Compare commits
2 Commits
f498b82b07
...
087753eb1e
Author | SHA1 | Date |
---|---|---|
h7x4 | 087753eb1e | |
h7x4 | 6efebc5cb7 |
|
@ -1,4 +1,7 @@
|
|||
{ pkgs, lib, config, values, ... }:
|
||||
let
|
||||
backupDir = "/var/lib/mysql/backups";
|
||||
in
|
||||
{
|
||||
sops.secrets."mysql/password" = {
|
||||
owner = "mysql";
|
||||
|
@ -36,11 +39,6 @@
|
|||
}];
|
||||
};
|
||||
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
location = "/var/lib/mysql/backups";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3306 ];
|
||||
|
||||
systemd.services.mysql.serviceConfig = {
|
||||
|
@ -50,4 +48,51 @@
|
|||
values.ipv6-space
|
||||
];
|
||||
};
|
||||
|
||||
# NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
|
||||
# another unit, it was easier to just make one ourselves
|
||||
systemd.services."backup-mysql" = {
|
||||
description = "Backup MySQL data";
|
||||
requires = [ "mysql.service" ];
|
||||
|
||||
path = [
|
||||
pkgs.coreutils
|
||||
pkgs.rsync
|
||||
pkgs.gzip
|
||||
config.services.mysql.package
|
||||
];
|
||||
|
||||
script = let
|
||||
rotations = 10;
|
||||
sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/mysql";
|
||||
sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/mysql";
|
||||
in ''
|
||||
set -eo pipefail
|
||||
|
||||
mysqldump | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
|
||||
|
||||
while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
|
||||
rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
|
||||
done
|
||||
|
||||
rsync -avz --delete "${backupDir}" '${sshTarget1}'
|
||||
rsync -avz --delete "${backupDir}" '${sshTarget2}'
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "mysql";
|
||||
Group = "mysql";
|
||||
UMask = "0077";
|
||||
ReadWritePaths = [ backupDir ];
|
||||
};
|
||||
|
||||
startAt = "*-*-* 02:15:00";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-mysql-backup".${backupDir}.d = {
|
||||
user = "mysql";
|
||||
group = "mysql";
|
||||
mode = "700";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
sslCert = config.security.acme.certs."postgres.pvv.ntnu.no";
|
||||
backupDir = "/var/lib/postgresql/backups";
|
||||
in
|
||||
{
|
||||
services.postgresql = {
|
||||
|
@ -89,9 +90,50 @@ in
|
|||
networking.firewall.allowedTCPPorts = [ 5432 ];
|
||||
networking.firewall.allowedUDPPorts = [ 5432 ];
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
location = "/var/lib/postgres/backups";
|
||||
backupAll = true;
|
||||
# NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
|
||||
# another unit, it was easier to just make one ourselves
|
||||
systemd.services."backup-postgresql" = {
|
||||
description = "Backup PostgreSQL data";
|
||||
requires = [ "postgresql.service" ];
|
||||
|
||||
path = [
|
||||
pkgs.coreutils
|
||||
pkgs.rsync
|
||||
pkgs.gzip
|
||||
config.services.postgresql.package
|
||||
];
|
||||
|
||||
script = let
|
||||
rotations = 10;
|
||||
sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/postgresql";
|
||||
sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/postgresql";
|
||||
in ''
|
||||
set -eo pipefail
|
||||
|
||||
pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
|
||||
|
||||
while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
|
||||
rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
|
||||
done
|
||||
|
||||
rsync -avz --delete "${backupDir}" '${sshTarget1}'
|
||||
rsync -avz --delete "${backupDir}" '${sshTarget2}'
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "postgres";
|
||||
Group = "postgres";
|
||||
UMask = "0077";
|
||||
ReadWritePaths = [ backupDir ];
|
||||
};
|
||||
|
||||
startAt = "*-*-* 01:15:00";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings."10-postgresql-backup".${backupDir}.d = {
|
||||
user = "postgres";
|
||||
group = "postgres";
|
||||
mode = "700";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue