it-infra/nixbld-etc-nixos/backup-module.nix

65 lines
2.5 KiB
Nix
Raw Permalink Normal View History

2020-06-20 17:54:21 +08:00
{ config, pkgs, lib, ... }:
with lib;
let
2023-08-31 14:15:53 +08:00
excludePaths = [
"/var/lib/gitea/repositories/*/*.git/archives"
"/var/lib/gitea/data/repo-archive"
"/var/lib/gitea/data/indexers"
"/var/vmail/m-labs.hk/js"
"/var/lib/afws/.cache"
"/var/lib/mattermost/data/2019*"
"/var/lib/mattermost/data/2020*"
"/var/lib/mattermost/data/2021*"
"/var/lib/mattermost/data/2022*"
2024-01-17 13:50:12 +08:00
"/var/lib/mattermost/data/2023*"
2023-08-31 14:15:53 +08:00
];
2020-06-20 17:54:21 +08:00
makeBackup = pkgs.writeScript "make-backup" ''
2024-01-17 13:50:28 +08:00
#!${pkgs.bash}/bin/bash -p
2020-06-20 17:54:21 +08:00
set -e
umask 0077
DBDUMPDIR=`mktemp -d`
2024-01-17 13:50:28 +08:00
trap "rm -rf $DBDUMPDIR" EXIT
cd $DBDUMPDIR
2020-06-20 17:54:21 +08:00
2023-07-07 17:29:24 +08:00
${config.services.mysql.package}/bin/mysqldump --user=root --single-transaction flarum > flarum.sql
2024-01-17 13:50:28 +08:00
${config.services.postgresql.package}/bin/pg_dump mattermost > mattermost.sql
${config.services.postgresql.package}/bin/pg_dump rt5 > rt.sql
2024-08-17 18:26:17 +08:00
${config.services.postgresql.package}/bin/pg_dump gitea > gitea.sql
2020-06-20 17:54:21 +08:00
2024-01-17 13:50:28 +08:00
exec 6< /etc/nixos/secret/backup-passphrase
2024-08-17 18:26:17 +08:00
${pkgs.gnutar}/bin/tar cf - ${lib.concatMapStringsSep " " (p: "--exclude \"${p}\"") excludePaths} /etc/nixos /var/vmail /var/lib/hedgedoc /var/lib/gitea /var/lib/afws /var/lib/mattermost/data /var/www/193thz flarum.sql mattermost.sql rt.sql gitea.sql | \
2020-06-20 17:54:21 +08:00
${pkgs.bzip2}/bin/bzip2 | \
2024-01-17 13:50:28 +08:00
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-fd 6
2020-06-20 17:54:21 +08:00
'';
cfg = config.services.mlabs-backup;
in
{
options.services.mlabs-backup = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable backups";
};
};
config = mkIf cfg.enable {
2024-01-17 13:50:28 +08:00
users.extraGroups.backupdl = { };
users.extraUsers.backupdl = {
isNormalUser = true;
extraGroups = ["backupdl" "nextcloud"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbH+l0FIBTPdUKOS9H5OOT5ro/nljKLsiCTzTzublCScdPPmCNy27ORbLgNHX5Ughlug5wr2rAIU9AexV+L71V5MeVHUWDfKgRsNIpUTtY6wpJkAP7r1ipk2kTWc/sxhrxyPea62cohmy1dOeLlwXO6U8FnsiZfYKmgjZ8wuTo6ixDB8krXsAZ8VY/bj5WFcXqeW8GF1Qjpel7HgpCpj3HIUyC63uwIyUoYe+cgnhjzNLbRYdU9Yx2iqcUCwEUX2cMdz5VX+xbLkL8CWcuiMFg6TFo+CUPFtuA/kVzHcZ4Pa3BiilL3rf7oXlIXGN12JVsN+caX7j2weVqm2b5u5eVsyDxiLx1KA37ukq92CYAAdOuKE+saMPsLuOn+Qd9B6D5oYnYgsWg460uEGgwczwOTXLAZTT5wrwRaKIE+ezKqtRP+Tz7l2IEixulyj1MUR+XpSwECZXiFJx5DGofwzxcd2kWnNOPBReDkHv0At5ZLNIrLuxFMz2L6UXbqvHwEu8= backupdl@minipc"
];
2020-06-20 17:54:21 +08:00
};
2024-01-17 13:50:28 +08:00
security.wrappers.mlabs-backup = {
source = makeBackup;
setuid = true;
owner = "root";
group = "backupdl";
permissions = "g+x";
2020-06-20 17:54:21 +08:00
};
};
}