mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-01-12 02:18:25 +01:00
Compare commits
2 Commits
backup-dat
...
f7e2c74f89
| Author | SHA1 | Date | |
|---|---|---|---|
|
f7e2c74f89 | ||
| 161265d346 |
@@ -26,10 +26,14 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
|
||||
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
||||
|
||||
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --upgrade --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
|
||||
|
||||
som root på maskinen.
|
||||
|
||||
Hvis du ikke har lyst til å oppdatere alle pakkene (og kanskje måtte vente en stund!) kan du kjøre
|
||||
|
||||
`nixos-rebuild switch --override-input nixpkgs nixpkgs --override-input nixpkgs-unstable nixpkgs-unstable --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
|
||||
|
||||
## Seksjonen for hemmeligheter
|
||||
|
||||
For at hemmeligheter ikke skal deles med hele verden i git - eller å være world
|
||||
|
||||
@@ -23,8 +23,12 @@
|
||||
*/
|
||||
registry = {
|
||||
"nixpkgs".flake = inputs.nixpkgs;
|
||||
"nixpkgs-unstable".flake = inputs.nixpkgs-unstable;
|
||||
"pvv-nix".flake = inputs.self;
|
||||
};
|
||||
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||||
nixPath = [
|
||||
"nixpkgs=${inputs.nixpkgs}"
|
||||
"unstable=${inputs.nixpkgs-unstable}"
|
||||
];
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
8
flake.lock
generated
8
flake.lock
generated
@@ -214,11 +214,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722722932,
|
||||
"narHash": "sha256-K81a2GQpY2kRX+C9ek9r91THlZB674CqRTSMMb5IO7E=",
|
||||
"lastModified": 1725212759,
|
||||
"narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "6580cfe546c902cdf11e17b0b8aa30b3c412bb34",
|
||||
"revCount": 465,
|
||||
"rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f",
|
||||
"revCount": 473,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
},
|
||||
|
||||
@@ -1,7 +1,4 @@
|
||||
{ pkgs, lib, config, values, ... }:
|
||||
let
|
||||
backupDir = "/var/lib/mysql/backups";
|
||||
in
|
||||
{
|
||||
sops.secrets."mysql/password" = {
|
||||
owner = "mysql";
|
||||
@@ -39,6 +36,11 @@ in
|
||||
}];
|
||||
};
|
||||
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
location = "/var/lib/mysql/backups";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3306 ];
|
||||
|
||||
systemd.services.mysql.serviceConfig = {
|
||||
@@ -48,58 +50,4 @@ in
|
||||
values.ipv6-space
|
||||
];
|
||||
};
|
||||
|
||||
# NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
|
||||
# another unit, it was easier to just make one ourselves
|
||||
systemd.services."backup-mysql" = {
|
||||
description = "Backup MySQL data";
|
||||
requires = [ "mysql.service" ];
|
||||
|
||||
path = [
|
||||
pkgs.coreutils
|
||||
pkgs.rsync
|
||||
pkgs.gzip
|
||||
config.services.mysql.package
|
||||
];
|
||||
|
||||
script = let
|
||||
rotations = 10;
|
||||
# rsyncTarget = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/mysql";
|
||||
rsyncTarget = "/data/backup/mysql";
|
||||
in ''
|
||||
set -eo pipefail
|
||||
|
||||
mysqldump --all-databases | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
|
||||
|
||||
while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
|
||||
rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
|
||||
done
|
||||
|
||||
rsync -avz --delete "${backupDir}" '${rsyncTarget}'
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "mysql";
|
||||
Group = "mysql";
|
||||
UMask = "0077";
|
||||
|
||||
Nice = 19;
|
||||
IOSchedulingClass = "best-effort";
|
||||
IOSchedulingPriority = 7;
|
||||
|
||||
ReadWritePaths = [
|
||||
backupDir
|
||||
"/data/backup/mysql" # NOTE: should not be part of this option once rsyncTarget is remote
|
||||
];
|
||||
};
|
||||
|
||||
startAt = "*-*-* 02:15:00";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-mysql-backup".${backupDir}.d = {
|
||||
user = "mysql";
|
||||
group = "mysql";
|
||||
mode = "700";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,7 +1,4 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
backupDir = "/var/lib/postgresql/backups";
|
||||
in
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
@@ -93,57 +90,9 @@ in
|
||||
networking.firewall.allowedTCPPorts = [ 5432 ];
|
||||
networking.firewall.allowedUDPPorts = [ 5432 ];
|
||||
|
||||
# NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
|
||||
# another unit, it was easier to just make one ourselves
|
||||
systemd.services."backup-postgresql" = {
|
||||
description = "Backup PostgreSQL data";
|
||||
requires = [ "postgresql.service" ];
|
||||
|
||||
path = [
|
||||
pkgs.coreutils
|
||||
pkgs.rsync
|
||||
pkgs.gzip
|
||||
config.services.postgresql.package
|
||||
];
|
||||
|
||||
script = let
|
||||
rotations = 10;
|
||||
# rsyncTarget = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/postgresql";
|
||||
rsyncTarget = "/data/backup/postgresql";
|
||||
in ''
|
||||
set -eo pipefail
|
||||
|
||||
pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
|
||||
|
||||
while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
|
||||
rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
|
||||
done
|
||||
|
||||
rsync -avz --delete "${backupDir}" '${rsyncTarget}'
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "postgres";
|
||||
Group = "postgres";
|
||||
UMask = "0077";
|
||||
|
||||
Nice = 19;
|
||||
IOSchedulingClass = "best-effort";
|
||||
IOSchedulingPriority = 7;
|
||||
|
||||
ReadWritePaths = [
|
||||
backupDir
|
||||
"/data/backup/postgresql" # NOTE: should not be part of this option once rsyncTarget is remote
|
||||
];
|
||||
};
|
||||
|
||||
startAt = "*-*-* 01:15:00";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-postgresql-backup".${backupDir}.d = {
|
||||
user = "postgres";
|
||||
group = "postgres";
|
||||
mode = "700";
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
location = "/var/lib/postgres/backups";
|
||||
backupAll = true;
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user