ops/nixos-skwrls
2
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Activity Actions

feat(darwin): implement restic backup support for Darwin systems #53

Open
onlyhavecans wants to merge 1 commit from darwin-backup-support into main
pull from: darwin-backup-support
merge into: ops:main
Conversation 0 Commits 1 Files changed 10 +489 -1
onlyhavecans commented 2025-11-08 10:48:56 -08:00
Owner
Copy link

Summary

Implements automated restic backups for Darwin (macOS) systems using launchd agents, achieving feature parity with the existing NixOS backup implementation.

Resolves #52

Changes

Core Implementation

  • darwin/backups/client.nix: Main backup configuration with launchd agents for SFTP and AWS destinations, scheduled every 2 hours
  • darwin/backups/shared.nix: Helper functions for backup scripts, secret paths, and email notifications
  • darwin/backups/default.nix: Module entry point

Configuration Files

  • Catra-restic-excludes.txt: macOS-specific exclude patterns for M1 Max Music Studio
  • Madison-restic-excludes.txt: macOS-specific exclude patterns for Intel MacBook
  • Piper-restic-excludes.txt: macOS-specific exclude patterns for Intel macMini Docker Host

Integration

  • darwin/sops.nix: SOPS secrets configuration for Darwin systems with user-level permissions
  • darwin/msmtp.nix: Email notification configuration using msmtprc format
  • darwin/default.nix: Auto-import backups module via getNixFiles
  • flake.nix: Add sops-nix Darwin module to extraModules

Key Features

Automated backups to dual destinations (SFTP to Edelgard + AWS S3)
launchd agents with scheduled execution every 2 hours
Host-specific exclude patterns for macOS directories (Library/Caches, .Trash, etc.)
Email notifications on backup failures via msmtp
SOPS-encrypted credentials management
SSH configuration for SFTP access to Edelgard

Technical Approach

Darwin lacks native restic module support (no services.restic.backups like NixOS), requiring a custom implementation using:

  • launchd agents instead of systemd services/timers
  • Shell wrapper scripts to handle environment setup and error notifications
  • StartCalendarInterval for scheduling (runs every 2 hours on the hour)
  • User-level permissions for SOPS secrets (vs root on NixOS)
  • Manual msmtprc configuration (no programs.msmtp module on Darwin)

The implementation closely mirrors the NixOS version while adapting to Darwin-specific patterns.

Testing

  • just fmt - Code formatted successfully
  • just lint - All lint checks passed
  • nix build .#darwinConfigurations.Madison.system --dry-run - Build validates successfully
  • ⚠️ just check fails on unrelated current_song package platform issue (pre-existing)

Next Steps

After merging, each Darwin host will need:

  1. SOPS age keys configured for secret decryption
  2. Initial darwin-rebuild switch to activate launchd agents
  3. Manual verification that backup agents are loaded and running
  4. Test backup execution with log monitoring

References

  • Issue #52: Implement restic backup support for Darwin systems
  • NixOS implementation: nixos/backups/
  • CLAUDE.md: Architecture documentation

