diff options
author | Soispha <soispha@vhack.eu> | 2024-01-14 09:10:38 +0100 |
---|---|---|
committer | Soispha <soispha@vhack.eu> | 2024-01-14 09:10:38 +0100 |
commit | 5abcac48b888888787f7a2829f71190502766906 (patch) | |
tree | 439af96e7aa4f65ca2d6e3e47016282845533241 | |
parent | chore(version): v0.20.0 (diff) | |
download | nixos-server-5abcac48b888888787f7a2829f71190502766906.tar.gz nixos-server-5abcac48b888888787f7a2829f71190502766906.zip |
fix(sys/services/restic): Include a db dump of PostgreSQL
Including this dump should remove the risk of a backup with a corrupt PostgreSQL database. Initial test showed that the backup takes around 32 GB and runs in under 3 hours. There is one big oversight not yet included in this commit: All services running a SQLite database are not included in this dump and thus can not be safely recovered. At present these are: - etebase-server (db.sqlite3) - murmur (murmur.sqlite) (This is list was generated with `sudo fd sqlite /srv/`)
-rw-r--r-- | system/services/restic/default.nix | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/system/services/restic/default.nix b/system/services/restic/default.nix index 3620540..b5e24c2 100644 --- a/system/services/restic/default.nix +++ b/system/services/restic/default.nix @@ -1,25 +1,49 @@ -{config, ...}: { +{ + config, + pkgs, + ... +}: { services.restic.backups = let - srvDir = "/srv"; + snapshots = "/srv/snapshots"; boxUser = "u384702-sub2"; + postgresUser = "postgres"; in { storagebox = { initialize = true; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u ${postgresUser} ${pkgs.postgresql}/bin/pg_dumpall --clean --if-exists --quote-all-identifiers > /srv/db_backup.sql + + [ -d /srv/snapshots/srv ] && ${pkgs.btrfs-progs}/bin/btrfs subvolume delete /srv/snapshots/srv; + ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r /srv /srv/snapshots/srv; + + # dump() { + # # compression: + # # pg_dump -F t -v "$1" | xz -z -9 -e -T0 > "db_$1.tar.xz" + # pg_dump -v "$1" > "db_$1.tar.xz" + # } + # # List all databases, and dump each of them in its own file + # # psql --list --csv | while read -r line; do echo "$line" | grep ','; done | while IFS=, read -r name _; do echo "$name"; done | sed '1d' | while read -r db_name; do dump "$db_name"; done + ''; paths = [ - srvDir + snapshots ]; exclude = [ ".snapshots" + "/var/lib/postgresql" # included in the db dump ]; extraBackupArgs = [ - "--exclude-if-present .nobackup" # Don't backup directory if it contains a file called ".nobackup" - "--verbose" # Spam log + "--verbose" # spam log ]; passwordFile = config.age.secrets.resticpass.path; extraOptions = [ "rclone.program='ssh -p 23 ${boxUser}@${boxUser}.your-storagebox.de -i ${config.age.secrets.resticssh.path}'" ]; repository = "rclone: "; # There is only one repository served + timerConfig = { + Requires = "network-online.target"; + OnCalendar = "hourly"; + Persistent = true; + }; }; }; } |