egirls-nixos/backup.nix

{ config, pkgs, ... }:

#necessary prep work:
# GRANT CONNECT ON DATABASE misskey TO "misskey-backup";
# GRANT SELECT ON ALL TABLES IN SCHEMA public TO "misskey-backup";
# GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "misskey-backup";
#
# TODO: automate this cause it needs to be done whenever db schema changes
let
  user = "misskey-backup";
  group = user;

  # shell script file to be sourced. must have values "MISSKEY_BACKUP_BUCKET" "MISSKEY_BACKUP_PREFIX" and "S3CFG"
  # $S3CFG must be a path to a .s3cfg file compatible with s3cmd
  backupConfigFile = "/etc/misskey-backup/conf";
  backupScript = pkgs.writeShellApplication {
    name = "misskey-backup";

    runtimeInputs = with pkgs; [
      gzip
      config.services.postgresql.package
      s3cmd
      coreutils
      mktemp
    ];

    excludeShellChecks = [ "SC1091" ];

    text = ''
      source "${backupConfigFile}"

      dir="$(mktemp --directory)"
      echo "Using temp dir '$dir'"

      trap EXIT "rm -rf '$dir'"

      echo "Copying config"
      cp /srv/misskey/.config "$dir/config" -r

      echo "Dumping postgres database..."
      pg_dump misskey | gzip > "$dir/postgres.sql.gz"

      echo "Copying redis database..."
      cp /var/lib/redis-misskey "$dir/redis" -r

      tar -cz -C "$dir" . | \
        s3cmd put --config "$S3CFG" - "s3://$MISSKEY_BACKUP_BUCKET/\$\{MISSKEY_BACKUP_PREFIX}misskey-$(date --iso-8601).tar.gz"
    '';
  };
in {
  users.users."${user}" = {
    isSystemUser = true;
    inherit group;
  };
  users.groups."${group}" = { };
  services.postgresql.ensureUsers = [{ name = user; }];

  services.cron = {
    enable = true;
    systemCronJobs = [
      # run every monday at ass in the morning, EST"
      "0 8 0 0 1 ${user} ${backupScript}"
    ];
  };
}