From 24f2e83cf13dbce2deaaf3da25f2265fedce0884 Mon Sep 17 00:00:00 2001
From: Illia Chub <illia.chub@iceinc.solutions>
Date: Tue, 14 Dec 2021 07:37:02 +0200
Subject: [PATCH] Switched backup provider from AWS to Backblaze B2

---
 backup/restic.nix | 40 ++++++++++++++--------------------------
 files.nix         |  7 +++++++
 2 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/backup/restic.nix b/backup/restic.nix
index 07bb33c..4c0ccdc 100644
--- a/backup/restic.nix
+++ b/backup/restic.nix
@@ -6,39 +6,27 @@ in
 
   systemd = {
     services = {
-      "restic-scheduled-backup" = {};
+      "restic-scheduled-backup" = {
+        description = "Userdata restic backup trigger";
+        serviceConfig = {
+          Type = "simple";
+          User = "restic";
+          ExecStart = "${pkgs.restic}/bin/restic -r rclone:backblaze:${cfg.backblaze.bucket}:/sfbackup --verbose --json backup /var";
+        };
+      };
     };
     timers = {
-      "restic-scheduled-backup-timer" = {};
-    };
-  };
-  services.restic.backups = {
-    options = {
-      passwordFile = "/etc/restic/resticPasswd";
-      repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
-      initialize = true;
-      paths = [
-        "/var/dkim"
-        "/var/vmail"
-      ];
-      timerConfig = {
-        OnCalendar = [ "daily" ];
+      "restic-scheduled-backup" = {
+        wantedBy = [ "timers.target" ];
+        partOf = [ "restic-scheduled-backup.service" ];
+        timerConfig = {
+          OnCalendar = "daily";
+        };
       };
-      user = "restic";
-      pruneOpts = [
-        "--keep-daily 5"
-      ];
     };
   };
   users.users.restic = {
     isNormalUser = false;
     isSystemUser = true;
   };
-  environment.etc."restic/resticPasswd".text = ''
-    ${cfg.resticPassword}
-  '';
-  environment.etc."restic/s3Passwd".text = ''
-    AWS_ACCESS_KEY_ID=${cfg.backblaze.accountId}
-    AWS_SECRET_ACCESS_KEY=${cfg.backblaze.accountKey}
-  '';
 }
diff --git a/files.nix b/files.nix
index fa3442b..bacf1bd 100644
--- a/files.nix
+++ b/files.nix
@@ -14,6 +14,12 @@ in
         CLOUDFLARE_DNS_API_TOKEN=${cfg.cloudflare.apiKey}
         CLOUDFLARE_ZONE_API_TOKEN=${cfg.cloudflare.apiKey}
       '';
+      rcloneConfiguration = builtins.replaceStrings [ "\n" "\"" "\\" ] [ "\\n" "\\\"" "\\\\" ] ''
+        [backblaze]
+        type = b2
+        account = ${cfg.backblaze.accountId}
+        key = ${cfg.backblaze.accountKey}
+      '';
     in
     [
       "d /var/restic 0660 restic - - -"
@@ -28,5 +34,6 @@ in
       "f /var/nextcloud-db-pass 0440 nextcloud nextcloud - ${nextcloudDBPass}"
       "f /var/nextcloud-admin-pass 0440 nextcloud nextcloud - ${nextcloudAdminPass}"
       "f /var/cloudflareCredentials.ini 0440 nginx acmerecievers - ${cloudflareCredentials}"
+      "f /root/.config/rclone/rclone.conf 0666 selfprivacy-api selfprivacy-api - ${rcloneConfiguration}"
     ];
 }