switch backup contract to new contract style

ibizaman · Nov 24, 2024 · d57a1d4 · d57a1d4
1 parent b3e7552
commit d57a1d4
Show file tree

Hide file tree

Showing 21 changed files with 371 additions and 404 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,11 @@ Template:
 
 # Upcoming Release
 
+## Breaking Changes
+
+- Options `before_backup` and `after_backup` for backup contract have been renamed to
+  `beforeBackup` and `afterBackup`.
+
 ## Other Changes
 
 - Show how to pin Self Host Blocks flake input to a tag.

diff --git a/docs/redirects.json b/docs/redirects.json
@@ -188,11 +188,11 @@
   "blocks-restic-options-shb.restic.instances._name_.request.hooks": [
     "blocks-restic.html#blocks-restic-options-shb.restic.instances._name_.request.hooks"
   ],
-  "blocks-restic-options-shb.restic.instances._name_.request.hooks.after_backup": [
-    "blocks-restic.html#blocks-restic-options-shb.restic.instances._name_.request.hooks.after_backup"
+  "blocks-restic-options-shb.restic.instances._name_.request.hooks.afterBackup": [
+    "blocks-restic.html#blocks-restic-options-shb.restic.instances._name_.request.hooks.afterBackup"
   ],
-  "blocks-restic-options-shb.restic.instances._name_.request.hooks.before_backup": [
-    "blocks-restic.html#blocks-restic-options-shb.restic.instances._name_.request.hooks.before_backup"
+  "blocks-restic-options-shb.restic.instances._name_.request.hooks.beforeBackup": [
+    "blocks-restic.html#blocks-restic-options-shb.restic.instances._name_.request.hooks.beforeBackup"
   ],
   "blocks-restic-options-shb.restic.instances._name_.request.sourceDirectories": [
     "blocks-restic.html#blocks-restic-options-shb.restic.instances._name_.request.sourceDirectories"
@@ -338,6 +338,9 @@
   "blocks-sops-usage-requester": [
     "blocks-sops.html#blocks-sops-usage-requester"
   ],
+  "blocks-sops-usage-manual": [
+    "blocks-sops.html#blocks-sops-usage-manual"
+  ],
   "block-ssl": [
     "blocks-ssl.html#block-ssl"
   ],
@@ -578,11 +581,11 @@
   "contracts-backup-options-shb.contracts.backup.request.hooks": [
     "contracts-backup.html#contracts-backup-options-shb.contracts.backup.request.hooks"
   ],
-  "contracts-backup-options-shb.contracts.backup.request.hooks.after_backup": [
-    "contracts-backup.html#contracts-backup-options-shb.contracts.backup.request.hooks.after_backup"
+  "contracts-backup-options-shb.contracts.backup.request.hooks.afterBackup": [
+    "contracts-backup.html#contracts-backup-options-shb.contracts.backup.request.hooks.afterBackup"
   ],
-  "contracts-backup-options-shb.contracts.backup.request.hooks.before_backup": [
-    "contracts-backup.html#contracts-backup-options-shb.contracts.backup.request.hooks.before_backup"
+  "contracts-backup-options-shb.contracts.backup.request.hooks.beforeBackup": [
+    "contracts-backup.html#contracts-backup-options-shb.contracts.backup.request.hooks.beforeBackup"
   ],
   "contracts-backup-options-shb.contracts.backup.request.sourceDirectories": [
     "contracts-backup.html#contracts-backup-options-shb.contracts.backup.request.sourceDirectories"
@@ -599,6 +602,9 @@
   "contracts-backup-options-shb.contracts.backup.result.restoreScript": [
     "contracts-backup.html#contracts-backup-options-shb.contracts.backup.result.restoreScript"
   ],
+  "contracts-backup-options-shb.contracts.backup.settings": [
+    "contracts-backup.html#contracts-backup-options-shb.contracts.backup.settings"
+  ],
   "contracts-databasebackup-options-shb.contracts.databasebackup": [
     "contracts-databasebackup.html#contracts-databasebackup-options-shb.contracts.databasebackup"
   ],
@@ -848,23 +854,35 @@
   "services-forgejo-options-shb.forgejo.backup": [
     "services-forgejo.html#services-forgejo-options-shb.forgejo.backup"
   ],
-  "services-forgejo-options-shb.forgejo.backup.excludePatterns": [
-    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.excludePatterns"
+  "services-forgejo-options-shb.forgejo.backup.request": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request"
+  ],
+  "services-forgejo-options-shb.forgejo.backup.request.excludePatterns": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request.excludePatterns"
+  ],
+  "services-forgejo-options-shb.forgejo.backup.request.hooks": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request.hooks"
   ],
-  "services-forgejo-options-shb.forgejo.backup.hooks": [
-    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.hooks"
+  "services-forgejo-options-shb.forgejo.backup.request.hooks.afterBackup": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request.hooks.afterBackup"
   ],
-  "services-forgejo-options-shb.forgejo.backup.hooks.after_backup": [
-    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.hooks.after_backup"
+  "services-forgejo-options-shb.forgejo.backup.request.hooks.beforeBackup": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request.hooks.beforeBackup"
   ],
-  "services-forgejo-options-shb.forgejo.backup.hooks.before_backup": [
-    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.hooks.before_backup"
+  "services-forgejo-options-shb.forgejo.backup.request.sourceDirectories": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request.sourceDirectories"
   ],
-  "services-forgejo-options-shb.forgejo.backup.sourceDirectories": [
-    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.sourceDirectories"
+  "services-forgejo-options-shb.forgejo.backup.request.user": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.request.user"
   ],
-  "services-forgejo-options-shb.forgejo.backup.user": [
-    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.user"
+  "services-forgejo-options-shb.forgejo.backup.result": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.result"
+  ],
+  "services-forgejo-options-shb.forgejo.backup.result.backupService": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.result.backupService"
