it-infra/nixbld-etc-nixos/backup-module.nix

59 lines
1.7 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
let
makeBackup = pkgs.writeScript "make-backup" ''
#!${pkgs.bash}/bin/bash
set -e
umask 0077
FILENAME=backup-`date +%F`.tar.bz2.gpg
DBDUMPDIR=`mktemp -d`
pushd $DBDUMPDIR
${config.services.mysql.package}/bin/mysqldump --single-transaction flarum > flarum.sql
${pkgs.sudo}/bin/sudo -u mattermost ${config.services.postgresql.package}/bin/pg_dump mattermost > mattermost.sql
${pkgs.sudo}/bin/sudo -u rt ${config.services.postgresql.package}/bin/pg_dump rt5 > rt.sql
${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" --exclude "/var/lib/gitea/data/repo-archive" --exclude "/var/lib/afws/.cache" /etc/nixos /var/lib/gitea /var/lib/afws /var/lib/mattermost/data flarum.sql mattermost.sql rt.sql | \
${pkgs.bzip2}/bin/bzip2 | \
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase > /home/backupdl/$FILENAME
popd
rm -rf $DBDUMPDIR
chown backupdl.users /home/backupdl/$FILENAME
echo Backup done
'';
cfg = config.services.mlabs-backup;
in
{
options.services.mlabs-backup = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable backups";
};
};
config = mkIf cfg.enable {
systemd.services.mlabs-backup = {
description = "M-Labs backup";
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
ExecStart = "${makeBackup}";
};
};
systemd.timers.mlabs-backup = {
description = "M-Labs backup";
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "tuesday,friday";
};
};
}