2 changed files with 10 additions and 97 deletions
--- a/hosts/bicep/services/mysql.nix
+++ b/hosts/bicep/services/mysql.nix
@ -1,7 +1,4 @@
 { pkgs, lib, config, values, ... }:
 let
  backupDir = "/var/lib/mysql/backups";
 in
 {
  sops.secrets."mysql/password" = {
    owner = "mysql";
@ -39,6 +36,11 @@ in
    }];
  };
  services.mysqlBackup = {
    enable = true;
    location = "/var/lib/mysql/backups";
  };
  networking.firewall.allowedTCPPorts = [ 3306 ];
  systemd.services.mysql.serviceConfig = {
@ -48,51 +50,4 @@ in
      values.ipv6-space
    ];
  };
  # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
  #       another unit, it was easier to just make one ourselves
  systemd.services."backup-mysql" = {
    description = "Backup MySQL data";
    requires = [ "mysql.service" ];
    path = [
      pkgs.coreutils
      pkgs.rsync
      pkgs.gzip
      config.services.mysql.package
    ];
    script = let
      rotations = 10;
      sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/mysql";
      sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/mysql";
    in ''
      set -eo pipefail
      mysqldump | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
      while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
        rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
      done
      rsync -avz --delete "${backupDir}" '${sshTarget1}'
      rsync -avz --delete "${backupDir}" '${sshTarget2}'
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "mysql";
      Group = "mysql";
      UMask = "0077";
      ReadWritePaths = [ backupDir ];
    };
    startAt = "*-*-* 02:15:00";
  };
  systemd.tmpfiles.settings."10-mysql-backup".${backupDir}.d = {
    user = "mysql";
    group = "mysql";
    mode = "700";
  };
 }
--- a/hosts/bicep/services/postgres.nix
+++ b/hosts/bicep/services/postgres.nix
@ -1,7 +1,6 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, ... }:
 let
  sslCert = config.security.acme.certs."postgres.pvv.ntnu.no";
  backupDir = "/var/lib/postgresql/backups";
 in
 {
  services.postgresql = {
@ -90,50 +89,9 @@ in
  networking.firewall.allowedTCPPorts = [ 5432 ];
  networking.firewall.allowedUDPPorts = [ 5432 ];
-  # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger
+  services.postgresqlBackup = {
-  #       another unit, it was easier to just make one ourselves
+    enable = true;
-  systemd.services."backup-postgresql" = {
+    location = "/var/lib/postgres/backups";
-    description = "Backup PostgreSQL data";
+    backupAll = true;
    requires = [ "postgresql.service" ];
    path = [
      pkgs.coreutils
      pkgs.rsync
      pkgs.gzip
      config.services.postgresql.package
    ];
    script = let
      rotations = 10;
      sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/postgresql";
      sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/postgresql";
    in ''
      set -eo pipefail
      pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz"
      while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do
        rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)
      done
      rsync -avz --delete "${backupDir}" '${sshTarget1}'
      rsync -avz --delete "${backupDir}" '${sshTarget2}'
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "postgres";
      Group = "postgres";
      UMask = "0077";
      ReadWritePaths = [ backupDir ];
    };
    startAt = "*-*-* 01:15:00";
  };
  systemd.tmpfiles.settings."10-postgresql-backup".${backupDir}.d = {
    user = "postgres";
    group = "postgres";
    mode = "700";
  };
 }