+  ],
+  "services-forgejo-options-shb.forgejo.backup.result.restoreScript": [
+    "services-forgejo.html#services-forgejo-options-shb.forgejo.backup.result.restoreScript"
   ],
   "services-forgejo-options-shb.forgejo.databasePassword": [
     "services-forgejo.html#services-forgejo-options-shb.forgejo.databasePassword"
@@ -1322,23 +1340,35 @@
   "services-nextcloudserver-options-shb.nextcloud.backup": [
     "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup"
   ],
-  "services-nextcloudserver-options-shb.nextcloud.backup.excludePatterns": [
-    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.excludePatterns"
+  "services-nextcloudserver-options-shb.nextcloud.backup.request": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request"
+  ],
+  "services-nextcloudserver-options-shb.nextcloud.backup.request.excludePatterns": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request.excludePatterns"
   ],
-  "services-nextcloudserver-options-shb.nextcloud.backup.hooks": [
-    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.hooks"
+  "services-nextcloudserver-options-shb.nextcloud.backup.request.hooks": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request.hooks"
   ],
-  "services-nextcloudserver-options-shb.nextcloud.backup.hooks.after_backup": [
-    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.hooks.after_backup"
+  "services-nextcloudserver-options-shb.nextcloud.backup.request.hooks.afterBackup": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request.hooks.afterBackup"
   ],
-  "services-nextcloudserver-options-shb.nextcloud.backup.hooks.before_backup": [
-    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.hooks.before_backup"
+  "services-nextcloudserver-options-shb.nextcloud.backup.request.hooks.beforeBackup": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request.hooks.beforeBackup"
   ],
-  "services-nextcloudserver-options-shb.nextcloud.backup.sourceDirectories": [
-    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.sourceDirectories"
+  "services-nextcloudserver-options-shb.nextcloud.backup.request.sourceDirectories": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request.sourceDirectories"
   ],
-  "services-nextcloudserver-options-shb.nextcloud.backup.user": [
-    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.user"
+  "services-nextcloudserver-options-shb.nextcloud.backup.request.user": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.request.user"
+  ],
+  "services-nextcloudserver-options-shb.nextcloud.backup.result": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.result"
+  ],
+  "services-nextcloudserver-options-shb.nextcloud.backup.result.backupService": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.result.backupService"
+  ],
+  "services-nextcloudserver-options-shb.nextcloud.backup.result.restoreScript": [
+    "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.backup.result.restoreScript"
   ],
   "services-nextcloudserver-options-shb.nextcloud.dataDir": [
     "services-nextcloud.html#services-nextcloudserver-options-shb.nextcloud.dataDir"
@@ -1472,23 +1502,35 @@
   "services-vaultwarden-options-shb.vaultwarden.backup": [
     "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup"
   ],
-  "services-vaultwarden-options-shb.vaultwarden.backup.excludePatterns": [
-    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.excludePatterns"
+  "services-vaultwarden-options-shb.vaultwarden.backup.request": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request"
+  ],
+  "services-vaultwarden-options-shb.vaultwarden.backup.request.excludePatterns": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request.excludePatterns"
+  ],
+  "services-vaultwarden-options-shb.vaultwarden.backup.request.hooks": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request.hooks"
+  ],
+  "services-vaultwarden-options-shb.vaultwarden.backup.request.hooks.afterBackup": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request.hooks.afterBackup"
+  ],
+  "services-vaultwarden-options-shb.vaultwarden.backup.request.hooks.beforeBackup": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request.hooks.beforeBackup"
   ],
-  "services-vaultwarden-options-shb.vaultwarden.backup.hooks": [
-    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.hooks"
+  "services-vaultwarden-options-shb.vaultwarden.backup.request.sourceDirectories": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request.sourceDirectories"
   ],
-  "services-vaultwarden-options-shb.vaultwarden.backup.hooks.after_backup": [
-    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.hooks.after_backup"
+  "services-vaultwarden-options-shb.vaultwarden.backup.request.user": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.request.user"
   ],
-  "services-vaultwarden-options-shb.vaultwarden.backup.hooks.before_backup": [
-    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.hooks.before_backup"
+  "services-vaultwarden-options-shb.vaultwarden.backup.result": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.result"
   ],
-  "services-vaultwarden-options-shb.vaultwarden.backup.sourceDirectories": [
-    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.sourceDirectories"
+  "services-vaultwarden-options-shb.vaultwarden.backup.result.backupService": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.result.backupService"
   ],
-  "services-vaultwarden-options-shb.vaultwarden.backup.user": [
-    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.user"
+  "services-vaultwarden-options-shb.vaultwarden.backup.result.restoreScript": [
+    "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.backup.result.restoreScript"
   ],
   "services-vaultwarden-options-shb.vaultwarden.databasePassword": [
     "services-vaultwarden.html#services-vaultwarden-options-shb.vaultwarden.databasePassword"

