Add backups for bigding

2023-07-05 14:03:50 +01:00
parent 9dfac1e83f
commit acbe732614
7 changed files with 96 additions and 0 deletions
--- a/modules/backups/bigding/default.nix
+++ b/modules/backups/bigding/default.nix
@@ -0,0 +1,45 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  age.secrets = {
+    bigding_backup_s3_creds.file = ../../../secrets/bigding_backup_s3_creds.age;
+    bigding_backup_repo_password.file = ../../../secrets/bigding_backup_repo_password.age;
+  };
+
+  services.restic.backups = {
+    "system" = {
+      initialize = true;
+      passwordFile = config.age.secrets.bigding_backup_repo_password.path;
+      timerConfig = {
+        OnCalendar = "02:00";
+      };
+      repository = "s3:s3.eu-central-003.backblazeb2.com/bigding-backup";
+      s3CredentialsFile = config.age.secrets.bigding_backup_s3_creds.path;
+
+      paths = [
+        "/etc/group"
+        "/etc/machine-id"
+        "/etc/NetworkManager/system-connections"
+        "/etc/passwd"
+        "/etc/subgid"
+        "/home"
+        "/root"
+        "/var/lib/prometheus2"
+        "/var/lib/jellyfin"
+        "/var/lib/fail2ban"
+        "/var/lib/matrix-synapse"
+        "/var/lib/golink"
+        "/var/lib/tailscale"
+        "/var/lib/caddy"
+        "/var/backup"
+      ];
+
+      backupPrepareCommand = ''
+        ${pkgs.postgresql_13}/bin/pg_dumpall --clean -U postgres | ${pkgs.zstd}/bin/zstd --rsyncable > /var/backup/pgdump.sql.zst
+      '';
+
+    };
+  };
+}
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,6 +1,7 @@
 {
  bigding = {
    imports = [
+      ./backups/bigding
      ./caddy
      ./dungflix
      ./fail2ban
--- a/modules/gitea/default.nix
+++ b/modules/gitea/default.nix
@@ -9,6 +9,13 @@
    database = {
      type = "sqlite3";
    };
+    dump = {
+      enable = true;
+      type = "tar.zst";
+      file = "gitea.zip";
+      backupDir = "/var/backup";
+      interval = "01:30";
+    };
    settings = {
      server = {
        ROOT_URL = "https://git.broccoli.town/";
@@ -21,6 +28,7 @@
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
      };
+      };
    };
  };
 }
--- a/modules/synapse/default.nix
+++ b/modules/synapse/default.nix
@@ -16,6 +16,9 @@ in {
        };
      }
    ];
+    authentication = ''
+      local all all trust
+    '';
    ensureDatabases = [
      "synapse"
    ];