backups #47

Merged
teutat3s merged 7 commits from feat/backups into main 2023-11-06 21:24:04 +00:00
13 changed files with 144 additions and 4 deletions

View file

@ -80,7 +80,7 @@
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
deploy.nodes = self.pub-solar.lib.deploy.mkDeployNodes self.nixosConfigurations { deploy.nodes = self.lib.deploy.mkDeployNodes self.nixosConfigurations {
nachtigall = { nachtigall = {
sshUser = username; sshUser = username;
}; };

View file

@ -107,4 +107,25 @@
environment.variables = { environment.variables = {
GPG_TTY = "$(tty)"; GPG_TTY = "$(tty)";
}; };
services.restic.backups.forgejo = {
paths = [
"/var/lib/forgejo"
"/tmp/forgejo-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
# droppie will be offline if nachtigall misses the timer
Persistent = false;
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-droppie".path;
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/forgejo-backup.sql
'';
};
} }

View file

@ -46,4 +46,24 @@
"pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar; "pub.solar" = flake.inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
}; };
}; };
services.restic.backups.keycloak = {
paths = [
"/tmp/keycloak-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
# droppie will be offline if nachtigall misses the timer
Persistent = false;
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-droppie".path;
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/keycloak-backup.sql
'';
};
} }

View file

@ -79,4 +79,21 @@
# "allauth.socialaccount.providers.gitlab" # "allauth.socialaccount.providers.gitlab"
# ]) # ])
#''; #'';
services.restic.backups.mailman = {
paths = [
"/var/lib/mailman"
"/var/lib/mailman-web/mailman-web.db"
"/var/lib/mailman-web/settings_local.json"
"/var/lib/postfix/conf/aliases.db"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
# droppie will be offline if nachtigall misses the timer
Persistent = false;
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-droppie".path;
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
};
} }

View file

@ -93,4 +93,24 @@
OMNIAUTH_ONLY = "true"; OMNIAUTH_ONLY = "true";
}; };
}; };
services.restic.backups.mastodon = {
paths = [
"/tmp/mastodon-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
# droppie will be offline if nachtigall misses the timer
Persistent = false;
};
initialize = true;
b12f marked this conversation as resolved Outdated

gitea -> mastodon

`gitea` -> `mastodon`
passwordFile = config.age.secrets."restic-repo-droppie".path;
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/mastodon-backup.sql
'';
};
} }

View file

@ -130,4 +130,25 @@
autoUpdateApps.enable = true; autoUpdateApps.enable = true;
database.createLocally = true; database.createLocally = true;
}; };
services.restic.backups.nextcloud = {
paths = [
"/var/lib/nextcloud/data"
"/tmp/nextcloud-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
# droppie will be offline if nachtigall misses the timer
Persistent = false;
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-droppie".path;
repository = "yule@droppie.b12f.io:/media/internal/backups-pub-solar";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/nextcloud-backup.sql
'';
};
} }

View file

@ -0,0 +1,7 @@
{ flake, ... }: {
age.secrets."restic-repo-droppie" = {
file = "${flake.self}/secrets/restic-repo-droppie.age";
mode = "400";
owner = "root";
};
}

View file

@ -1,5 +1,9 @@
{ config, pkgs, flake, ... }:
{ {
flake,
config,
pkgs,
...
}: {
# Use GRUB2 as the boot loader. # Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot. # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
boot.loader.systemd-boot.enable = false; boot.loader.systemd-boot.enable = false;

View file

@ -7,6 +7,7 @@
./configuration.nix ./configuration.nix
./networking.nix ./networking.nix
./backups.nix
./apps/nginx.nix ./apps/nginx.nix
./apps/collabora.nix ./apps/collabora.nix

View file

@ -1,7 +1,7 @@
{ self, lib, inputs, ... }: { { self, lib, inputs, ... }: {
# Configuration common to all Linux systems # Configuration common to all Linux systems
flake = { flake = {
pub-solar.lib = let lib = let
callLibs = file: import file {inherit lib;}; callLibs = file: import file {inherit lib;};
in rec { in rec {
## Define your own library functions here! ## Define your own library functions here!

