{ config, pkgs, ... }: #necessary prep work: # GRANT CONNECT ON DATABASE misskey TO "misskey-backup"; # GRANT SELECT ON ALL TABLES IN SCHEMA public TO "misskey-backup"; # GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "misskey-backup"; # # TODO: automate this cause it needs to be done whenever db schema changes let user = "misskey-backup"; group = user; # shell script file to be sourced. must have values "MISSKEY_BACKUP_BUCKET" "MISSKEY_BACKUP_PREFIX" and "S3CFG" # $S3CFG must be a path to a .s3cfg file compatible with s3cmd backupConfigFile = "/etc/misskey-backup/conf"; backupScript = pkgs.writeShellApplication { name = "misskey-backup"; runtimeInputs = with pkgs; [ gzip config.services.postgresql.package s3cmd coreutils mktemp ]; excludeShellChecks = [ "SC1091" ]; text = '' source "${backupConfigFile}" dir="$(mktemp --directory)" echo "Using temp dir '$dir'" trap EXIT "rm -rf '$dir'" echo "Copying config" cp /srv/misskey/.config "$dir/config" -r echo "Dumping postgres database..." pg_dump misskey | gzip > "$dir/postgres.sql.gz" echo "Copying redis database..." cp /var/lib/redis-misskey "$dir/redis" -r tar -cz -C "$dir" . | \ s3cmd put --config "$S3CFG" - "s3://$MISSKEY_BACKUP_BUCKET/\$\{MISSKEY_BACKUP_PREFIX}misskey-$(date --iso-8601).tar.gz" ''; }; in { users.users."${user}" = { isSystemUser = true; inherit group; }; users.groups."${group}" = { }; services.postgresql.ensureUsers = [{ name = user; }]; services.cron = { enable = true; systemCronJobs = [ # run every monday at ass in the morning, EST" "0 8 0 0 1 ${user} ${backupScript}" ]; }; }