Compare commits

...

2 Commits

Author SHA1 Message Date
h7x4 087753eb1e
WIP: backup mysql 2024-08-20 21:43:26 +02:00
h7x4 6efebc5cb7
WIP: backup postgresql 2024-08-20 21:43:14 +02:00
2 changed files with 97 additions and 10 deletions

View File

@ -1,4 +1,7 @@
{ pkgs, lib, config, values, ... }:
let
backupDir = "/var/lib/mysql/backups";
in
{
sops.secrets."mysql/password" = {
owner = "mysql";
@ -36,11 +39,6 @@
}];
};
services.mysqlBackup = {
enable = true;
location = "/var/lib/mysql/backups";
};
networking.firewall.allowedTCPPorts = [ 3306 ];
systemd.services.mysql.serviceConfig = {
@ -50,4 +48,51 @@
values.ipv6-space
];
};
# NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
# another unit, it was easier to just make one ourselves
systemd.services."backup-mysql" = {
description = "Backup MySQL data";
requires = [ "mysql.service" ];
path = [
pkgs.coreutils
pkgs.rsync
pkgs.gzip
config.services.mysql.package
];
script = let
rotations = 10;
sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/mysql";
sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/mysql";
in ''
set -eo pipefail
mysqldump | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
done
rsync -avz --delete "${backupDir}" '${sshTarget1}'
rsync -avz --delete "${backupDir}" '${sshTarget2}'
'';
serviceConfig = {
Type = "oneshot";
User = "mysql";
Group = "mysql";
UMask = "0077";
ReadWritePaths = [ backupDir ];
};
startAt = "*-*-* 02:15:00";
};
systemd.tmpfiles.settings."10-mysql-backup".${backupDir}.d = {
user = "mysql";
group = "mysql";
mode = "700";
};
}

View File

@ -1,6 +1,7 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
sslCert = config.security.acme.certs."postgres.pvv.ntnu.no";
backupDir = "/var/lib/postgresql/backups";
in
{
services.postgresql = {
@ -89,9 +90,50 @@ in
networking.firewall.allowedTCPPorts = [ 5432 ];
networking.firewall.allowedUDPPorts = [ 5432 ];
services.postgresqlBackup = {
enable = true;
location = "/var/lib/postgres/backups";
backupAll = true;
# NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
# another unit, it was easier to just make one ourselves
systemd.services."backup-postgresql" = {
description = "Backup PostgreSQL data";
requires = [ "postgresql.service" ];
path = [
pkgs.coreutils
pkgs.rsync
pkgs.gzip
config.services.postgresql.package
];
script = let
rotations = 10;
sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/postgresql";
sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/postgresql";
in ''
set -eo pipefail
pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
done
rsync -avz --delete "${backupDir}" '${sshTarget1}'
rsync -avz --delete "${backupDir}" '${sshTarget2}'
'';
serviceConfig = {
Type = "oneshot";
User = "postgres";
Group = "postgres";
UMask = "0077";
ReadWritePaths = [ backupDir ];
};
startAt = "*-*-* 01:15:00";
};
systemd.tmpfiles.settings."10-postgresql-backup".${backupDir}.d = {
user = "postgres";
group = "postgres";
mode = "700";
};
}