From f9b75a62477df3261724af0b57d493477d3ac125 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 23:06:01 +0100 Subject: [PATCH 1/4] akkoma: Create backups from database dump --- config/hosts/florp/configuration.nix | 19 ++++++++++++++++--- modules/restic/default.nix | 14 ++++---------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix index c258a57..fd06c11 100644 --- a/config/hosts/florp/configuration.nix +++ b/config/hosts/florp/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ lib, config, pkgs, ... }: { imports = [ ../../common ../../profiles/headless.nix @@ -13,7 +13,9 @@ }; kyouma.nginx.defaultForbidden = "florp.social"; - kyouma.restic = { + kyouma.restic = let + pgBackup = "/var/cache/postgresql.sql"; + in { enable = true; remoteUser = "zh3485s1"; timerConfig = { @@ -22,9 +24,20 @@ }; paths = [ "/var/lib/akkoma" - "/var/lib/postgresql" "/var/lib/secrets" + pgBackup ]; + + backupPrepareCommand = '' + umask 0077 + rm -f -- ${pgBackup} + ${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \ + ${config.services.postgresql.superUser} >${pgBackup} + ''; + + backupCleanupCommand = '' + rm -f -- ${pgBackup} + ''; }; systemd.network.networks."98-eth-default" = { address = [ diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 2661253..fa6640c 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -1,9 +1,11 @@ -{ config, lib, pkgs, utils, ... }: let +{ config, lib, options, pkgs, ... }: let cfg = config.kyouma.restic; in { options.kyouma.restic = let inherit (lib) mkOption types; in { + inherit (options.services.restic.backups.type.getSubOptions []) + timerConfig backupPrepareCommand backupCleanupCommand; enable = lib.mkEnableOption "Enable restic backup"; paths = mkOption { description = "paths to backup"; @@ -40,14 +42,6 @@ in { type = types.nonEmptyStr; default = "${config.networking.hostName}-backup"; }; - timerConfig = mkOption { - description = "timer config"; - type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption); - default = { - OnCalendar = "daily"; - Persistent = true; - }; - }; }; config = lib.mkIf cfg.enable { sops.secrets."restic/${cfg.remoteUser}/password" = { @@ -58,7 +52,7 @@ in { }; services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { - inherit (cfg) paths user pruneOpts timerConfig; + inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand; initialize = true; repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path; From da144d73feda42386f9829ffee98636641df008f Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 23:08:55 +0100 Subject: [PATCH 2/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'florp-about': 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1d3098ad7775426c092a5bd13498d98a8b02b116' (2024-11-09) → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1845276697adca236be3e7a983238d2a2d0d57b5' (2024-11-09) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index cca7698..e18f443 100644 --- a/flake.lock +++ b/flake.lock @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1731185407, - "narHash": "sha256-4LdV+ZK7slyONezfW3aZmBuTt4lnxBTmREemBW7VBtk=", + "lastModified": 1731187545, + "narHash": "sha256-n/BOlXvOcX5yn2mbjazfCcbojzczCdmcjQNaH7Dcdd4=", "ref": "refs/heads/main", - "rev": "1d3098ad7775426c092a5bd13498d98a8b02b116", - "revCount": 6, + "rev": "1845276697adca236be3e7a983238d2a2d0d57b5", + "revCount": 7, "type": "git", "url": "https://woof.rip/florp/about.git" }, From 91d382041c1add65641a4c16fd7a835977b60042 Mon Sep 17 00:00:00 2001 From: emily Date: Sun, 10 Nov 2024 22:56:53 +0100 Subject: [PATCH 3/4] update-nixfiles: fix eval check --- pkgs/update-nixfiles/update-nixfiles.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/update-nixfiles/update-nixfiles.sh b/pkgs/update-nixfiles/update-nixfiles.sh index bac780a..6126d15 100644 --- a/pkgs/update-nixfiles/update-nixfiles.sh +++ b/pkgs/update-nixfiles/update-nixfiles.sh @@ -23,6 +23,7 @@ merge_theirs () { test_build () { local last_error local build_jobs + local now build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")" for build in ${build_jobs}; do @@ -42,8 +43,9 @@ test_build () { echo "Build ${build} was successful" done + now="$(date +%s)" last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")" - [[ $last_error -gt $(date +%s) ]] && + [[ $last_error -gt $now ]] && echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" && exit 1 } @@ -55,7 +57,7 @@ wait_for_hydra () { counter=0 git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)" while true; do - hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")" + hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/evals" | jq -r '.evals | max_by(.id) | .flake' | sed -E "s/.