From 4fc1db92aacf2af08bb078267aed2cb45f98b97b Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Thu, 20 Apr 2023 23:42:18 +0200 Subject: Fix restic-server setup --- tw/services/restic.scm | 12 ++++++++---- tw/system.scm | 6 +++--- tw/system/vin.scm | 2 +- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/tw/services/restic.scm b/tw/services/restic.scm index c0c09552..424a3a35 100644 --- a/tw/services/restic.scm +++ b/tw/services/restic.scm @@ -15,15 +15,16 @@ (define-maybe/no-serialization string) ;; TODO: implement --tls, --tls-cert and --tls-key, maybe using certbot-service-type? +;; TODO: implement --log (define-configuration/no-serialization restic-server-configuration (repository-path (string "/var/lib/restic") "The directory containing restic's repositories and @code{.htpasswd} file, unless otherwise configured using @code{htpasswd-file}.") (restic-server (package restic-rest-server) "The restic REST server package to use.") (bind-address (string ":8000") "The listen address (including port) to bind to.") - (htpasswd-file (maybe-string #f) "Location of @code{.htpasswd} file -(default: @code{REPOSITORY-PATH/.htpasswd}). Use @code{htpasswd} from the -@code{httpd} package to create and/or update this file.") + (htpasswd-file (maybe-string %unset-value) "Location of @code{.htpasswd} +file (default: @code{REPOSITORY-PATH/.htpasswd}). Use @code{htpasswd} from +the @code{httpd} package to create and/or update this file.") (auth? (boolean #t) "Whether to authenticate users at all (using .htpasswd).") (verify-upload? (boolean #t) "Whether to verify the integrity of uploaded data. @emph{Do not disable} unless the restic server is to be run on a very @@ -40,8 +41,11 @@ private restic repos.") (define (restic-server-arguments config) "Turn CONFIG into a list of arguments to the restic-rest-server executable." `("--path" ,(restic-server-configuration-repository-path config) - "--log" "/var/log/restic-server.log" "--listen" ,(restic-server-configuration-bind-address config) + ,@(let ((htpasswd-file (restic-server-configuration-htpasswd-file config))) + (if (string? htpasswd-file) `("--htpasswd-file" ,htpasswd-file) '())) + ,@(if (restic-server-configuration-auth? config) '() '("--no-auth")) + ,@(if (restic-server-configuration-verify-upload? config) '() '("--no-verify-upload")) ,@(if (restic-server-configuration-append-only? config) '("--append-only") '()) ,@(let ((max-size (restic-server-configuration-max-repository-size config))) (if (integer? max-size) `("--max-size" ,max-size) '())) diff --git a/tw/system.scm b/tw/system.scm index 0b738038..f7ac429c 100644 --- a/tw/system.scm +++ b/tw/system.scm @@ -44,12 +44,12 @@ ("pi3.twilken.net" . 51022))) (export server-wireguard-address) -(define* (server-wireguard-address host-name #:optional (port "")) +(define* (server-wireguard-address host-name #:optional port) (string-replace-substring (car ; get the IPv4 address (wireguard-peer-allowed-ips (assoc-ref %wireguard-peers host-name))) - "/32" port)) + "/32" (if port (format #f ":~a" port) ""))) (define-public (server-base-services host-name) (cons* @@ -69,7 +69,7 @@ (service prometheus-node-exporter-service-type (prometheus-node-exporter-configuration (web-listen-address - (server-wireguard-address host-name ":9100")))) + (server-wireguard-address host-name 9100)))) (simple-service 'disk-maintenance mcron-service-type (list #~(job "0 2 * * *" "guix gc -d 2w") diff --git a/tw/system/vin.scm b/tw/system/vin.scm index e74d0df6..9c467a54 100644 --- a/tw/system/vin.scm +++ b/tw/system/vin.scm @@ -47,7 +47,7 @@ (restic-server-configuration (repository-path "/var/backups/restic") (bind-address - (server-wireguard-address host-name ":8181")) + (server-wireguard-address host-name 8181)) (append-only? #t) ; run cleanup jobs separately, using plain restic (private-repos-only? #t) ; require /user/ path prefix (prometheus? #t) -- cgit v1.2.3