diff --git a/modules/obs-portal/default.nix b/modules/obs-portal/default.nix index e2733bf..8a15c0c 100644 --- a/modules/obs-portal/default.nix +++ b/modules/obs-portal/default.nix @@ -147,4 +147,29 @@ in }; }; }; + + services.restic.backups.obs-portal-garage = { + paths = [ + "/var/lib/obs-portal/data" + "/tmp/obs-portal-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 00:30:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-garage-obs-portal".path; + environmentFile = config.age.secrets."restic-repo-garage-obs-portal-env".path; + repository = "s3:https://buckets.pub.solar/obs-portal-backups"; + backupPrepareCommand = '' + ${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/obs-portal-backup.sql + ''; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; } diff --git a/secrets/restic-repo-garage-obs-portal-env.age b/secrets/restic-repo-garage-obs-portal-env.age new file mode 100644 index 0000000..ce4f1ab Binary files /dev/null and b/secrets/restic-repo-garage-obs-portal-env.age differ diff --git a/secrets/restic-repo-garage-obs-portal.age b/secrets/restic-repo-garage-obs-portal.age new file mode 100644 index 0000000..7f81fd0 Binary files /dev/null and b/secrets/restic-repo-garage-obs-portal.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ab52663..4c25e1e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -54,6 +54,8 @@ in "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys; "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys; + "restic-repo-garage-obs-portal.age".publicKeys = nachtigallKeys ++ adminKeys; + "restic-repo-garage-obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys; "drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys; "drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;