egirls-nixos/backup.nix

{ config, pkgs, ... }:

#necessary prep work:
# GRANT CONNECT ON DATABASE misskey TO "misskey-backup";
# GRANT SELECT ON ALL TABLES IN SCHEMA public TO "misskey-backup";
# GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "misskey-backup";
#
# TODO: automate this cause it needs to be done whenever db schema changes
let
  user = "misskey-backup";
  group = user;

  backupConfigFile = "/etc/misskey-backup/conf";
  s3Cfg = "/etc/misskey-backup/s3cfg";
in {
  users.users."${user}" = {
    isSystemUser = true;
    inherit group;
    extraGroups = [ "misskey" "redis-misskey" ];
  };
  users.groups."${group}" = { };
  services.postgresql.ensureUsers = [{ name = user; }];

  systemd.services.misskey-backup = {
    description = "Misskey backup";

    restartIfChanged = false;
    unitConfig.X-StopOnRemoval = false;
    unitConfig.User = user;

    serviceConfig.Type = "oneshot";

    startAt = "weekly";

    path = with pkgs; [
      gzip
      config.services.postgresql.package
      s3cmd
      coreutils
      age
    ];

    script = ''
      ageRecipient="age17ckyc69njpryytc63ynn545jswyucg28k5xg3043g3j6q38dxqwq0wzhm2"
      bucket="$(grep 'bucket=' < "${backupConfigFile}" | sed 's/bucket \?= \?//g')"
      prefix="$(grep 'prefix=' < "${backupConfigFile}" | sed 's/prefix \?= \?//g')"

      s3Dir="s3://$bucket/$prefix""misskey-$(date +'%d-%m-%YT%H.%M.%S')"
      echo "Uploading backups to '$s3Dir'"

      function upload () {
        name="$1"

        age -r "$ageRecipient" | s3cmd put --config "${s3Cfg}" - "$s3Dir/$name.age"
      }

      echo "Uploading config"
      tar -cz -C /srv/misskey/.config . | upload "config.tar.gz"

      echo "Dumping postgres database..."
      pg_dump misskey | gzip | upload "pg_dump.sql.gz"

      echo "Uploading redis database..."
      tar -cz -C /var/lib/redis-misskey . | upload "redis.tar.gz"

      echo "Backup complete to '$s3Dir'"
    '';

    after = [ "network-online.target" ];
    wants = [ "network-online.target" ];
    requires = [ "postgresql.service" ];
  };

  systemd.timers.misskey-backup = { timerConfig.Persistent = true; };
}
add backup job 2024-12-20 03:09:51 +00:00			`{ config, pkgs, ... }:`

change config file location 2024-12-20 03:40:52 +00:00			`#necessary prep work:`
			`# GRANT CONNECT ON DATABASE misskey TO "misskey-backup";`
			`# GRANT SELECT ON ALL TABLES IN SCHEMA public TO "misskey-backup";`
			`# GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "misskey-backup";`
			`#`
			`# TODO: automate this cause it needs to be done whenever db schema changes`
add backup job 2024-12-20 03:09:51 +00:00			`let`
			`user = "misskey-backup";`
			`group = user;`

change config file location 2024-12-20 03:40:52 +00:00			`backupConfigFile = "/etc/misskey-backup/conf";`
use object storage directory instead of tar 2024-12-25 20:28:15 +00:00			`s3Cfg = "/etc/misskey-backup/s3cfg";`
use systemd timer 2024-12-29 23:29:03 +00:00			`in {`
			`users.users."${user}" = {`
			`isSystemUser = true;`
			`inherit group;`
add backup user to groups 2024-12-29 23:32:53 +00:00			`extraGroups = [ "misskey" "redis-misskey" ];`
use systemd timer 2024-12-29 23:29:03 +00:00			`};`
			`users.groups."${group}" = { };`
			`services.postgresql.ensureUsers = [{ name = user; }];`

			`systemd.services.misskey-backup = {`
			`description = "Misskey backup";`

			`restartIfChanged = false;`
			`unitConfig.X-StopOnRemoval = false;`
			`unitConfig.User = user;`

			`serviceConfig.Type = "oneshot";`

			`startAt = "weekly";`
add backup job 2024-12-20 03:09:51 +00:00
use systemd timer 2024-12-29 23:29:03 +00:00			`path = with pkgs; [`
add backup job 2024-12-20 03:09:51 +00:00			`gzip`
			`config.services.postgresql.package`
			`s3cmd`
			`coreutils`
encrypt backups 2024-12-25 20:41:55 +00:00			`age`
add backup job 2024-12-20 03:09:51 +00:00			`];`

use systemd timer 2024-12-29 23:29:03 +00:00			`script = ''`
encrypt backups 2024-12-25 20:41:55 +00:00			`ageRecipient="age17ckyc69njpryytc63ynn545jswyucg28k5xg3043g3j6q38dxqwq0wzhm2"`
fix sed command 2024-12-29 23:34:53 +00:00			`bucket="$(grep 'bucket=' < "${backupConfigFile}" \| sed 's/bucket \?= \?//g')"`
			`prefix="$(grep 'prefix=' < "${backupConfigFile}" \| sed 's/prefix \?= \?//g')"`
backup redis db and config dir 2024-12-25 05:40:17 +00:00
use systemd timer 2024-12-29 23:29:03 +00:00			`s3Dir="s3://$bucket/$prefix""misskey-$(date +'%d-%m-%YT%H.%M.%S')"`
use object storage directory instead of tar 2024-12-25 20:28:15 +00:00			`echo "Uploading backups to '$s3Dir'"`
backup redis db and config dir 2024-12-25 05:40:17 +00:00
use bash function to upload 2024-12-25 20:33:20 +00:00			`function upload () {`
			`name="$1"`

use systemd timer 2024-12-29 23:29:03 +00:00			`age -r "$ageRecipient" \| s3cmd put --config "${s3Cfg}" - "$s3Dir/$name.age"`
use bash function to upload 2024-12-25 20:33:20 +00:00			`}`

use object storage directory instead of tar 2024-12-25 20:28:15 +00:00			`echo "Uploading config"`
use bash function to upload 2024-12-25 20:33:20 +00:00			`tar -cz -C /srv/misskey/.config . \| upload "config.tar.gz"`
backup redis db and config dir 2024-12-25 05:40:17 +00:00
			`echo "Dumping postgres database..."`
use bash function to upload 2024-12-25 20:33:20 +00:00			`pg_dump misskey \| gzip \| upload "pg_dump.sql.gz"`
backup redis db and config dir 2024-12-25 05:40:17 +00:00
use object storage directory instead of tar 2024-12-25 20:28:15 +00:00			`echo "Uploading redis database..."`
use bash function to upload 2024-12-25 20:33:20 +00:00			`tar -cz -C /var/lib/redis-misskey . \| upload "redis.tar.gz"`
backup redis db and config dir 2024-12-25 05:40:17 +00:00
use object storage directory instead of tar 2024-12-25 20:28:15 +00:00			`echo "Backup complete to '$s3Dir'"`
add backup job 2024-12-20 03:09:51 +00:00			`'';`

use systemd timer 2024-12-29 23:29:03 +00:00			`after = [ "network-online.target" ];`
			`wants = [ "network-online.target" ];`
			`requires = [ "postgresql.service" ];`
add backup job 2024-12-20 03:09:51 +00:00			`};`
use systemd timer 2024-12-29 23:29:03 +00:00
			`systemd.timers.misskey-backup = { timerConfig.Persistent = true; };`
add backup job 2024-12-20 03:09:51 +00:00			`}`