ctucx.git: nixfiles

ctucx' nixfiles

commit a82d474ffc35db2677f6312450968b6ab3184bf2
parent 9067c17901875b88ab96b49bcf912bb6c2a7541a
Author: Leah (ctucx) <git@ctu.cx>
Date: Thu, 19 Jan 2023 13:53:30 +0100

machines/lollo: backup influx buckets, improve gotosocial-backup

7 files changed, 58 insertions(+), 27 deletions(-)
M
machines/lollo/gotosocial.nix
|
18
+++++++++++++-----
M
machines/lollo/smarthome/influxdb2.nix
|
13
++++++++++++-
M
modules/linux/gotosocial.nix
|
21
++-------------------
M
modules/linux/restic-backups.nix
|
31
+++++++++++++++++++++++++++++--
A
secrets/lollo/influx/backup_env.age
|
0
A
secrets/lollo/restic/influxdb.age
|
0
M
secrets/secrets.nix
|
2
++
diff --git a/machines/lollo/gotosocial.nix b/machines/lollo/gotosocial.nix
@@ -1,18 +1,26 @@
 { config, pkgs, ... }:
 
-{
+let
+  gotosocial = pkgs.callPackage ../../pkgs/gotosocial-bin.nix {};
+
+in {
 
   age.secrets.restic-gotosocial.file = ../../secrets/lollo/restic/gotosocial.age;
 
+  systemd.services.restic-backup-gotosocial.serviceConfig.ReadWritePaths = [ "/var/lib/gotosocial" ];
   restic-backups.gotosocial = {
-    user         = "gotosocial";
-    passwordFile = config.age.secrets.restic-gotosocial.path;
-    paths        = [ "/var/lib/gotosocial" ];
+    user            = "gotosocial";
+    passwordFile    = config.age.secrets.restic-gotosocial.path;
+    sqliteDatabases = [ "/var/lib/gotosocial/db.sqlite" ];
+    paths           = [ "/var/lib/gotosocial/storage" "/var/lib/gotosocial/backup.json" ];
+    runBeforeBackup = ''
+      ${gotosocial}/bin/gotosocial --config-path /etc/gotosocial.yaml admin export --path /var/lib/gotosocial/backup.json
+    '';
   };
 
   services.gotosocial = {
     enable   = true;
-    package  = pkgs.callPackage ../../pkgs/gotosocial-bin.nix {};
+    package  = gotosocial;
     settings = {
       application-name = "ctucx.gts";
 

diff --git a/machines/lollo/smarthome/influxdb2.nix b/machines/lollo/smarthome/influxdb2.nix
@@ -1,7 +1,18 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 {
 
+  age.secrets.restic-influxdb.file   = ../../../secrets/lollo/restic/influxdb.age;
+  age.secrets.influx-backup-env.file = ../../../secrets/lollo/influx/backup_env.age;
+
+  systemd.services.restic-backup-influxdb.serviceConfig.EnvironmentFile = config.age.secrets.influx-backup-env.path;
+
+  restic-backups.influxdb = {
+    user          = "influxdb2";
+    passwordFile  = config.age.secrets.restic-influxdb.path;
+    influxBuckets = [ "mqttData" ];
+  };
+
   systemd.services.influxdb2 = {
     serviceConfig.ExecStartPost = "${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat}/bin/nc -z 127.0.0.1 8086; do sleep 0.2; done'";
     onFailure                   = [ "email-notify@%i.service" ];

diff --git a/modules/linux/gotosocial.nix b/modules/linux/gotosocial.nix
@@ -99,6 +99,8 @@ in {
       groups."${cfg.group}" = {};
     };
 
+    environment.etc."gotosocial.yaml".source = configFile;
+
     environment.systemPackages = [
       (pkgs.writeShellScriptBin "gotosocial" ''
         exec ${cfg.package}/bin/gotosocial --config-path ${configFile} "$@"

@@ -106,25 +108,6 @@ in {
     ];
 
     systemd.services = {
-      gotosocial-export = {
-        description   = "gotosocial export";
-
-        startAt       = "*-*-* 1:00:00";
-        onFailure     = [ "email-notify@%i.service" ];
-
-        serviceConfig = {
-          User = cfg.user;
-          Group = cfg.group;
-
-          Type = "exec";
-          WorkingDirectory = "~";
-          StateDirectory = "gotosocial gotosocial/storage";
-          StateDirectoryMode = "700";
-
-          ExecStart = "${cfg.package}/bin/gotosocial --config-path ${configFile} admin export --path /var/lib/gotosocial/backup.json";
-        };
-      };
-
       gotosocial = {
         description     = "GoToSocial ActivityPub Server";
         after           = [ "network-online.target" ];

diff --git a/modules/linux/restic-backups.nix b/modules/linux/restic-backups.nix
@@ -17,6 +17,11 @@ let
         type = types.str;
       };
 
