bicep/{postgres,mysql}: add rsync pull targets for backups

2026-02-04 09:10:01 +01:00 · 2026-01-27 20:39:12 +09:00
parent d43de08a3b
commit 2ed1c83858
2 changed files with 33 additions and 1 deletions
--- a/hosts/bicep/services/mysql.nix
+++ b/hosts/bicep/services/mysql.nix
@@ -44,6 +44,22 @@ in
    location = "/var/lib/mysql/backups";
  };

+  services.rsync-pull-targets = lib.mkIf cfg.enable {
+    enable = true;
+    locations.${config.services.mysqlBackup.location} = {
+      user = "root";
+      rrsyncArgs.ro = true;
+      authorizedKeysAttrs = [
+        "restrict"
+        "no-agent-forwarding"
+        "no-port-forwarding"
+        "no-pty"
+        "no-X11-forwarding"
+      ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJgj55/7Cnj4cYMJ5sIkl+OwcGeBe039kXJTOf2wvo9j mysql rsync backup";
+    };
+  };
+
  networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 3306 ];

  systemd.tmpfiles.settings."10-mysql".${dataDir}.d = lib.mkIf cfg.enable {