obs-portal: add backups

Restic backups to garage S3 bucket

modules/obs-portal/default.nix

@@ -147,4 +147,29 @@ in
       };
     };
   };
+
+  services.restic.backups.obs-portal-garage = {
+    paths = [
+      "/var/lib/obs-portal/data"
+      "/tmp/obs-portal-backup.sql"
+    ];
+    timerConfig = {
+      OnCalendar = "*-*-* 00:30:00 Etc/UTC";
+    };
+    initialize = true;
+    passwordFile = config.age.secrets."restic-repo-garage-obs-portal".path;
+    environmentFile = config.age.secrets."restic-repo-garage-obs-portal-env".path;
+    repository = "s3:https://buckets.pub.solar/obs-portal-backups";
+    backupPrepareCommand = ''
+      ${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql
+    '';
+    backupCleanupCommand = ''
+      rm /tmp/obs-portal-backup.sql
+    '';
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 4"
+      "--keep-monthly 3"
+    ];
+  };
 }

secrets/secrets.nix

@@ -54,6 +54,8 @@ in
 
   "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
   "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
+  "restic-repo-garage-obs-portal.age".publicKeys = nachtigallKeys ++ adminKeys;
+  "restic-repo-garage-obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
 
   "drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
   "drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;