From 2195b7ed0a42a56ba0e76fc54e01daba9938ccd4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 18 Nov 2023 22:28:12 +0100 Subject: [PATCH 1/2] feat: backups to hetzner storagebox --- hosts/nachtigall/apps/forgejo.nix | 21 ++++++++++++++++++++- hosts/nachtigall/apps/keycloak.nix | 20 +++++++++++++++++++- hosts/nachtigall/apps/mailman.nix | 17 ++++++++++++++++- hosts/nachtigall/apps/mastodon.nix | 20 +++++++++++++++++++- hosts/nachtigall/apps/nextcloud.nix | 21 ++++++++++++++++++++- hosts/nachtigall/backups.nix | 5 +++++ secrets/restic-repo-storagebox.age | 27 +++++++++++++++++++++++++++ secrets/secrets.nix | 1 + 8 files changed, 127 insertions(+), 5 deletions(-) create mode 100644 secrets/restic-repo-storagebox.age diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 03255af..4a8de24 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -109,7 +109,7 @@ GPG_TTY = "$(tty)"; }; - services.restic.backups.forgejo = { + services.restic.backups.forgejo-droppie = { paths = [ "/var/lib/forgejo" "/tmp/forgejo-backup.sql" @@ -129,4 +129,23 @@ rm /tmp/forgejo-backup.sql ''; }; + + services.restic.backups.forgejo-storagebox = { + paths = [ + "/var/lib/forgejo" + "/tmp/forgejo-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-storagebox".path; + repository = "sftp:u377325@u377325.your-storagebox.de:/backups"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/forgejo-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 20ee7ca..45682e9 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -47,7 +47,7 @@ }; }; - services.restic.backups.keycloak = { + services.restic.backups.keycloak-droppie = { paths = [ "/tmp/keycloak-backup.sql" ]; @@ -66,4 +66,22 @@ rm /tmp/keycloak-backup.sql ''; }; + + services.restic.backups.keycloak-storagebox = { + paths = [ + "/tmp/keycloak-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-storagebox".path; + repository = "sftp:u377325@u377325.your-storagebox.de:/backups"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/keycloak-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index fb48da8..75ea2a5 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -80,7 +80,7 @@ # ]) #''; - services.restic.backups.mailman = { + services.restic.backups.mailman-droppie = { paths = [ "/var/lib/mailman" "/var/lib/mailman-web/mailman-web.db" @@ -96,4 +96,19 @@ passwordFile = config.age.secrets."restic-repo-droppie".path; repository = "sftp:yule@droppie.b12f.io:/media/internal/pub.solar"; }; + + services.restic.backups.mailman-storagebox = { + paths = [ + "/var/lib/mailman" + "/var/lib/mailman-web/mailman-web.db" + "/var/lib/mailman-web/settings_local.json" + "/var/lib/postfix/conf/aliases.db" + ]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-storagebox".path; + repository = "sftp:u377325@u377325.your-storagebox.de:/backups"; + }; } diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 0dbdc47..2786c14 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -94,7 +94,7 @@ }; }; - services.restic.backups.mastodon = { + services.restic.backups.mastodon-droppie = { paths = [ "/tmp/mastodon-backup.sql" ]; @@ -113,4 +113,22 @@ rm /tmp/mastodon-backup.sql ''; }; + + services.restic.backups.mastodon-storagebox = { + paths = [ + "/tmp/mastodon-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-storagebox".path; + repository = "sftp:u377325@u377325.your-storagebox.de:/backups"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/mastodon-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/apps/nextcloud.nix b/hosts/nachtigall/apps/nextcloud.nix index 4741476..6f42263 100644 --- a/hosts/nachtigall/apps/nextcloud.nix +++ b/hosts/nachtigall/apps/nextcloud.nix @@ -131,7 +131,7 @@ database.createLocally = true; }; - services.restic.backups.nextcloud = { + services.restic.backups.nextcloud-droppie = { paths = [ "/var/lib/nextcloud/data" "/tmp/nextcloud-backup.sql" @@ -151,4 +151,23 @@ rm /tmp/nextcloud-backup.sql ''; }; + + services.restic.backups.nextcloud-storagebox = { + paths = [ + "/var/lib/nextcloud/data" + "/tmp/nextcloud-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-storagebox".path; + repository = "sftp:u377325@u377325.your-storagebox.de:/backups"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/nextcloud-backup.sql + ''; + }; } diff --git a/hosts/nachtigall/backups.nix b/hosts/nachtigall/backups.nix index 2495365..0e99c14 100644 --- a/hosts/nachtigall/backups.nix +++ b/hosts/nachtigall/backups.nix @@ -4,4 +4,9 @@ mode = "400"; owner = "root"; }; + age.secrets."restic-repo-storagebox" = { + file = "${flake.self}/secrets/restic-repo-storagebox.age"; + mode = "400"; + owner = "root"; + }; } diff --git a/secrets/restic-repo-storagebox.age b/secrets/restic-repo-storagebox.age new file mode 100644 index 0000000..9118a5d --- /dev/null +++ b/secrets/restic-repo-storagebox.age @@ -0,0 +1,27 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg G30n55ZAQdPKSHqDyAv42h2RyX67tW/Giq47A189CnY +XgXVZolY+DjIpfQYpkWcpbmo9ikbAexAV6amuwcK4f4 +-> ssh-ed25519 uYcDNw y+amMdymUI72L6mfmruyiOfYS0p+mmTxxfGB7DKMdGs +oO3/sPGgppRWnVGsL9/3NpPJEQqr8p1h3hyJ9+7gLXM +-> ssh-rsa kFDS0A +B2kcpfc+92kPSds7zaFW+KrwU+oEUn8kdLCy/swjaNlV2NETzXJNAx/xSDlylRTm +5TZcLCs106B1JxVr9Ir61WTyTb1PppLJVh0BRrDDfE+m5678M+KW2RrXrPm1IrHt +0al0gSt0qG07RvETzjKwWOm3NdzKNvVbeiLrBxXIPow3zBzE/pCgK/RARVmsLflb +MBU88tYAoHw8N5Ba+5Lnh/V80K+DEtPGFTROyKDgaXZtVfLNU331m3dbEG1FRi/n +JQBBY80m2yylP24YFxJwCVkresIutjJ3OOk8nth5lgbgqHRW/Z+n6FZIs7L6SV8f +D6qNDB1qcqLk7qMZNDEhjntwcxhHQ80bXnOMdU+p+7/fc2VGw+VgkKpjj3u+xkh4 +x0rJAS3edE6ysaIwRAZgGhobHxXBjnWHJp0dRz2+eeVfeomrT4BwT4zPDqkM2EvM +x4wsUh1qBhiJn3lkuyTKD7fXAk91tS+8iFF5Bp/cue8QIIJoXD6hs6AXRcR9OdZQ +vQuGqB9AxRYAUFqxhXGFUEvpvOh6/Mt4daO1fqGkkSeQK88TdKgVgvemf0cAX4sQ +OWgFaK8bLqls7MX7rp57vlhEqhBY29bdMKRUG4hGxnUxH/JmVI3oJ3PoYz93ayb8 +P0w8L/wlGRfJdSSqSFuZrAFhQ41xjbq2z09kQQr6FVw +-> ssh-ed25519 YFSOsg NjG+pG/FEkrqIx4YhPlS3gGE7LgKBJTUOOE+kW0OBCo +J0h7GHWTC/S23F/QGBj54fr2YUMCOnolRKWSS9zrjzk +-> ssh-ed25519 iHV63A LOzrqEfJ5jFMLtV8QAbVbj9ikDE/lhBzqwjXWqJcb3w +bgk0mxpif2wtDaS94OJ/uPVZBJZoIh2Eq5M8xRW/a/s +-> ssh-ed25519 BVsyTA JGE9eWZ1la2zSayjcGGRcPYXBTxsfvOxphDLndhYMHo +Xor0OLMsXTU4MmkyvoYoU2tHGwDla/GbbW6AI+Fptuc +-> 6>G-grease ^'eq +vOuziQ8uC81Tflh6vzXJJIqrCgh3UEZhs2tBkB9QwPww+Q +--- BpmRwNLuZ7Za7VA6xb4UWzjaSha6vpZcki868ZBpORo +wQrlo\n O6l˅,l>ܚ,/ؐ 73|Rw@V`ߥ 0oLqΊ)Ec7G[G \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7baeeae..21e347d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -51,6 +51,7 @@ in { "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys; "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys; + "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys; "drone-db-secrets.age".publicKeys = flora6Keys ++ baseKeys; "drone-secrets.age".publicKeys = flora6Keys ++ baseKeys; From a461fc72f6af49b6d2b110a56609806104bf0923 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 18 Nov 2023 22:41:48 +0100 Subject: [PATCH 2/2] feat(backups): start backups in 5 minute interval --- hosts/nachtigall/apps/forgejo.nix | 2 +- hosts/nachtigall/apps/keycloak.nix | 2 +- hosts/nachtigall/apps/mailman.nix | 2 +- hosts/nachtigall/apps/mastodon.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/nachtigall/apps/forgejo.nix b/hosts/nachtigall/apps/forgejo.nix index 4a8de24..eb76588 100644 --- a/hosts/nachtigall/apps/forgejo.nix +++ b/hosts/nachtigall/apps/forgejo.nix @@ -136,7 +136,7 @@ "/tmp/forgejo-backup.sql" ]; timerConfig = { - OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + OnCalendar = "*-*-* 04:20:00 Etc/UTC"; }; initialize = true; passwordFile = config.age.secrets."restic-repo-storagebox".path; diff --git a/hosts/nachtigall/apps/keycloak.nix b/hosts/nachtigall/apps/keycloak.nix index 45682e9..deb13f9 100644 --- a/hosts/nachtigall/apps/keycloak.nix +++ b/hosts/nachtigall/apps/keycloak.nix @@ -72,7 +72,7 @@ "/tmp/keycloak-backup.sql" ]; timerConfig = { - OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + OnCalendar = "*-*-* 04:10:00 Etc/UTC"; }; initialize = true; passwordFile = config.age.secrets."restic-repo-storagebox".path; diff --git a/hosts/nachtigall/apps/mailman.nix b/hosts/nachtigall/apps/mailman.nix index 75ea2a5..f9506e3 100644 --- a/hosts/nachtigall/apps/mailman.nix +++ b/hosts/nachtigall/apps/mailman.nix @@ -105,7 +105,7 @@ "/var/lib/postfix/conf/aliases.db" ]; timerConfig = { - OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + OnCalendar = "*-*-* 04:15:00 Etc/UTC"; }; initialize = true; passwordFile = config.age.secrets."restic-repo-storagebox".path; diff --git a/hosts/nachtigall/apps/mastodon.nix b/hosts/nachtigall/apps/mastodon.nix index 2786c14..99410cd 100644 --- a/hosts/nachtigall/apps/mastodon.nix +++ b/hosts/nachtigall/apps/mastodon.nix @@ -119,7 +119,7 @@ "/tmp/mastodon-backup.sql" ]; timerConfig = { - OnCalendar = "*-*-* 04:00:00 Etc/UTC"; + OnCalendar = "*-*-* 04:05:00 Etc/UTC"; }; initialize = true; passwordFile = config.age.secrets."restic-repo-storagebox".path;