rework backups · okk.moe/homelab@8fd4e1b

+1 -1

hosts/rk1-node-1.nix

··· 2 2 { 3 3 imports = [ 4 4 ../modules/common.nix 5 - ../modules/matrix.nix 5 + ../modules/continuwuity.nix 6 6 ]; 7 7 8 8 system.stateVersion = "25.11";

+46

modules/continuwuity.nix

··· 1 + { pkgs, ... }: 2 + { 3 + services.matrix-continuwuity = { 4 + enable = true; 5 + settings = { 6 + global = { 7 + server_name = "goo.garden"; 8 + address = [ 9 + "0.0.0.0" 10 + "::" 11 + ]; 12 + port = [ 6167 ]; 13 + allow_registration = false; 14 + allow_encryption = true; 15 + allow_federation = true; 16 + trusted_servers = [ 17 + "matrix.org" 18 + "events.ccc.de" 19 + "kabelsalat.ch" 20 + "outerwilds.space" 21 + ]; 22 + database_backup_path = "/var/lib/continuwuity/backups"; 23 + database_backups_to_keep = 3; 24 + admin_signal_execute = [ "server backup-database" ]; 25 + }; 26 + }; 27 + }; 28 + 29 + systemd.services.continuwuity-backup = { 30 + description = "Trigger Continuwuity database backup"; 31 + serviceConfig = { 32 + Type = "oneshot"; 33 + ExecStart = "${pkgs.systemd}/bin/systemctl kill --signal=SIGUSR2 continuwuity.service"; 34 + }; 35 + }; 36 + systemd.timers.continuwuity-backup = { 37 + description = "Daily Continuwuity database backup"; 38 + wantedBy = [ "timers.target" ]; 39 + timerConfig = { 40 + OnCalendar = "*-*-* 02:00:00"; 41 + Persistent = true; 42 + }; 43 + }; 44 + 45 + networking.firewall.allowedTCPPorts = [ 6167 ]; 46 + }

+16 -20

modules/immich.nix

··· 1 - { config, ... }: 1 + { pkgs, config, ... }: 2 2 { 3 3 services.immich = { 4 4 enable = true; ··· 30 30 enable = true; 31 31 databases = [ "immich" ]; 32 32 location = "/mnt/nas/backup/postgresql"; 33 - startAt = "daily"; 33 + startAt = "*-*-* 02:00:00"; 34 34 }; 35 35 36 36 # Rotate immich db backups: keep 14 daily, 1 per month after that ··· 44 44 wantedBy = [ "postgresqlBackup-immich.service" ]; 45 45 serviceConfig = { 46 46 Type = "oneshot"; 47 - ExecStart = toString [ 48 - "/run/current-system/sw/bin/bash" 49 - "-c" 50 - '' 51 - dir=/mnt/nas/backup/postgresql 52 - # keep first of each month 53 - for f in "$dir"/immich.sql.gz.*; do 54 - [ -f "$f" ] || continue 55 - age=$(( ($(date +%s) - $(date -r "$f" +%s)) / 86400 )) 56 - day=$(date -r "$f" +%d) 57 - if [ "$age" -gt 14 ] && [ "$day" != "01" ]; then 58 - rm -f "$f" 59 - elif [ "$age" -gt 90 ]; then 60 - rm -f "$f" 61 - fi 62 - done 63 - '' 64 - ]; 47 + ExecStart = pkgs.writeShellScript "immich-db-backup-rotate" '' 48 + dir=/mnt/nas/backup/postgresql 49 + # keep first of each month 50 + for f in "$dir"/immich.sql.gz.*; do 51 + [ -f "$f" ] || continue 52 + age=$(( ($(date +%s) - $(date -r "$f" +%s)) / 86400 )) 53 + day=$(date -r "$f" +%d) 54 + if [ "$age" -gt 14 ] && [ "$day" != "01" ]; then 55 + rm -f "$f" 56 + elif [ "$age" -gt 90 ]; then 57 + rm -f "$f" 58 + fi 59 + done 60 + ''; 65 61 }; 66 62 }; 67 63

