From 8d6f32ecff35ed780695e313a358c29c79043302 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Tue, 10 May 2022 12:30:06 +0000
Subject: [PATCH] Borgbackup: Add monthly repository check

---
 morph/lib/borgbackup.nix | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/morph/lib/borgbackup.nix b/morph/lib/borgbackup.nix
index 229dc218..f90546ce 100644
--- a/morph/lib/borgbackup.nix
+++ b/morph/lib/borgbackup.nix
@@ -1,17 +1,17 @@
 # Importing this adds a daily borg backup job to a node.
-# It has all the common config and keys, but can be configured
+# It has all the common config and keys, and can be configured
 # to back up more (or entirely different) folders.
 
 
-{ lib, config, ...}:
+{ lib, config, pkgs, ...}:
 let
   cfg = config.services.private-storage.borgbackup;
   inherit (config.grid) publicKeyPath privateKeyPath;
 
-  # Get a per-host number of hours to start the backup at a
-  # time that should be "night" in most of the USA:
+  # Get a per-host number so backup jobs don't all run at the
+  # same time.
   ip-util = import ../../nixos/lib/ip-util.nix;
-  backupDelayHours = with builtins; bitAnd (ip-util.fromHexString
+  backupDelay = with builtins; bitAnd (ip-util.fromHexString
     (hashString "md5" config.networking.hostName)) 15;
 
 in {
@@ -59,8 +59,21 @@ in {
 
         # Start the backup at a different time per machine,
         # and not at the full hour, but somewhat later
-        startAt = "*-*-* " + toString backupDelayHours + ":22:11 UTC";
+        startAt = "*-*-* " + toString backupDelay + ":22:11 UTC";
       };
     };
+
+    # Check repo once a month
+    systemd.services.borgbackup-check-repo = {
+      # Once a month, 3h after last backup started
+      startAt = "*-*-" + toString backupDelay + " 18:33:22 UTC";
+      path = [ pkgs.borgbackup ];
+      environment = {
+        BORG_PASSCOMMAND = "cat /run/keys/borgbackup/passphrase";
+        BORG_RSH = "ssh -i /run/keys/borgbackup/ssh-key";
+        BORG_REPO = lib.fileContents "${publicKeyPath}/borgbackup/${config.networking.hostName}.repopath";
+      };
+      script = ''${pkgs.borgbackup}/bin/borg check'';
+    };
   };
 }
-- 
GitLab