akkoma: Create backups from database dump

This commit is contained in:
Mikael 2024-11-09 23:06:01 +01:00 committed by emily
parent 29b7574b86
commit 4c2f141db5
Signed by: emily
GPG key ID: F6F4C66207FCF995
2 changed files with 25 additions and 13 deletions

View file

@ -1,4 +1,4 @@
{ lib, ... }: { { lib, config, pkgs, ... }: {
imports = [ imports = [
../../common ../../common
../../profiles/headless.nix ../../profiles/headless.nix
@ -13,7 +13,9 @@
}; };
kyouma.nginx.defaultForbidden = "florp.social"; kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = { kyouma.restic = let
pgBackup = "/var/cache/postgresql.sql";
in {
enable = true; enable = true;
remoteUser = "zh3485s1"; remoteUser = "zh3485s1";
timerConfig = { timerConfig = {
@ -22,9 +24,20 @@
}; };
paths = [ paths = [
"/var/lib/akkoma" "/var/lib/akkoma"
"/var/lib/postgresql"
"/var/lib/secrets" "/var/lib/secrets"
pgBackup
]; ];
backupPrepareCommand = ''
umask 0077
rm -f -- ${pgBackup}
${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
${config.services.postgresql.superUser} >${pgBackup}
'';
backupCleanupCommand = ''
rm -f -- ${pgBackup}
'';
}; };
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
address = [ address = [

View file

@ -1,9 +1,11 @@
{ config, lib, pkgs, utils, ... }: let { config, lib, options, pkgs, ... }: let
cfg = config.kyouma.restic; cfg = config.kyouma.restic;
in { in {
options.kyouma.restic = let options.kyouma.restic = let
inherit (lib) mkOption types; inherit (lib) mkOption types;
in { in {
inherit (options.services.restic.backups.type.getSubOptions [])
timerConfig backupPrepareCommand backupCleanupCommand;
enable = lib.mkEnableOption "Enable restic backup"; enable = lib.mkEnableOption "Enable restic backup";
paths = mkOption { paths = mkOption {
description = "paths to backup"; description = "paths to backup";
@ -40,14 +42,6 @@ in {
type = types.nonEmptyStr; type = types.nonEmptyStr;
default = "${config.networking.hostName}-backup"; default = "${config.networking.hostName}-backup";
}; };
timerConfig = mkOption {
description = "timer config";
type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption);
default = {
OnCalendar = "daily";
Persistent = true;
};
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops.secrets."restic/${cfg.remoteUser}/password" = { sops.secrets."restic/${cfg.remoteUser}/password" = {
@ -58,10 +52,15 @@ in {
}; };
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
inherit (cfg) paths user pruneOpts timerConfig; inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
initialize = true; initialize = true;
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path; passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
extraBackupArgs = [
"--compression=max"
"--pack-size=128"
"--read-concurrency=8"
];
extraOptions = let extraOptions = let
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub); knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path; sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;