From de33341053b30c600df4590b9f4650c9a4dc98f5 Mon Sep 17 00:00:00 2001
From: Lucy Hochkamp <git@xyno.systems>
Date: Mon, 23 Oct 2023 16:52:38 +0200
Subject: [PATCH] feat: backup daedalus

---
 darwin-modules/borgmatic.nix | 56 +++++++++++++++---------------------
 hosts/daedalus/default.nix   | 46 ++++++++++++++++++++++++++++-
 hosts/ds9/default.nix        |  2 +-
 3 files changed, 69 insertions(+), 35 deletions(-)

diff --git a/darwin-modules/borgmatic.nix b/darwin-modules/borgmatic.nix
index 25644372..f5d39bd2 100644
--- a/darwin-modules/borgmatic.nix
+++ b/darwin-modules/borgmatic.nix
@@ -5,33 +5,6 @@ let
   settingsFormat = pkgs.formats.yaml { };
   cfgType = with types; submodule {
     freeformType = settingsFormat.type;
-    options.location = {
-      source_directories = mkOption {
-        type = listOf str;
-        description = mdDoc ''
-          List of source directories to backup (required). Globs and
-          tildes are expanded.
-        '';
-        example = [ "/home" "/etc" "/var/log/syslog*" ];
-      };
-      repositories = mkOption {
-        type = listOf str;
-        description = mdDoc ''
-          Paths to local or remote repositories (required). Tildes are
-          expanded. Multiple repositories are backed up to in
-          sequence. Borg placeholders can be used. See the output of
-          "borg help placeholders" for details. See ssh_command for
-          SSH options like identity file or port. If systemd service
-          is used, then add local repository paths in the systemd
-          service file to the ReadWritePaths list.
-        '';
-        example = [
-          "ssh://user@backupserver/./sourcehostname.borg"
-          "ssh://user@backupserver/./{fqdn}"
-          "/var/local/backups/local.borg"
-        ];
-      };
-    };
   };
   cfgfile = settingsFormat.generate "config.yaml" cfg.settings;
 in
@@ -57,7 +30,11 @@ in
   };
   config = mkIf cfg.enable {
 
-    environment.systemPackages = [ pkgs.borgmatic ];
+    environment.systemPackages = [
+      #pkgs.borgmatic
+      pkgs.borgbackup
+    ];
+    homebrew.brews = [ "borgmatic" ];
 
     environment.etc = (optionalAttrs (cfg.settings != null) { "borgmatic/config.yaml".source = cfgfile; }) //
       mapAttrs'
@@ -66,17 +43,30 @@ in
           { source = settingsFormat.generate "${name}.yaml" value; })
         cfg.configurations;
 
-    launchd.agents.borgmatic = {
-      script = "borgmatic";
+    launchd.user.agents.borgmatic = {
+      script = ''
+        if (pmset -g batt | grep -q 'AC Power'); then
+          borgmatic
+        else
+          echo "On Battery Power, skipping backup"
+        fi
+      '';
+      path = [ "/opt/homebrew/bin" config.environment.systemPath ];
       serviceConfig = {
         StartInterval = 60 * 60; # run every hour
-        label = "xyz.ragon.borgmatic";
         StandardOutPath = "/var/log/borgmatic.log";
-        StandardErrorPath = "/var/log/borgmatic.log.error";
-        NetworkState = true;
+        StandardErrorPath = "/var/log/borgmatic.log";
+        KeepAlive = true;
+        # NetworkState = true;
         Nice = 1;
       };
     };
+    assertions = [
+      {
+        assertion = config.homebrew.enable;
+        message = "homebrew must be enabled for borgmatic to run";
+      }
+    ];
   };
 
 
diff --git a/hosts/daedalus/default.nix b/hosts/daedalus/default.nix
index 6faaeb9f..62d9d3f8 100644
--- a/hosts/daedalus/default.nix
+++ b/hosts/daedalus/default.nix
@@ -37,7 +37,7 @@ with lib.my;
     #  # Install Mac App Store apps (install them manually and then do `mas list` to get the id)
     #  "AdGuard for Safari" = 1440147259;
     #  "Xcode" = 497799835;
-    #  "Home Assistant" = 1099568401;
+    #  "Home as Assistant" = 1099568401;
     #  "WireGuard" = 1451685025;
     #  "UTM" = 1538878817;
     #  "Bitwarden" = 1352778147;
@@ -47,6 +47,50 @@ with lib.my;
     #};
   };
 
+  ragon.services.borgmatic =
+    let
+      tmMountPath = "/tmp/timeMachineSnapshotForBorg";
+    in
+    {
+      enable = true;
+      configurations."daedalus-ds9" = {
+        source_directories = [ tmMountPath ];
+        exclude_if_present = [ ".nobackup" ];
+        repositories = [
+          "ssh://ragon@ds9/backups/daedalus/borgmatic"
+          "ssh://root@gatebridge/media/backup/daedalus"
+        ];
+        encryption_passcommand = ''security find-generic-password -a daedalus -s borgmaticKey -g 2>&1 | grep -E 'password' | sed 's/^.*"\(.*\)"$/\1/g' '';
+        compression = "auto,zstd,10";
+        #ssh_command = "ssh -o GlobalKnownHostsFile=${config.age.secrets.gatebridgeHostKeys.path} -i ${config.age.secrets.picardResticSSHKey.path}";
+        keep_hourly = 24;
+        keep_daily = 7;
+        keep_weekly = 4;
+        keep_monthly = 12;
+        keep_yearly = 10;
+        before_backup = [
+          (pkgs.writeShellScript
+            "apfsSnapshot"
+            ''
+              tmutil localsnapshot
+              SNAPSHOT=$(tmutil listlocalsnapshots / | tail -n 1)
+              mkdir -p "${tmMountPath}"
+              mount -t apfs -r -o -s=$SNAPSHOT / "${tmMountPath}"
+            '')
+        ];
+        after_backup = [
+          (pkgs.writeShellScript
+            "apfsSnapshotUnmount"
+            ''
+              diskutil unmount "${tmMountPath}"
+              SNAPSHOT=$(tmutil listlocalsnapshots / | tail -n 1)
+              tmutil deletelocalsnapshots $(echo $SNAPSHOT | sed 's/com\.apple\.TimeMachine\.//g')
+            '')
+        ];
+      };
+
+    };
+
   programs.gnupg.agent.enable = true;
   home-manager.users.ragon = { pkgs, lib, inputs, config, ... }:
     {
diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix
index 2b99edda..18bb4de4 100644
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@@ -274,7 +274,7 @@ in
     group = "minecraft";
   };
   users.groups.minecraft = { };
-  environment.systemPackages = [ pkgs.jdk ];
+  environment.systemPackages = [ pkgs.jdk pkgs.jdk17 pkgs.borgbackup ];
 
   services.smartd = {
     enable = true;