diff --git a/hosts/bicep/services/mysql/backup.nix b/hosts/bicep/services/mysql/backup.nix index 8988d14..68fb18b 100644 --- a/hosts/bicep/services/mysql/backup.nix +++ b/hosts/bicep/services/mysql/backup.nix @@ -1,16 +1,17 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.services.mysql; + backupDir = "/var/lib/mysql-backups"; in { - services.mysqlBackup = lib.mkIf cfg.enable { - enable = true; - location = "/var/lib/mysql-backups"; - }; + # services.mysqlBackup = lib.mkIf cfg.enable { + # enable = true; + # location = "/var/lib/mysql-backups"; + # }; services.rsync-pull-targets = lib.mkIf cfg.enable { enable = true; - locations.${config.services.mysqlBackup.location} = { + locations.${backupDir} = { user = "root"; rrsyncArgs.ro = true; authorizedKeysAttrs = [ @@ -23,4 +24,50 @@ in publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJgj55/7Cnj4cYMJ5sIkl+OwcGeBe039kXJTOf2wvo9j mysql rsync backup"; }; }; + + # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger + # another unit, it was easier to just make one ourselves. + systemd.services."backup-mysql" = lib.mkIf cfg.enable { + description = "Backup MySQL data"; + requires = [ "mysql.service" ]; + + path = with pkgs; [ + cfg.package + coreutils + gzip + ]; + + script = let + rotations = 1; + in '' + set -eo pipefail + + mysqldump --all-databases | gzip -c -9 --rsyncable > "${backupDir}/mysql-dump.sql.gz" + + ''; + + # NOTE: keep multiple backups and symlink latest one once we have more disk again + # mysqldump --all-databases | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz" + + # while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do + # rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2) + # done + + serviceConfig = { + Type = "oneshot"; + User = "mysql"; + Group = "mysql"; + UMask = "0077"; + + Nice = 19; + IOSchedulingClass = "best-effort"; + IOSchedulingPriority = 7; + + StateDirectory = [ (builtins.baseNameOf backupDir) ]; + + # TODO: hardening + }; + + startAt = "*-*-* 02:15:00"; + }; } diff --git a/hosts/bicep/services/postgresql/backup.nix b/hosts/bicep/services/postgresql/backup.nix index 9686b4f..86b172c 100644 --- a/hosts/bicep/services/postgresql/backup.nix +++ b/hosts/bicep/services/postgresql/backup.nix @@ -1,17 +1,18 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let cfg = config.services.postgresql; + backupDir = "/var/lib/postgresql-backups"; in { - services.postgresqlBackup = lib.mkIf cfg.enable { - enable = true; - location = "/var/lib/postgres-backups"; - backupAll = true; - }; + # services.postgresqlBackup = lib.mkIf cfg.enable { + # enable = true; + # location = "/var/lib/postgresql-backups"; + # backupAll = true; + # }; services.rsync-pull-targets = lib.mkIf cfg.enable { enable = true; - locations.${config.services.postgresqlBackup.location} = { + locations.${backupDir} = { user = "root"; rrsyncArgs.ro = true; authorizedKeysAttrs = [ @@ -24,4 +25,47 @@ in publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvO7QX7QmwSiGLXEsaxPIOpAqnJP3M+qqQRe5dzf8gJ postgresql rsync backup"; }; }; + + # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger + # another unit, it was easier to just make one ourselves + systemd.services."backup-postgresql" = { + description = "Backup PostgreSQL data"; + requires = [ "postgresql.service" ]; + + path = with pkgs; [ + coreutils + gzip + cfg.package + ]; + + script = let + rotations = 1; + in '' + set -eo pipefail + + pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/postgresql-dump.sql.gz" + ''; + + # pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz" + # while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do + # rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2) + # done + + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + Group = "postgres"; + UMask = "0077"; + + Nice = 19; + IOSchedulingClass = "best-effort"; + IOSchedulingPriority = 7; + + StateDirectory = [ (builtins.baseNameOf backupDir) ]; + + # TODO: hardening + }; + + startAt = "*-*-* 01:15:00"; + }; }