From 4c2f141db50c16ec57c38d66f399e43ab01b1307 Mon Sep 17 00:00:00 2001
From: Mikael Voss <mvs@nyantec.com>
Date: Sat, 9 Nov 2024 23:06:01 +0100
Subject: [PATCH] akkoma: Create backups from database dump

---
 config/hosts/florp/configuration.nix | 19 ++++++++++++++++---
 modules/restic/default.nix           | 19 +++++++++----------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/config/hosts/florp/configuration.nix b/config/hosts/florp/configuration.nix
index c258a57..fd06c11 100644
--- a/config/hosts/florp/configuration.nix
+++ b/config/hosts/florp/configuration.nix
@@ -1,4 +1,4 @@
-{ lib, ... }: {
+{ lib, config, pkgs, ... }: {
   imports = [
     ../../common
     ../../profiles/headless.nix
@@ -13,7 +13,9 @@
   };
   kyouma.nginx.defaultForbidden = "florp.social";
 
-  kyouma.restic = {
+  kyouma.restic = let
+    pgBackup = "/var/cache/postgresql.sql";
+  in {
     enable = true;
     remoteUser = "zh3485s1";
     timerConfig = {
@@ -22,9 +24,20 @@
     };
     paths = [
       "/var/lib/akkoma"
-      "/var/lib/postgresql"
       "/var/lib/secrets"
+      pgBackup
     ];
+
+    backupPrepareCommand = ''
+      umask 0077
+      rm -f -- ${pgBackup} 
+      ${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
+        ${config.services.postgresql.superUser} >${pgBackup}
+    '';
+
+    backupCleanupCommand = ''
+      rm -f -- ${pgBackup}
+    '';
   };
   systemd.network.networks."98-eth-default" = {
     address = [
diff --git a/modules/restic/default.nix b/modules/restic/default.nix
index 2661253..6b7d1f5 100644
--- a/modules/restic/default.nix
+++ b/modules/restic/default.nix
@@ -1,9 +1,11 @@
-{ config, lib, pkgs, utils, ... }: let
+{ config, lib, options, pkgs, ... }: let
   cfg = config.kyouma.restic;
 in {
   options.kyouma.restic = let
     inherit (lib) mkOption types;
   in {
+    inherit (options.services.restic.backups.type.getSubOptions [])
+      timerConfig backupPrepareCommand backupCleanupCommand;
     enable = lib.mkEnableOption "Enable restic backup";
     paths = mkOption {
       description = "paths to backup";
@@ -40,14 +42,6 @@ in {
       type = types.nonEmptyStr;
       default = "${config.networking.hostName}-backup";
     };
-    timerConfig = mkOption {
-      description = "timer config";
-      type = with types; nullOr (attrsOf utils.systemdUtils.unitOptions.unitOption);
-      default = {
-        OnCalendar = "daily";
-        Persistent = true;
-      };
-    };
   };
   config = lib.mkIf cfg.enable {
     sops.secrets."restic/${cfg.remoteUser}/password" = {
@@ -58,10 +52,15 @@ in {
     };
 
     services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
-      inherit (cfg) paths user pruneOpts timerConfig;
+      inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
       initialize = true;
       repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
       passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
+      extraBackupArgs = [
+        "--compression=max"
+        "--pack-size=128"
+        "--read-concurrency=8"
+      ];
       extraOptions = let
         knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
         sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;