From 87d915d012c788de0bda15ee6fbb92f9f84765dc Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Wed, 12 Mar 2025 10:35:15 +0000
Subject: [PATCH] Kopia backup service for /persist.

---
 common/global/backup.nix               | 67 ++++++++++++++++++++------
 common/global/kopia-snapshot-backup.sh | 17 -------
 2 files changed, 53 insertions(+), 31 deletions(-)
 delete mode 100755 common/global/kopia-snapshot-backup.sh

diff --git a/common/global/backup.nix b/common/global/backup.nix
index adb3af5..8db579f 100644
--- a/common/global/backup.nix
+++ b/common/global/backup.nix
@@ -1,16 +1,55 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = [ pkgs.unstable.kopia ];
+{ pkgs, config, ... }:
+let
+  kopiaPkg = pkgs.unstable.kopia;
+  kopia = "${kopiaPkg}/bin/kopia";
+  btrfsPkg = pkgs.btrfs-progs;
+  btrfs = "${btrfsPkg}/bin/btrfs";
+  snapshotBackup = pkgs.writeScript "kopia-snapshot-backup" (builtins.readFile ./kopia-snapshot-backup.sh);
+  backupScript = pkgs.writeShellScript "backup-persist" ''
+      target_path="/persist"
+      snapshot_path="$target_path/kopia-backup-snapshot"
+      KOPIA_CHECK_FOR_UPDATES=false
 
-  #  systemd = {
-  #    services = {
-  #      "backup-persist" = {
-  #      };
-  #    };
-  #
-  #    timers = {
-  #      "backup-persist" = {
-  #      };
-  #    };
-  #  };
+      ${kopia} repository connect server \
+        --url https://fractal:51515/ \
+        --server-cert-fingerprint=a79fce88b1d53ab9e58b8aab20fd8c82332492d501f3ce3efc5e2bb416140be5 \
+        -p "$(cat ${config.sops.secrets.kopia.path})" \
+      || exit 1
+
+      [ -e "$snapshot_path" ] && ${btrfs} subvolume delete "$snapshot_path"
+
+      ${btrfs} subvolume snapshot -r "$target_path" "$snapshot_path"
+
+      # --no-send-snapshot-path due to https://github.com/kopia/kopia/issues/4402
+      ${kopia} snapshot create --no-send-snapshot-report --override-source "$target_path" -- "$snapshot_path"
+
+      ${btrfs} subvolume delete "$snapshot_path"
+      ${kopia} repository disconnect
+  '';
+in
+{
+  environment.systemPackages = [ 
+    btrfsPkg
+    kopiaPkg
+  ];
+
+  systemd = {
+    services."backup-persist" = {
+      description = "Backup persistent data with Kopia";
+      serviceConfig = {
+        type = "oneshot";
+        User = "root";
+        ExecStart = "${backupScript}";
+      };
+    };
+
+    timers."backup-persist" = {
+      description = "Timer for Kopia persistent data backup";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnCalendar = "hourly";
+        RandomizedDelaySec = 300;
+      };
+    };
+  };
 }
diff --git a/common/global/kopia-snapshot-backup.sh b/common/global/kopia-snapshot-backup.sh
deleted file mode 100755
index 512a06e..0000000
--- a/common/global/kopia-snapshot-backup.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/sh
-
-set -Eeuxo pipefail
-
-target_path="/persist"
-snapshot_path="$target_path/kopia-backup-snapshot"
-
-if [ -e "$snapshot_path" ] && btrfs subvolume delete "$snapshot_path"; then
-    echo "Deleted leftover old snapshot."
-fi
-
-btrfs subvolume snapshot -r "$target_path" "$snapshot_path"
-
-# --no-send-snapshot-path due to https://github.com/kopia/kopia/issues/4402
-kopia snapshot create --no-send-snapshot-report --override-source "$target_path" "$@" -- "$snapshot_path"
-
-btrfs subvolume delete "$snapshot_path"