View file

@ -29,7 +29,7 @@
file = "${flake.self}/secrets/nachtigall-root-ssh-key.age"; file = "${flake.self}/secrets/nachtigall-root-ssh-key.age";
path = "/root/.ssh/id_ed25519"; path = "/root/.ssh/id_ed25519";
mode = "400"; mode = "400";
owner = root; owner = "root";
}; };
security.sudo.wheelNeedsPassword = false; security.sudo.wheelNeedsPassword = false;

View file

@ -0,0 +1,27 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg T5uxRdAUm+mxC5VdLsJcvA7BolM8l0cofI8V6fEUEBE
dCpeg4SheN/krKGe72jHNbdul3Lvy/AwG3dq4pY/AkM
-> ssh-ed25519 uYcDNw PGHCygBqKuORMouxi/JHzzRPeM2ON+YMOYV9E1vX+Vo
F7yp4gLrEEj4BCYwsDl2LPCCRUtbDfZ/AzAAhah4+dA
-> ssh-rsa kFDS0A
lQLfw3v75CzhrS7WyHPwU+Cm+vwrlCg7hhfKGb7J67elxh21GG/6qaZfRwWL11zc
P6G3Gt//92qBwrRuWN+G7fuhThTuEsHsqqpA8JOnNIgwfk8rNN2kTj8XbkIE7Uq8
R5ZQplV7QTtWZ0CGBl4lu4d6cf3zdFZJw6VaDoqNmC6WjwEGw4T6maZqlEmtsEra
i1LYssPXAFbeYxa1wsD/B9pI05WrGbgpBuEpybb+9v3O+u57bLAFAC1NCsj0OKNz
+7HJe5jaC5yntOjitrIrG7hIemOR5oPn5rX4+gyhEOzGud4IyMmMRKw8+1lsSqEJ
88BLgtO1LZ+K7XA4T4uhMNzJNlibo8uhPZVcpuOHAM2mb77kyOEEnGBTewT17Wyg
pJUIigTd8RHQmhQoyRM/EwbX15fSHmjrqwppCpQmTCNDdj+BhdfjaE8nRSJzBWDa
1C4tzxEoCAwCdowdS5Dh8Ho73JCbZr0GGpZgEoKhZJtPW/is9LCYKUIn/RQCfWvS
J9rQIGBJt3e0zNz2l+/cab0Z7z5nrfN8WJUYRWe/LJ4w2UbhTp8Qo9c5kKmP0qJg
cej2+H/v3o1KNdXdumUgmL9XeKTJeFQ1XIAbNzWa2eziLAigeg1fPraPpxLm6vfm
JBOB7xuATiOegs1KxnZh3GI6tO9GRaN1GOGMj6Vw/yc
-> ssh-ed25519 YFSOsg fO1nyrzWiiDBKUsi5WVZs6gj0oj8AnCDgzT45RuTaEI
zLBD5W/Ab8afsUGjBk2DHGYnwYca11FWRubaHPQqu0w
-> ssh-ed25519 iHV63A LEq9h44BkYmAt3ABHka7EdfZVQ7VGbU81SApWQ4O0TA
kqOs+WIAQKQdCEyDSHF0+1TU6W0d9Nk5uMzpw1X9tE8
-> ssh-ed25519 BVsyTA 15QuQEzMBnFLOQ1VXYc/bhXPClbNY27WUxVi/PKdrg4
k5J8BnC0ltep+Unjvc9rbsTAERAAwHVBx3Le1Uw3i7k
-> fz6"|e\K-grease ~A 1vo}k)X ;M<?)N(
Vk3qpd1xFZX7MJ9C7gYW
--- 7AC9JN+pNedtCrkbAxsME8f/pDqsGJf9a6hA5YvILhU
ËeÉ#&8áäÞ çgNȺœ9è·ìEùÄhItDq&§j06nðË1ÇF/&Â6(óH|B<>¥ù^Y}Œ;8š·fHaVc_¢Ä~^_ÛÇ Ø†m9sŽ-

View file

@ -43,4 +43,6 @@ in {
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys; "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys;
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys; "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
} }