diff --git a/lib/default.nix b/lib/default.nix
@@ -1,7 +1,7 @@
 { pkgs, lib }:
 let
   inherit (builtins) isAttrs hasAttr;
-  inherit (lib) concatMapStringsSep concatStringsSep mapAttrsToList;
+  inherit (lib) any concatMapStringsSep concatStringsSep mapAttrsToList;
 in
 rec {
   # Replace secrets in a file.
@@ -292,4 +292,6 @@ rec {
         "${concatStringsSep "_" secret.path}:${secret.${sourceField}}";
     in
       map genLoadCredentials allSecrets;
+
+  anyNotNull = any (x: x != null);
 }
diff --git a/modules/blocks/borgbackup.nix b/modules/blocks/borgbackup.nix
@@ -90,13 +90,13 @@ let
       default = {};
       type = lib.types.submodule {
         options = {
-          before_backup = lib.mkOption {
+          beforeBackup = lib.mkOption {
             description = "Hooks to run before backup";
             type = lib.types.listOf lib.types.str;
             default = [];
           };
 
-          after_backup = lib.mkOption {
+          afterBackup = lib.mkOption {
             description = "Hooks to run after backup";
             type = lib.types.listOf lib.types.str;
             default = [];
@@ -279,11 +279,11 @@ in
                     lib.attrsets.mapAttrsToList mkCheck instance.consistency;
 
