{ config, pkgs, ... }: #necessary prep work: # GRANT CONNECT ON DATABASE misskey TO "misskey-backup"; # GRANT SELECT ON ALL TABLES IN SCHEMA public TO "misskey-backup"; # GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "misskey-backup"; # # TODO: automate this cause it needs to be done whenever db schema changes let user = "misskey-backup"; group = user; backupConfigFile = "/etc/misskey-backup/conf"; s3Cfg = "/etc/misskey-backup/s3cfg"; in { users.users."${user}" = { isSystemUser = true; inherit group; }; users.groups."${group}" = { }; services.postgresql.ensureUsers = [{ name = user; }]; systemd.services.misskey-backup = { description = "Misskey backup"; restartIfChanged = false; unitConfig.X-StopOnRemoval = false; unitConfig.User = user; serviceConfig.Type = "oneshot"; startAt = "weekly"; path = with pkgs; [ gzip config.services.postgresql.package s3cmd coreutils age ]; script = '' ageRecipient="age17ckyc69njpryytc63ynn545jswyucg28k5xg3043g3j6q38dxqwq0wzhm2" bucket="$(grep 'bucket=' < "${backupConfigFile}" | sed 's/bucket \?= \?')" prefix="$(grep 'prefix=' < "${backupConfigFile}" | sed 's/prefix \?= \?')" s3Dir="s3://$bucket/$prefix""misskey-$(date +'%d-%m-%YT%H.%M.%S')" echo "Uploading backups to '$s3Dir'" function upload () { name="$1" age -r "$ageRecipient" | s3cmd put --config "${s3Cfg}" - "$s3Dir/$name.age" } echo "Uploading config" tar -cz -C /srv/misskey/.config . | upload "config.tar.gz" echo "Dumping postgres database..." pg_dump misskey | gzip | upload "pg_dump.sql.gz" echo "Uploading redis database..." tar -cz -C /var/lib/redis-misskey . | upload "redis.tar.gz" echo "Backup complete to '$s3Dir'" ''; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; requires = [ "postgresql.service" ]; }; systemd.timers.misskey-backup = { timerConfig.Persistent = true; }; }