From c8264b3bf0df10ba8fb5647b041a93be9185ebf9 Mon Sep 17 00:00:00 2001 From: Mikael Voss Date: Sat, 9 Nov 2024 23:06:01 +0100 Subject: [PATCH] akkoma: Create backups from database dump --- config/hosts/florp/configuration.nix | 19 ++++++++++++++++--- modules/restic/default.nix | 14 ++++---------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix index c258a57..3636597 100644 --- a/config/hosts/florp/configuration.nix +++ b/config/hosts/florp/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{ lib, config, pkgs, ... }: { imports = [ ../../common ../../profiles/headless.nix @@ -13,7 +13,9 @@ }; kyouma.nginx.defaultForbidden = "florp.social"; - kyouma.restic = { + kyouma.restic = let + pgBackup = "/var/cache/postgresql.sql"; + in { enable = true; remoteUser = "zh3485s1"; timerConfig = { @@ -22,9 +24,20 @@ }; paths = [ "/var/lib/akkoma" - "/var/lib/postgresql" "/var/lib/secrets" + pgBackup ]; + + backupPrepareCommand = '' + umask 0077 + rm -f -- ${pgBackup} + ${lib.getExe pkgs.su} -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \ + ${config.services.postgresql.superUser} >${pgBackup} + ''; + + backupCleanupCommand = '' + rm -f -- ${pgBackup} + ''; }; systemd.network.networks."98-eth-default" = { address = [ diff --git a/modules/restic/default.nix b/modules/restic/default.nix index 2661253..fa6640c 100644 --- a/modules/restic/default.nix +++ b/modules/restic/default.nix @@ -1,9 +1,11 @@ -{ config, lib, pkgs, utils, ... }: let +{ config, lib, options, pkgs, ... }: let cfg = config.kyouma.restic; in { options.kyouma.restic = let inherit (lib) mkOption types; in { + inherit (options.services.restic.backups.type.getSubOptions []) + timerConfig backupPrepareCommand backupCleanupCommand; enable = lib.mkEnableOption "Enable restic backup"; paths = mkOption { description = "paths to backup"; @@ -40,14 +42,6 @@ in { type = types.nonEmptyStr; default = "${config.networking.hostName}-backup"; }; - timerConfig = mkOption { - description = "timer config"; - type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption); - default = { - OnCalendar = "daily"; - Persistent = true; - }; - }; }; config = lib.mkIf cfg.enable { sops.secrets."restic/${cfg.remoteUser}/password" = { @@ -58,7 +52,7 @@ in { }; services.restic.backups."${config.networking.hostName}-${cfg.remote}" = { - inherit (cfg) paths user pruneOpts timerConfig; + inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand; initialize = true; repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}"; passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;