Add logrotate script

misskey-service.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
 
 let
   nodejs = pkgs.unstable.nodejs_20;
@@ -14,6 +14,7 @@ in {
         name = "misskey";
         ensureDBOwnership = true;
       }
+      { name = "logrotate"; }
       { name = "postgres"; }
     ];
     ensureDatabases = [ "misskey" ];
@@ -159,6 +160,58 @@ in {
     };
   };
 
+  services.cron = {
+    enable = true;
+    systemCronJobs = let
+      logrotateScript = pkgs.writeShellApplication {
+        name = "logrotate.sh";
+        runtimeInputs = with pkgs; [
+          s3cmd
+          coreutils
+          bc
+          config.services.postgresql.package
+        ];
+        text = ''
+          now="$(date +%s)"
+          stamp="$(echo $now - 2592000 | bc)"
+
+          tmp="$(mktemp -d)"
+          date="$(date --date="@$stamp" -I)"
+          file="log-$date.csv.gz"
+
+
+          echo "Using temporary dir $tmp"
+          echo "Collecting logs prior to $date..."
+          psql misskey -P format=unaligned -F , \
+                       -c "select * from public.log where \"createdAt\" < to_timestamp($stamp);" \
+              | gzip > "$tmp/$file"
+
+          echo "Uploading..."
+          if s3cmd --config /etc/nixos-secrets/logrotate-s3cfg put "$tmp/$file" s3://log.misskey.egirls.gay/
+          then
+              echo "$file successfully uploaded"
+              echo "Deleting log records..."
+
+              psql misskey -c "delete from public.log where \"createdAt\" < to_timestamp($stamp)"
+              rm -rf "$tmp"
+
+              echo "Done."
+              exit
+          fi
+
+          echo "Error uploading file. Records have not been touched" 1>&2
+          rm -rf "$tmp"
+        '';
+      };
+    in [
+      # Manage logs
+      # min hour monthday month weekday user command
+      "30 7 * * * logrotate ${logrotateScript}"
+    ];
+  };
+
+  users.users.logrotate = { isSystemUser = true; };
+
   users.groups.misskey = { members = [ "jaina" ]; };
   users.users.misskey = {
     isSystemUser = true;