From e7c70c6cd0d20642f52220d9e6396c2d82bad09b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 5 Nov 2023 22:12:22 +0100 Subject: [PATCH 1/7] fix: nachtigall root ssh key config fixes --- hosts/nachtigall/configuration.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/hosts/nachtigall/configuration.nix b/hosts/nachtigall/configuration.nix index 19b9048f..8d61f8d1 100644 --- a/hosts/nachtigall/configuration.nix +++ b/hosts/nachtigall/configuration.nix @@ -1,5 +1,9 @@ -{ config, pkgs, flake, ... }: { + flake, + config, + pkgs, + ... +}: { # Use GRUB2 as the boot loader. # We don't use systemd-boot because Hetzner uses BIOS legacy boot. boot.loader.systemd-boot.enable = false; From 42fbde31e57b7c71a669ace3406016ef37740138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 5 Nov 2023 22:54:09 +0100 Subject: [PATCH 2/7] feat: droppie backups for all nachtigall services --- hosts/nachtigall/apps/forgejo.nix | 13 +++++++++++++ hosts/nachtigall/apps/keycloak.nix | 12 ++++++++++++ hosts/nachtigall/apps/mailman.nix | 8 ++++++++ hosts/nachtigall/apps/mastodon.nix | 20 ++++++++++++++++++-- hosts/nachtigall/apps/nextcloud.nix | 16 ++++++++++++++-- hosts/nachtigall/backups.nix | 7 +++++++ hosts/nachtigall/default.nix | 1 + lib/default.nix | 4 ++++ lib/droppie-backup.nix | 10 ++++++++++ secrets/restic-repo-droppie.age | 27 +++++++++++++++++++++++++++ secrets/secrets.nix | 2 ++ 11 files changed, 116 insertions(+), 4 deletions(-) create mode 100644 hosts/nachtigall/backups.nix create mode 100644 lib/droppie-backup.nix create mode 100644 secrets/restic-repo-droppie.age diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 08fd9923..12e7a492 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -107,4 +107,17 @@ environment.variables = { GPG_TTY = "$(tty)"; }; + + services.restic.backups.forgejo = flake.self.lib.droppieBackup { + paths = [ + "/var/lib/forgejo" + "/tmp/forgejo-backup.sql" + ]; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/forgejo-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 9db430b0..7c7a41db 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -46,4 +46,16 @@ "pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; }; }; + + services.restic.backups.keycloak = flake.self.lib.droppieBackup { + paths = [ + "/tmp/keycloak-backup.sql" + ]; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/keycloak-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index 4b79396f..6285c815 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -79,4 +79,12 @@ # "allauth.socialaccount.providers.gitlab" # ]) #''; + + services.restic.backups.mailman = flake.self.lib.droppieBackup { + paths = [ + "/var/lib/mailman" + "/var/lib/mailman-web/mailman-web.db" + "/var/lib/postfix/conf/aliases.db" + ]; + }; } diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index c1b7dfaa..fae406d4 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -1,6 +1,10 @@ -{ config, pkgs, flake, inputs, ... }: - { + config, + pkgs, + flake, + inputs, + ... +}: { age.secrets."mastodon-secret-key-base" = { file = "${flake.self}/secrets/mastodon-secret-key-base.age"; mode = "400"; @@ -93,4 +97,16 @@ OMNIAUTH_ONLY = "true"; }; }; + + services.restic.backups.mastodon = flake.self.lib.droppieBackup { + paths = [ + "/tmp/mastodon-backup.sql" + ]; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/mastodon-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/mastodon-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index b93af37c..9817a670 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -3,8 +3,7 @@ pkgs, flake, ... -}: -{ +}: { age.secrets."nextcloud-secrets" = { file = "${flake.self}/secrets/nextcloud-secrets.age"; mode = "400"; @@ -130,4 +129,17 @@ autoUpdateApps.enable = true; database.createLocally = true; }; + + services.restic.backups.nextcloud = flake.self.lib.droppieBackup { + paths = [ + "/var/lib/nextcloud/data" + "/tmp/nextcloud-backup.sql" + ]; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/nextcloud-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/backups.nix b/hosts/nachtigall/backups.nix new file mode 100644 index 00000000..2495365d --- /dev/null +++ b/hosts/nachtigall/backups.nix @@ -0,0 +1,7 @@ +{ flake, ... }: { + age.secrets."restic-repo-droppie" = { + file = "${flake.self}/secrets/restic-repo-droppie.age"; + mode = "400"; + owner = "root"; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 9f3aabcd..de927890 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -7,6 +7,7 @@ ./configuration.nix ./networking.nix + ./backups.nix ./apps/nginx.nix ./apps/collabora.nix diff --git a/lib/default.nix b/lib/default.nix index d7448e45..20566ff9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,6 +11,10 @@ ## In configs, they can be used under "lib.our" deploy = import ./deploy.nix { inherit inputs lib; }; + + linux = { + unlockZFSOnBoot = import ./unlock-zfs-on-boot.nix {publicKeys = self.publicKeys.allAdmins;}; + }; }; }; } diff --git a/lib/droppie-backup.nix b/lib/droppie-backup.nix new file mode 100644 index 00000000..be834607 --- /dev/null +++ b/lib/droppie-backup.nix @@ -0,0 +1,10 @@ +{ config, ... }: extraOptions: { + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; +} // extraOptions diff --git a/secrets/restic-repo-droppie.age b/secrets/restic-repo-droppie.age new file mode 100644 index 00000000..11cdb63a --- /dev/null +++ b/secrets/restic-repo-droppie.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg T5uxRdAUm+mxC5VdLsJcvA7BolM8l0cofI8V6fEUEBE +dCpeg4SheN/krKGe72jHNbdul3Lvy/AwG3dq4pY/AkM +-> ssh-ed25519 uYcDNw PGHCygBqKuORMouxi/JHzzRPeM2ON+YMOYV9E1vX+Vo +F7yp4gLrEEj4BCYwsDl2LPCCRUtbDfZ/AzAAhah4+dA +-> ssh-rsa kFDS0A +lQLfw3v75CzhrS7WyHPwU+Cm+vwrlCg7hhfKGb7J67elxh21GG/6qaZfRwWL11zc +P6G3Gt//92qBwrRuWN+G7fuhThTuEsHsqqpA8JOnNIgwfk8rNN2kTj8XbkIE7Uq8 +R5ZQplV7QTtWZ0CGBl4lu4d6cf3zdFZJw6VaDoqNmC6WjwEGw4T6maZqlEmtsEra +i1LYssPXAFbeYxa1wsD/B9pI05WrGbgpBuEpybb+9v3O+u57bLAFAC1NCsj0OKNz ++7HJe5jaC5yntOjitrIrG7hIemOR5oPn5rX4+gyhEOzGud4IyMmMRKw8+1lsSqEJ +88BLgtO1LZ+K7XA4T4uhMNzJNlibo8uhPZVcpuOHAM2mb77kyOEEnGBTewT17Wyg +pJUIigTd8RHQmhQoyRM/EwbX15fSHmjrqwppCpQmTCNDdj+BhdfjaE8nRSJzBWDa +1C4tzxEoCAwCdowdS5Dh8Ho73JCbZr0GGpZgEoKhZJtPW/is9LCYKUIn/RQCfWvS +J9rQIGBJt3e0zNz2l+/cab0Z7z5nrfN8WJUYRWe/LJ4w2UbhTp8Qo9c5kKmP0qJg +cej2+H/v3o1KNdXdumUgmL9XeKTJeFQ1XIAbNzWa2eziLAigeg1fPraPpxLm6vfm +JBOB7xuATiOegs1KxnZh3GI6tO9GRaN1GOGMj6Vw/yc +-> ssh-ed25519 YFSOsg fO1nyrzWiiDBKUsi5WVZs6gj0oj8AnCDgzT45RuTaEI +zLBD5W/Ab8afsUGjBk2DHGYnwYca11FWRubaHPQqu0w +-> ssh-ed25519 iHV63A LEq9h44BkYmAt3ABHka7EdfZVQ7VGbU81SApWQ4O0TA +kqOs+WIAQKQdCEyDSHF0+1TU6W0d9Nk5uMzpw1X9tE8 +-> ssh-ed25519 BVsyTA 15QuQEzMBnFLOQ1VXYc/bhXPClbNY27WUxVi/PKdrg4 +k5J8BnC0ltep+Unjvc9rbsTAERAAwHVBx3Le1Uw3i7k +-> fz6"|e\K-grease ~A 1vo}k)X ;M Date: Sun, 5 Nov 2023 23:47:06 +0100 Subject: [PATCH 3/7] refactor: small backup refactoring --- hosts/nachtigall/apps/forgejo.nix | 10 +++++++++- hosts/nachtigall/apps/keycloak.nix | 10 +++++++++- hosts/nachtigall/apps/mailman.nix | 10 +++++++++- hosts/nachtigall/apps/mastodon.nix | 20 ++++++++++++-------- hosts/nachtigall/apps/nextcloud.nix | 13 +++++++++++-- lib/default.nix | 2 +- lib/droppie-backup.nix | 10 ---------- 7 files changed, 51 insertions(+), 24 deletions(-) delete mode 100644 lib/droppie-backup.nix diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 