                 # hooks = lib.mkMerge [
-                #   lib.optionalAttrs (builtins.length instance.hooks.before_backup > 0) {
-                #     inherit (instance.hooks) before_backup;
+                #   lib.optionalAttrs (builtins.length instance.hooks.beforeBackup > 0) {
+                #     inherit (instance.hooks) beforeBackup;
                 #   }
-                #   lib.optionalAttrs (builtins.length instance.hooks.after_backup > 0) {
-                #     inherit (instance.hooks) after_backup;
+                #   lib.optionalAttrs (builtins.length instance.hooks.afterBackup > 0) {
+                #     inherit (instance.hooks) afterBackup;
                 #   }
                 # ];
               };

diff --git a/modules/blocks/ldap.nix b/modules/blocks/ldap.nix
@@ -103,31 +103,19 @@ in
     };
 
     backup = lib.mkOption {
-      type = contracts.backup.request;
       description = ''
-        Backup configuration. This is an output option.
-
-        Use it to initialize a block implementing the "backup" contract.
-        For example, with the restic block:
-
-        ```
-        shb.restic.instances."lldap" = {
-          request = config.shb.lldap.backup;
-          settings = {
-            enable = true;
-          };
-        };
-        ```
+        Backup configuration.
       '';
-      readOnly = true;
-      default = {
-        # TODO: is there a workaround that avoid needing to use root?
-        # root because otherwise we cannot access the private StateDiretory
-        user = "root";
-        # /private because the systemd service uses DynamicUser=true
-        sourceDirectories = [
-          "/var/lib/private/lldap"
-        ];
+      type = lib.types.submodule {
+        options = contracts.backup.mkRequester {
+          # TODO: is there a workaround that avoid needing to use root?
+          # root because otherwise we cannot access the private StateDiretory
+          user = "root";
+          # /private because the systemd service uses DynamicUser=true
+          sourceDirectories = [
+            "/var/lib/private/lldap"
+          ];
+        };
       };
     };
   };

diff --git a/modules/blocks/restic.nix b/modules/blocks/restic.nix
@@ -111,17 +111,7 @@ in
       description = "Files to backup following the [backup contract](./contracts-backup.html).";
       default = {};
       type = attrsOf (submodule ({ name, config, ... }: {
-        options = {
-          request = mkOption {
-            description = ''
-              Request part of the backup contract.
-
-              Accepts values from a requester.
-            '';
-
-            type = contracts.backup.request;
-          };
-
+        options = contracts.backup.mkProvider {
           settings = mkOption {
             description = ''
               Settings specific to the Restic provider.
@@ -132,26 +122,11 @@ in
             };
           };
 
-          result = mkOption {
-            description = ''
-              Result part of the backup contract.
-
-              Contains the output of the Restic provider.
-            '';
-            default = {
-              restoreScript = fullName name config.settings.repository;
-              backupService = "${fullName name config.settings.repository}.service";
-            };
-            defaultText = {
-              restoreScriptText = "${fullName "<name>" { path = "path/to/repository"; }}";
-              backupServiceText = "${fullName "<name>" { path = "path/to/repository"; }}.service";
-            };
-            type = contracts.backup.result {
-              restoreScript = fullName name config.settings.repository;
-              backupService = "${fullName name config.settings.repository}.service";
-              restoreScriptText = "${fullName "<name>" { path = "path/to/repository"; }}";
-              backupServiceText = "${fullName "<name>" { path = "path/to/repository"; }}.service";
-            };
+          resultCfg = {
+            restoreScript = fullName name config.settings.repository;
+            restoreScriptText = "${fullName "<name>" { path = "path/to/repository"; }}";
+            backupService = "${fullName name config.settings.repository}.service";
+            backupServiceText = "${fullName "<name>" { path = "path/to/repository"; }}.service";
           };
         };
       }));
@@ -272,9 +247,9 @@ in
                   "--${builtins.replaceStrings ["_"] ["-"] name} ${builtins.toString value}"
                 ) instance.settings.retention;
 
-                backupPrepareCommand = concatStringsSep "\n" instance.request.hooks.before_backup;
+                backupPrepareCommand = concatStringsSep "\n" instance.request.hooks.beforeBackup;
 
-                backupCleanupCommand = concatStringsSep "\n" instance.request.hooks.after_backup;
+                backupCleanupCommand = concatStringsSep "\n" instance.request.hooks.afterBackup;
 
                 extraBackupArgs =
                   (optionals (instance.settings.limitUploadKiBs != null) [