From 6efebc5cb7f189a25dc301bf12ff25205ae37c7f Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 20 Aug 2024 21:38:38 +0200 Subject: [PATCH] WIP: backup postgresql --- hosts/bicep/services/postgres.nix | 52 ++++++++++++++++++++++++++++--- 1 file changed, 47 insertions(+), 5 deletions(-) diff --git a/hosts/bicep/services/postgres.nix b/hosts/bicep/services/postgres.nix index df92735..0274e06 100644 --- a/hosts/bicep/services/postgres.nix +++ b/hosts/bicep/services/postgres.nix @@ -1,6 +1,7 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let sslCert = config.security.acme.certs."postgres.pvv.ntnu.no"; + backupDir = "/var/lib/postgresql/backups"; in { services.postgresql = { @@ -89,9 +90,50 @@ in networking.firewall.allowedTCPPorts = [ 5432 ]; networking.firewall.allowedUDPPorts = [ 5432 ]; - services.postgresqlBackup = { - enable = true; - location = "/var/lib/postgres/backups"; - backupAll = true; + # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger + # another unit, it was easier to just make one ourselves + systemd.services."backup-postgresql" = { + description = "Backup PostgreSQL data"; + requires = [ "postgresql.service" ]; + + path = [ + pkgs.coreutils + pkgs.rsync + pkgs.gzip + config.services.postgresql.package + ]; + + script = let + rotations = 10; + sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/postgresql"; + sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/postgresql"; + in '' + set -eo pipefail + + pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz" + + while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do + rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2) + done + + rsync -avz --delete "${backupDir}" '${sshTarget1}' + rsync -avz --delete "${backupDir}" '${sshTarget2}' + ''; + + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + Group = "postgres"; + UMask = "0077"; + ReadWritePaths = [ backupDir ]; + }; + + startAt = "*-*-* 01:15:00"; + }; + + systemd.tmpfiles.settings."10-postgresql-backup".${backupDir}.d = { + user = "postgres"; + group = "postgres"; + mode = "700"; }; }