix gexp) + #:use-module (guix modules) + #:use-module (guix packages) + #:use-module (srfi srfi-1) + #:export (restic-backup-job + restic-backup-job? + restic-backup-job-fields + restic-backup-job-restic + restic-backup-job-user + restic-backup-job-repository + restic-backup-job-password-file + restic-backup-job-included + restic-backup-job-verbose? + restic-backup-job-extra-flags + + restic-backup-configuration + restic-backup-configuration? + restic-backup-configuration-fields + restic-backup-configuration-jobs + + restic-backup-job-program + restic-backup-job->mcron-job + restic-backup-service-type)) + +(define (gexp-or-string? value) + (or (gexp? value) + (string? value))) + +(define (lowerable? value) + (or (file-like? value) + (gexp-or-string? value))) + +(define list-of-lowerables? + (list-of lowerable?)) + +(define-configuration/no-serialization restic-backup-job + (restic + (package restic) + "The restic package to be used for the current job.") + (user + (string "root") + "The user used for running the current job.") + (repository + (string) + "The restic repository target of this job.") + (password-file + (string) + "The path of a password file, readable by the configured @code{user}, that +will be used to set the @code{RESTIC_PASSWORD} environment variable for the +current job.") + (specification + (gexp-or-string) + "A string or a gexp that will be passed as time specification in the mcron +job specification (@pxref{Syntax, mcron job specifications,, mcron, +GNU@tie{}mcron}).") + (included + (list-of-lowerables '()) + "A list of values that are lowered to strings representing filesystem paths. +These are the paths that will be recursively included in the current job.") + (verbose? + (boolean #f) + "Whether to enable verbose output for the current backup job.") + (extra-flags + (list-of-lowerables '()) + "A list of values that are lowered to strings. These will be passed as +command-line arguments to the current job @command{restic backup} invokation.")) + +(define list-of-restic-backup-jobs? + (list-of restic-backup-job?)) + +(define-configuration/no-serialization restic-backup-configuration + (jobs + (list-of-restic-backup-jobs '()) + "The list of backup jobs for the current system.")) + +(define (restic-backup-job-program config) + (let ((restic + (file-append (restic-backup-job-restic config) "/bin/restic")) + (repository + (restic-backup-job-repository config)) + (password-file + (restic-backup-job-password-file config)) + (included + (restic-backup-job-included config)) + (extra-flags + (restic-backup-job-extra-flags config)) + (verbose + (if (restic-backup-job-verbose? config) + '("--verbose") + '()))) + (program-file + "restic-backup-job.scm" + (with-imported-modules (source-module-closure + '((guix build utils))) + #~(begin + (use-modules (guix build utils) + (ice-9 popen) + (ice-9 rdelim)) + (setenv "RESTIC_PASSWORD" + (with-input-from-file #$password-file read-line)) + + (execlp #$restic #$@verbose + "-r" #$repository + #$@extra-flags + "backup" #$@included)))))) + +(define (restic-backup-job->mcron-job config) + (let ((user + (restic-backup-job-user config)) + (specification + (restic-backup-job-specification config)) + (program + (restic-backup-job-program config))) + #~(job #$specification + #$program + #:user #$user))) + +(define restic-backup-service-type + (service-type (name 'restic-backup) + (extensions + (list + (service-extension mcron-service-type + (lambda (config) + (map restic-backup-job->mcron-job + (restic-backup-configuration-jobs + config)))))) + (compose concatenate) + (extend + (lambda (config jobs) + (restic-backup-configuration + (inherit config) + (jobs (append (restic-backup-configuration-jobs config) + jobs))))) + (default-value (restic-backup-configuration)) + (description + "This service configures @code{mcron} jobs for running backups +with @code{restic}.")))