56 lines
1.7 KiB
Nix
56 lines
1.7 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
cfg = config.services.borg-server;
|
|
in {
|
|
options.services.borg-server = {
|
|
enable = lib.mkEnableOption "Enable the borg server";
|
|
borg_user = lib.mkOption {
|
|
type = lib.types.str;
|
|
example = "borg";
|
|
default = "borg";
|
|
description = "The user for the borg repository home.";
|
|
};
|
|
repositories_path = lib.mkOption {
|
|
type = lib.types.path;
|
|
example = "/var/lib/borg-repositories";
|
|
default = "/var/lib/borg-repositories";
|
|
description = "The user for the borg repository home.";
|
|
};
|
|
repositories = lib.mkOption {
|
|
type = lib.types.attrsOf (lib.types.submodule {
|
|
options = {
|
|
name = lib.mkOption {
|
|
type = lib.types.nullOr (lib.types.strMatching "^[a-zA-Z0-9._-]+$");
|
|
example = "borg-repo";
|
|
description = "The name of the borg repository. If null, use key of attrset";
|
|
};
|
|
ssh_public_key = lib.mkOption {
|
|
type = lib.types.singleLineStr;
|
|
example = "ssh-rsa AAAA...";
|
|
description = "The path to the public key for the borg repository.";
|
|
};
|
|
};
|
|
});
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
users.users.${cfg.borg_user} = {
|
|
isNormalUser = true;
|
|
description = "Borg user";
|
|
home = cfg.repositories_path;
|
|
createHome = true;
|
|
extraGroups = ["borg"];
|
|
openSSH.authorizedKeys.keys = builtins.attrValues (
|
|
builtins.mapAttrs
|
|
(key: repo: "command=\"${pkgs.borg}/bin/borg serve --restrict-to-path=${cfg.repositories_path}/${repo.name or key}\", restrict ${repo.ssh_public_key}")
|
|
cfg.repositories
|
|
);
|
|
};
|
|
};
|
|
}
|