feat: add hetzner storage box intergation for restic

2025-10-10 22:10:38 +02:00 · 2024-01-15 01:40:09 +01:00 · 2024-01-15 01:40:09 +01:00 · a776d7c476
commit a776d7c476
parent 4744a2844c
4 changed files with 158 additions and 0 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -7,6 +7,7 @@
    ./interface-naming.nix
    ./nginx.nix
    ./node.nix
+    ./restic.nix
  ];

  nixpkgs.overlays = [
--- a/modules/restic.nix
+++ b/modules/restic.nix
@ -0,0 +1,56 @@
+{lib, ...}: let
+  inherit
+    (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;
+in {
+  options.services.restic.backups = mkOption {
+    type = types.attrsOf (types.submodule ({config, ...}: {
+      options.hetznerStorageBox = {
+        enable = mkEnableOption "Automatically configure this backup to use the given hetzner storage box. Will use SFTP via SSH.";
+
+        mainUser = mkOption {
+          type = types.str;
+          description = ''
+            The main user. While not technically required for restic, we still use it to
+            derive the subuser name and it is required for the automatic setup script
+            that creates the users.
+          '';
+        };
+
+        subUid = mkOption {
+          type = types.int;
+          description = "The id of the subuser that was allocated on the hetzner server for this backup.";
+        };
+
+        path = mkOption {
+          type = types.str;
+          description = ''
+            The remote path to backup into. While not technically required for restic
+            (since the subuser is chrooted on the remote), it is required for the
+            automatic setup script that creates the users.
+          '';
+        };
+
+        sshPrivateKeyFile = mkOption {
+          type = types.path;
+          description = "The path to the ssh private key to use for uploading backups. Don't use a path from the nix store!";
+        };
+      };
+
+      config = let
+        subuser = "${config.hetznerStorageBox.mainUser}-sub${toString config.hetznerStorageBox.subUid}";
+        url = "${subuser}@${subuser}.your-storagebox.de";
+      in
+        mkIf config.hetznerStorageBox.enable {
+          repository = "sftp://${url}:23/";
+          extraOptions = [
+            "sftp.command='ssh -s sftp -p 23 -i ${config.hetznerStorageBox.sshPrivateKeyFile} ${url}'"
+          ];
+        };
+    }));
+  };
+}