WIP: leonard: add backup.nix, mysqlBackup

2026-01-26 00:15:44 +01:00
parent 97b7cb8e53
commit f8ca64ee28
6 changed files with 105 additions and 1 deletions
--- a/hosts/leonard/backup.nix
+++ b/hosts/leonard/backup.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+{
+  services.restic.backups = let
+    localJob = name: paths: {
+      inherit paths;
+      repository = "/mnt/feal-syn1/backup/leonard/${name}"; # TODO - Mount first
+      passwordFile = config.sops.secrets."restic/${name}".path;
+      initialize = true;
+      pruneOpts = [
+        "--keep-daily 3"
+        "--keep-weekly 4"
+        "--keep-monthly 3"
+      ];
+    };
+    cloudJob = name: paths: {
+      inherit paths;
+      # "rsyncnet" connection details specified in /root/.ssh/config
+      extraOptions = [ "rclone.program=\"ssh rsyncnet\"" ];
+      # repository = "rclone::/${name}";
+      repository = "rclone:";
+      passwordFile = config.sops.secrets."restic/${name}".path;
+      initialize = true;
+      pruneOpts = [
+        # rsync.net keeps daily snapshots
+        "--keep-weekly 4"
+        "--keep-monthly 36"
+      ];
+    };
+  in {
+    # TODO - local NAS backups
+    mysql-remote = (cloudJob "postgres" [ "/var/backup/mysql" ]) // {
+      timerConfig.OnCalendar = "01:30"; # 1h after mysqlBackup
+    };
+    # WIP
+    # postgres-remote = (cloudJob "postgres" [ "/tank/backup/postgresql" ]) // {
+    #   timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
+    # };
+
+  };
+
+  sops.secrets."restic/mysql" = { };
+  sops.secrets."restic/postgres" = { };
+}
--- a/hosts/leonard/configuration.nix
+++ b/hosts/leonard/configuration.nix
@@ -8,6 +8,7 @@
      ../../common/auto-upgrade.nix
      ./hardware-configuration.nix

+      ./backup.nix
      ./services/mysql.nix
      ./services/nginx.nix
      ./services/postgresql.nix
--- a/hosts/leonard/services/mysql.nix
+++ b/hosts/leonard/services/mysql.nix
@@ -6,5 +6,8 @@
    package = pkgs.mariadb;
  };

-  # TODO: services.mysqlBackup
+  services.mysqlBackup = {
+    enable = true;
+    calendar = "00:30:00";
+  };
 }
--- a/hosts/leonard/services/www-kinealbrigtsen-no.nix
+++ b/hosts/leonard/services/www-kinealbrigtsen-no.nix
@@ -20,6 +20,9 @@
      };
    }
  ];
+  services.mysqlBackup.databases = [
+    "www_kinealbrigtsen_no"
+  ];

  services.phpfpm.pools.www-kinealbrigtsen-no = {
    user = "www-kinealbrigtsen-no";