12e7a492..28ef60eb 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -108,11 +108,19 @@ GPG_TTY = "$(tty)"; }; - services.restic.backups.forgejo = flake.self.lib.droppieBackup { + services.restic.backups.forgejo = { paths = [ "/var/lib/forgejo" "/tmp/forgejo-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql ''; diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 7c7a41db..41963da3 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -47,10 +47,18 @@ }; }; - services.restic.backups.keycloak = flake.self.lib.droppieBackup { + services.restic.backups.keycloak = { paths = [ "/tmp/keycloak-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql ''; diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index 6285c815..1d18da82 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -80,11 +80,19 @@ # ]) #''; - services.restic.backups.mailman = flake.self.lib.droppieBackup { + services.restic.backups.mailman = { paths = [ "/var/lib/mailman" "/var/lib/mailman-web/mailman-web.db" "/var/lib/postfix/conf/aliases.db" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; }; } diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index fae406d4..c55d4902 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -1,10 +1,6 @@ +{ config, pkgs, flake, inputs, ... }: + { - config, - pkgs, - flake, - inputs, - ... -}: { age.secrets."mastodon-secret-key-base" = { file = "${flake.self}/secrets/mastodon-secret-key-base.age"; mode = "400"; @@ -98,12 +94,20 @@ }; }; - services.restic.backups.mastodon = flake.self.lib.droppieBackup { + services.restic.backups.mastodon = { paths = [ "/tmp/mastodon-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/mastodon-backup.sql + ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql ''; backupCleanupCommand = '' rm /tmp/mastodon-backup.sql diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 9817a670..f37c44f9 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -3,7 +3,8 @@ pkgs, flake, ... -}: { +}: +{ age.secrets."nextcloud-secrets" = { file = "${flake.self}/secrets/nextcloud-secrets.age"; mode = "400"; @@ -130,11 +131,19 @@ database.createLocally = true; }; - services.restic.backups.nextcloud = flake.self.lib.droppieBackup { + services.restic.backups.nextcloud = { paths = [ "/var/lib/nextcloud/data" "/tmp/nextcloud-backup.sql" ]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00 Etc/UTC"; + # droppie will be offline if nachtigall misses the timer + Persistent = false; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-droppie".path; + repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql ''; diff --git a/lib/default.nix b/lib/default.nix index 20566ff9..e93cf33f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ { self, lib, inputs, ... }: { # Configuration common to all Linux systems flake = { - pub-solar.lib = let + lib = let callLibs = file: import file {inherit lib;}; in rec { ## Define your own library functions here! diff --git a/lib/droppie-backup.nix b/lib/droppie-backup.nix deleted file mode 100644 index be834607..00000000 --- a/lib/droppie-backup.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, ... }: extraOptions: { - timerConfig = { - OnCalendar = "*-*-* 02:00:00 Etc/UTC"; - # droppie will be offline if nachtigall misses the timer - Persistent = false; - }; - initialize = true; - passwordFile = config.age.secrets."restic-repo-droppie".path; - repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; -} // extraOptions From 20fbcbb5711ce9f962a3e7993c3b04c5d3a86a61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 6 Nov 2023 22:05:54 +0100 Subject: [PATCH 4/7] fix: two typos --- flake.nix | 2 +- modules/users.