+      runBeforeBackup = mkOption {
+        type = types.str;
+        default = "";
+      };
+
       paths = mkOption {
         type    = with types; listOf str;
         default = [];

@@ -27,6 +32,16 @@ let
         default = [];
       };
 
+      sqliteDatabases = mkOption {
+        type    = with types; listOf str;
+        default = [];
+      };
+
+      influxBuckets = mkOption {
+        type    = with types; listOf str;
+        default = [];
+      };
+
       targets = mkOption {
         type    = with types; listOf str;
         default = [ "desastro.ctu.cx" "lollo.ctu.cx" "hector.ctu.cx" ];

@@ -103,12 +118,24 @@ in {
                 #!${pkgs.runtimeShell}
                 set -eu pipefail
 
+                ${backup.runBeforeBackup}
+
                 '' + concatMapStringsSep "\n" (db: ''
                 echo "Dumping Postgres-database: ${db}"
                 mkdir -p /tmp/postgresDatabases
                 pg_dump ${db} | zstd --rsyncable > /tmp/postgresDatabases/${db}.sql.zst
                 [ $(du -b /tmp/postgresDatabases/${db}.sql.zst | cut -f1) -gt "50" ] || exit 1
-              '') backup.postgresDatabases)
+              '') backup.postgresDatabases + concatMapStringsSep "\n" (db: ''
+                echo "Dumping sqlite-database: ${db}"
+                mkdir -p /tmp/sqliteDatabases
+                ${pkgs.sqlite}/bin/sqlite3 ${db} ".backup '/tmp/sqliteDatabases/${builtins.baseNameOf db}.sqlite-backup'"
+                [ $(du -b /tmp/sqliteDatabases/${builtins.baseNameOf db}.sqlite-backup | cut -f1) -gt "50" ] || exit 1
+              '') backup.sqliteDatabases + concatMapStringsSep "\n" (db: ''
+                echo "Dumping influx-bucket: ${db}"
+                mkdir -p /tmp/influxBuckets
+                ${pkgs.influxdb2}/bin/influx backup --compression=none --bucket=${db} /tmp/influxBuckets/${db}
+                [ $(du -b /tmp/influxBuckets/${db} | cut -f1) -gt "50" ] || exit 1
+              '') backup.influxBuckets)
             )
           ];
         };

@@ -126,7 +153,7 @@ in {
           restic snapshots || restic init
 
           #backup files
-          restic backup ${escapeShellArgs (backup.paths ++ optional (backup.postgresDatabases != []) "/tmp/postgresDatabases") }
+          restic backup ${escapeShellArgs (((backup.paths ++ optional (backup.postgresDatabases != []) "/tmp/postgresDatabases") ++ optional (backup.sqliteDatabases != []) "/tmp/sqliteDatabases") ++ optional (backup.influxBuckets != []) "/tmp/influxBuckets") }
 
           restic check
         '') backup.targets;

diff --git a/secrets/lollo/influx/backup_env.age b/secrets/lollo/influx/backup_env.age  Binary files differ.
diff --git a/secrets/lollo/restic/influxdb.age b/secrets/lollo/restic/influxdb.age  Binary files differ.
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -31,6 +31,7 @@ in {
   "lollo/influx/grafana_token.age".publicKeys                 = [ leah lollo trabbi];
   "lollo/influx/telegraf_token.age".publicKeys                = [ leah lollo ];
   "lollo/influx/master_token.age".publicKeys                  = [ leah lollo ];
+  "lollo/influx/backup_env.age".publicKeys                    = [ leah lollo ];
 
   "lollo/restic-server-htpasswd.age".publicKeys               = [ leah lollo ];
   "lollo/wireguard-privkey.age".publicKeys                    = [ leah lollo ];

@@ -41,6 +42,7 @@ in {
   "lollo/restic/gotosocial.age".publicKeys                    = [ leah lollo ];
   "lollo/restic/oeffisearch.age".publicKeys                   = [ leah lollo ];
   "lollo/restic/radicale.age".publicKeys                      = [ leah lollo ];
+  "lollo/restic/influxdb.age".publicKeys                      = [ leah lollo ];
 
 
   "lollo-old/syncthing/key.age".publicKeys                    = [ leah lollo-old ];