🤖 Generated with Claude Code

## Summary Implements automated restic backups for Darwin (macOS) systems using launchd agents, achieving feature parity with the existing NixOS backup implementation. Resolves #52 ## Changes ### Core Implementation - **darwin/backups/client.nix**: Main backup configuration with launchd agents for SFTP and AWS destinations, scheduled every 2 hours - **darwin/backups/shared.nix**: Helper functions for backup scripts, secret paths, and email notifications - **darwin/backups/default.nix**: Module entry point ### Configuration Files - **Catra-restic-excludes.txt**: macOS-specific exclude patterns for M1 Max Music Studio - **Madison-restic-excludes.txt**: macOS-specific exclude patterns for Intel MacBook - **Piper-restic-excludes.txt**: macOS-specific exclude patterns for Intel macMini Docker Host ### Integration - **darwin/sops.nix**: SOPS secrets configuration for Darwin systems with user-level permissions - **darwin/msmtp.nix**: Email notification configuration using msmtprc format - **darwin/default.nix**: Auto-import backups module via getNixFiles - **flake.nix**: Add sops-nix Darwin module to extraModules ## Key Features ✅ Automated backups to dual destinations (SFTP to Edelgard + AWS S3) ✅ launchd agents with scheduled execution every 2 hours ✅ Host-specific exclude patterns for macOS directories (Library/Caches, .Trash, etc.) ✅ Email notifications on backup failures via msmtp ✅ SOPS-encrypted credentials management ✅ SSH configuration for SFTP access to Edelgard ## Technical Approach Darwin lacks native restic module support (no services.restic.backups like NixOS), requiring a custom implementation using: - **launchd agents** instead of systemd services/timers - **Shell wrapper scripts** to handle environment setup and error notifications - **StartCalendarInterval** for scheduling (runs every 2 hours on the hour) - **User-level permissions** for SOPS secrets (vs root on NixOS) - **Manual msmtprc configuration** (no programs.msmtp module on Darwin) The implementation closely mirrors the NixOS version while adapting to Darwin-specific patterns. ## Testing - ✅ just fmt - Code formatted successfully - ✅ just lint - All lint checks passed - ✅ nix build .#darwinConfigurations.Madison.system --dry-run - Build validates successfully - ⚠️ just check fails on unrelated current_song package platform issue (pre-existing) ## Next Steps After merging, each Darwin host will need: 1. SOPS age keys configured for secret decryption 2. Initial darwin-rebuild switch to activate launchd agents 3. Manual verification that backup agents are loaded and running 4. Test backup execution with log monitoring ## References - Issue #52: Implement restic backup support for Darwin systems - NixOS implementation: nixos/backups/ - CLAUDE.md: Architecture documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code)
feat(darwin): implement restic backup support for Darwin systems
All checks were successful
CI/CD Pipeline / Flake Validation (pull_request) Successful in 17s
Details
CI/CD Pipeline / Format Check (pull_request) Successful in 30s
Details
CI/CD Pipeline / Linters (pull_request) Successful in 49s
Details
9c5a5e0293
 
Implements automated restic backups for Darwin (macOS) systems using
launchd agents, achieving feature parity with the existing NixOS
backup implementation.

## Changes

### Core Implementation
- **darwin/backups/client.nix**: Main backup configuration with launchd
  agents for SFTP and AWS destinations, scheduled every 2 hours
- **darwin/backups/shared.nix**: Helper functions for backup scripts,
  secret paths, and email notifications
- **darwin/backups/default.nix**: Module entry point

### Configuration Files
- **Catra-restic-excludes.txt**: macOS-specific exclude patterns
- **Madison-restic-excludes.txt**: macOS-specific exclude patterns
- **Piper-restic-excludes.txt**: macOS-specific exclude patterns

### Integration
- **darwin/sops.nix**: SOPS secrets configuration for Darwin systems
- **darwin/msmtp.nix**: Email notification configuration using msmtprc
- **darwin/default.nix**: Import backups module
- **flake.nix**: Add sops-nix Darwin module to extraModules

## Key Features
- Automated backups to dual destinations (SFTP + AWS S3)
- launchd agents with scheduled execution every 2 hours
- Host-specific exclude patterns for macOS directories
- Email notifications on backup failures
- SOPS-encrypted credentials management
- SSH configuration for SFTP access to Edelgard

## Technical Approach
Darwin lacks native restic module support, requiring custom
implementation using launchd agents and shell scripts. The
implementation closely mirrors the NixOS version while adapting to
Darwin-specific patterns (launchd vs systemd, user permissions, etc).

Resolves #52

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
All checks were successful
CI/CD Pipeline / Flake Validation (pull_request) Successful in 17s
Details
CI/CD Pipeline / Format Check (pull_request) Successful in 30s
Details
CI/CD Pipeline / Linters (pull_request) Successful in 49s
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin darwin-backup-support:darwin-backup-support
git switch darwin-backup-support

Merge

Merge the changes and update on Forgejo.
git switch main
git merge --no-ff darwin-backup-support
git switch darwin-backup-support
git rebase main
git switch main
git merge --ff-only darwin-backup-support
git switch darwin-backup-support
git rebase main
git switch main
git merge --no-ff darwin-backup-support
git switch main
git merge --squash darwin-backup-support
git switch main
git merge --ff-only darwin-backup-support
git switch main
git merge darwin-backup-support
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
dependencies

Managing Dependencies

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
dependencies
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
onlyhavecans
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ops/nixos-skwrls!53
No description provided.