+20 -19

modules/kitchenowl.nix

··· 1 - { config, lib, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 virtualisation.oci-containers = { 4 9 backend = "podman"; ··· 41 46 enable = true; 42 47 databases = [ "kitchenowl" ]; 43 48 location = "/mnt/nas/backup/postgresql"; 44 - startAt = "daily"; 49 + startAt = "*-*-* 02:00:00"; 45 50 }; 46 51 47 52 systemd.services.kitchenowl-db-backup-rotate = { ··· 54 59 wantedBy = [ "postgresqlBackup-kitchenowl.service" ]; 55 60 serviceConfig = { 56 61 Type = "oneshot"; 57 - ExecStart = toString [ 58 - "/run/current-system/sw/bin/bash" 59 - "-c" 60 - '' 61 - dir=/mnt/nas/backup/postgresql 62 - for f in "$dir"/kitchenowl.sql.gz.*; do 63 - [ -f "$f" ] || continue 64 - age=$(( ($(date +%s) - $(date -r "$f" +%s)) / 86400 )) 65 - day=$(date -r "$f" +%d) 66 - if [ "$age" -gt 14 ] && [ "$day" != "01" ]; then 67 - rm -f "$f" 68 - elif [ "$age" -gt 90 ]; then 69 - rm -f "$f" 70 - fi 71 - done 72 - '' 73 - ]; 62 + ExecStart = pkgs.writeShellScript "kitchenowl-db-backup-rotate" '' 63 + dir=/mnt/nas/backup/postgresql 64 + for f in "$dir"/kitchenowl.sql.gz.*; do 65 + [ -f "$f" ] || continue 66 + age=$(( ($(date +%s) - $(date -r "$f" +%s)) / 86400 )) 67 + day=$(date -r "$f" +%d) 68 + if [ "$age" -gt 14 ] && [ "$day" != "01" ]; then 69 + rm -f "$f" 70 + elif [ "$age" -gt 90 ]; then 71 + rm -f "$f" 72 + fi 73 + done 74 + ''; 74 75 }; 75 76 }; 76 77

-27

modules/matrix.nix

··· 1 - { ... }: 2 - { 3 - services.matrix-continuwuity = { 4 - enable = true; 5 - settings = { 6 - global = { 7 - server_name = "goo.garden"; 8 - address = [ 9 - "0.0.0.0" 10 - "::" 11 - ]; 12 - port = [ 6167 ]; 13 - allow_registration = false; 14 - allow_encryption = true; 15 - allow_federation = true; 16 - trusted_servers = [ 17 - "matrix.org" 18 - "events.ccc.de" 19 - "kabelsalat.ch" 20 - "outerwilds.space" 21 - ]; 22 - }; 23 - }; 24 - }; 25 - 26 - networking.firewall.allowedTCPPorts = [ 6167 ]; 27 - }

+15 -3

modules/restic.nix

··· 1 1 { config, pkgs, ... }: 2 2 3 + let 4 + backupSchedule = { 5 + cm4-node-1 = "03:00:00"; 6 + cm4-node-2 = "03:45:00"; 7 + rk1-node-1 = "04:30:00"; 8 + rk1-node-2 = "05:15:00"; 9 + }; 10 + in 3 11 { 4 12 environment.systemPackages = [ pkgs.restic ]; 5 13 6 14 services.restic.backups = { 7 15 homeserver = { 8 - initialize = true; 16 + initialize = false; 9 17 10 18 repositoryFile = config.sops.secrets.backup-repository.path; 11 19 passwordFile = config.sops.secrets.restic-password.path; ··· 17 25 18 26 exclude = [ 19 27 "/var/lib/docker" 28 + "/var/lib/containers" 20 29 "*.tmp" 21 30 ".cache" 22 31 ]; 23 32 33 + extraBackupArgs = [ 34 + "--retry-lock 30m" 35 + ]; 36 + 24 37 timerConfig = { 25 - OnCalendar = "daily"; 38 + OnCalendar = "*-*-* ${backupSchedule.${config.networking.hostName}}"; 26 39 Persistent = true; 27 - RandomizedDelaySec = "1h"; 28 40 }; 29 41 30 42 pruneOpts = [

Configure Feed

Configure Feed