+&rev=(.*)/\1/g")" if [[ "${git_rev}" == "${hydra_rev}" ]]; then echo "Hydra got new commit" break From 91fa37fc87672f2fb535e50e4a348dc542ba9977 Mon Sep 17 00:00:00 2001 From: Update Bot Date: Mon, 11 Nov 2024 04:20:13 +0100 Subject: [PATCH 4/4] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'attic': 'github:zhaofengli/attic/48c8b395bfbc6b76c7eae74df6c74351255a095c' (2024-10-30) → 'github:zhaofengli/attic/47752427561f1c34debb16728a210d378f0ece36' (2024-11-10) • Updated input 'disko': 'github:nix-community/disko/380847d94ff0fedee8b50ee4baddb162c06678df' (2024-11-03) → 'github:nix-community/disko/486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc' (2024-11-10) • Updated input 'florp-about': 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=1845276697adca236be3e7a983238d2a2d0d57b5' (2024-11-09) → 'git+https://woof.rip/florp/about.git?ref=refs/heads/main&rev=2f1130b23576a403b9b1d70d6431649bfa044621' (2024-11-10) • Updated input 'home-manager': 'github:nix-community/home-manager/8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661' (2024-11-03) → 'github:nix-community/home-manager/60bb110917844d354f3c18e05450606a435d2d10' (2024-11-10) • Updated input 'nixos-hardware': 'github:nixos/nixos-hardware/f6e0cd5c47d150c4718199084e5764f968f1b560' (2024-11-02) → 'github:nixos/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/7ffd9ae656aec493492b44d0ddfb28e79a1ea25d' (2024-11-02) → 'github:nixos/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09) • Updated input 'nixvim': 'github:nix-community/nixvim/6f210158b03b01a1fd44bf3968165e6da80635ce' (2024-11-02) → 'github:nix-community/nixvim/57068f532d5d42601fd74e2b531204fe1cd3a8f2' (2024-11-10) • Updated input 'nixvim/git-hooks': 'github:cachix/git-hooks.nix/af8a16fe5c264f5e9e18bcee2859b40a656876cf' (2024-10-30) → 'github:cachix/git-hooks.nix/d70155fdc00df4628446352fc58adc640cd705c2' (2024-11-05) • Updated input 'nixvim/nix-darwin': 'github:lnl7/nix-darwin/683d0c4cd1102dcccfa3f835565378c7f3cbe05e' (2024-11-01) → 'github:lnl7/nix-darwin/5c74ab862c8070cbf6400128a1b56abb213656da' (2024-11-09) • Updated input 'nixvim/nuschtosSearch': 'github:NuschtOS/search/9e22bd742480916ff5d0ab20ca2522eaa3fa061e' (2024-11-02) → 'github:NuschtOS/search/ef493352f9e1f051e01a55c062731503a6b36b4e' (2024-11-08) • Updated input 'nixvim/nuschtosSearch/ixx': 'github:NuschtOS/ixx/65c207c92befec93e22086da9456d3906a4e999c' (2024-10-21) → 'github:NuschtOS/ixx/9fd01aad037f345350eab2cd45e1946cc66da4eb' (2024-10-26) • Updated input 'sops-nix': 'github:Mic92/sops-nix/e9b5eef9b51cdf966c76143e13a9476725b2f760' (2024-11-03) → 'github:Mic92/sops-nix/f1675e3b0e1e663a4af49be67ecbc9e749f85eb7' (2024-11-10) • Updated input 'stylix': 'github:danth/stylix/04afcfc0684d9bbb24bb1dc77afda7c1843ec93b' (2024-10-26) → 'github:danth/stylix/6863412636c8f2cb3b7360f747fbd020fbfddf68' (2024-11-08) • Updated input 'stylix/tinted-foot': 'github:tinted-theming/tinted-foot/eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce' (2023-10-08) → 'github:tinted-theming/tinted-foot/fd1b924b6c45c3e4465e8a849e67ea82933fcbe4' (2024-09-21) --- flake.lock | 89 +++++++++++++++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index e18f443..2389220 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1730257295, - "narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=", + "lastModified": 1731270564, + "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", "owner": "zhaofengli", "repo": "attic", - "rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c", + "rev": "47752427561f1c34debb16728a210d378f0ece36", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1730675461, - "narHash": "sha256-Mhqz3p/HEiI/zxBJWO57LYQf6gGlJB0tci6fiVXLjd8=", + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "owner": "nix-community", "repo": "disko", - "rev": "380847d94ff0fedee8b50ee4baddb162c06678df", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "type": "github" }, "original": { @@ -437,11 +437,11 @@ ] }, "locked": { - "lastModified": 1731187545, - "narHash": "sha256-n/BOlXvOcX5yn2mbjazfCcbojzczCdmcjQNaH7Dcdd4=", + "lastModified": 1731279732, + "narHash": "sha256-eZllHPzbjvTNrzImqtDrs0k1LsIIeTlp8MMN9SxMvvE=", "ref": "refs/heads/main", - "rev": "1845276697adca236be3e7a983238d2a2d0d57b5", - "revCount": 7, + "rev": "2f1130b23576a403b9b1d70d6431649bfa044621", + "revCount": 8, "type": "git", "url": "https://woof.rip/florp/about.git" }, @@ -503,11 +503,11 @@ ] }, "locked": { - "lastModified": 1730302582, - "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=", + "lastModified": 1730814269, + "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf", + "rev": "d70155fdc00df4628446352fc58adc640cd705c2", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -613,16 +613,16 @@ ] }, "locked": { - "lastModified": 1729544999, - "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=", + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "owner": "NuschtOS", "repo": "ixx", - "rev": "65c207c92befec93e22086da9456d3906a4e999c", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.5", + "ref": "v0.0.6", "repo": "ixx", "type": "github" } @@ -713,11 +713,11 @@ ] }, "locked": { - "lastModified": 1730448474, - "narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=", + "lastModified": 1731153869, + "narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e", + "rev": "5c74ab862c8070cbf6400128a1b56abb213656da", "type": "github" }, "original": { @@ -815,11 +815,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730537918, - "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", + "lastModified": 1730919458, + "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", + "rev": "e1cc1f6483393634aee94514186d21a4871e78d7", "type": "github" }, "original": { @@ -946,11 +946,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -977,11 +977,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1730569492, - "narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=", + "lastModified": 1731281996, + "narHash": "sha256-xdNFY/wcs8i9qluVbTAVh5JLlhI/r4JJfXb0yfEj1Ks=", "owner": "nix-community", "repo": "nixvim", - "rev": "6f210158b03b01a1fd44bf3968165e6da80635ce", + "rev": "57068f532d5d42601fd74e2b531204fe1cd3a8f2", "type": "github" }, "original": { @@ -1000,11 +1000,11 @@ ] }, "locked": { - "lastModified": 1730515563, - "narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=", + "lastModified": 1731060242, + "narHash": "sha256-43yLsOm/wxBbfYSNDWVJeVv5Ij+23X3BIjFUfsdx/6M=", "owner": "NuschtOS", "repo": "search", - "rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e", + "rev": "ef493352f9e1f051e01a55c062731503a6b36b4e", "type": "github" }, "original": { @@ -1059,11 +1059,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1730605784, - "narHash": "sha256-1NveNAMLHbxOg0BpBMSVuZ2yW2PpDnZLbZ25wV50PMc=", + "lastModified": 1731213149, + "narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e9b5eef9b51cdf966c76143e13a9476725b2f760", + "rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7", "type": "github" }, "original": { @@ -1093,11 +1093,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1729963473, - "narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=", + "lastModified": 1731090365, + "narHash": "sha256-ti3gXhgVpIUL/7w6zDJuH+hOnyTZqxrIX/yYqALmiEI=", "owner": "danth", "repo": "stylix", - "rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b", + "rev": "6863412636c8f2cb3b7360f747fbd020fbfddf68", "type": "github" }, "original": { @@ -1169,16 +1169,17 @@ "tinted-foot": { "flake": false, "locked": { - "lastModified": 1696725948, - "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", "owner": "tinted-theming", "repo": "tinted-foot", - "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" }, "original": { "owner": "tinted-theming", "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "type": "github" } },