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index f925a364..7006190e 100644 --- a/flake.nix +++ b/flake.nix @@ -80,7 +80,7 @@ checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; - deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations { + deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations { nachtigall = { sshUser = username; }; diff --git a/modules/users.nix b/modules/users.nix index e08a2c7a..0b9a08c8 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -29,7 +29,7 @@ file = "${flake.self}/secrets/nachtigall-root-ssh-key.age"; path = "/root/.ssh/id_ed25519"; mode = "400"; - owner = root; + owner = "root"; }; security.sudo.wheelNeedsPassword = false; From e8f72b6cf77fa968297c12cc76fca30c6a668b67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 6 Nov 2023 22:09:02 +0100 Subject: [PATCH 5/7] fix: remove unlock zfs module from lib --- lib/default.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/default.nix b/lib/default.nix index e93cf33f..d55c3bfd 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,10 +11,6 @@ ## In configs, they can be used under "lib.our" deploy = import ./deploy.nix { inherit inputs lib; }; - - linux = { - unlockZFSOnBoot = import ./unlock-zfs-on-boot.nix {publicKeys = self.publicKeys.allAdmins;}; - }; }; }; } From 052d752d274e7274d56e771935b9e0c114f98360 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 6 Nov 2023 22:20:29 +0100 Subject: [PATCH 6/7] feat: add settings_local.json to mailman-web backup --- hosts/nachtigall/apps/mailman.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index 1d18da82..55e49b5e 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -84,6 +84,7 @@ paths = [ "/var/lib/mailman" "/var/lib/mailman-web/mailman-web.db" + "/var/lib/mailman-web/settings_local.json" "/var/lib/postfix/conf/aliases.db" ]; timerConfig = { From c8233cf6a7360865e6557d07a22ec6e15cd3e90f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 6 Nov 2023 22:22:36 +0100 Subject: [PATCH 7/7] chore: simplify sudo command for backups --- hosts/nachtigall/apps/forgejo.nix | 2 +- hosts/nachtigall/apps/keycloak.nix | 2 +- hosts/nachtigall/apps/mastodon.nix | 2 +- hosts/nachtigall/apps/nextcloud.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 28ef60eb..5adb700d 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -122,7 +122,7 @@ passwordFile = config.age.secrets."restic-repo-droppie".path; repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql ''; backupCleanupCommand = '' rm /tmp/forgejo-backup.sql diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 41963da3..8ca5e435 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -60,7 +60,7 @@ passwordFile = config.age.secrets."restic-repo-droppie".path; repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql ''; backupCleanupCommand = '' rm /tmp/keycloak-backup.sql diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index c55d4902..55705857 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -107,7 +107,7 @@ passwordFile = config.age.secrets."restic-repo-droppie".path; repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql ''; backupCleanupCommand = '' rm /tmp/mastodon-backup.sql diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index f37c44f9..50f086b1 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -145,7 +145,7 @@ passwordFile = config.age.secrets."restic-repo-droppie".path; repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar"; backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -iu postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql ''; backupCleanupCommand = '' rm /tmp/nextcloud-backup.sql