From 9034a719274762ca547b30753d4f469859eb6196 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 20 Aug 2024 21:38:38 +0200 Subject: [PATCH 1/2] WIP: backup postgresql --- hosts/bicep/services/postgres.nix | 54 ++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 5 deletions(-) diff --git a/hosts/bicep/services/postgres.nix b/hosts/bicep/services/postgres.nix index 516af7d..12c126d 100644 --- a/hosts/bicep/services/postgres.nix +++ b/hosts/bicep/services/postgres.nix @@ -1,4 +1,7 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: +let + backupDir = "/var/lib/postgresql/backups"; +in { services.postgresql = { enable = true; @@ -90,9 +93,50 @@ networking.firewall.allowedTCPPorts = [ 5432 ]; networking.firewall.allowedUDPPorts = [ 5432 ]; - services.postgresqlBackup = { - enable = true; - location = "/var/lib/postgres/backups"; - backupAll = true; + # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger + # another unit, it was easier to just make one ourselves + systemd.services."backup-postgresql" = { + description = "Backup PostgreSQL data"; + requires = [ "postgresql.service" ]; + + path = [ + pkgs.coreutils + pkgs.rsync + pkgs.gzip + config.services.postgresql.package + ]; + + script = let + rotations = 10; + sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/postgresql"; + sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/postgresql"; + in '' + set -eo pipefail + + pg_dumpall -U postgres | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz" + + while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do + rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2) + done + + rsync -avz --delete "${backupDir}" '${sshTarget1}' + rsync -avz --delete "${backupDir}" '${sshTarget2}' + ''; + + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + Group = "postgres"; + UMask = "0077"; + ReadWritePaths = [ backupDir ]; + }; + + startAt = "*-*-* 01:15:00"; + }; + + systemd.tmpfiles.settings."10-postgresql-backup".${backupDir}.d = { + user = "postgres"; + group = "postgres"; + mode = "700"; }; } -- 2.47.0 From f498b82b072d2a3851640995f593ebeeb571b500 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 20 Aug 2024 21:43:26 +0200 Subject: [PATCH 2/2] WIP: backup mysql --- hosts/bicep/services/mysql.nix | 55 ++++++++++++++++++++++++++++++---- 1 file changed, 50 insertions(+), 5 deletions(-) diff --git a/hosts/bicep/services/mysql.nix b/hosts/bicep/services/mysql.nix index fc9d706..4c24031 100644 --- a/hosts/bicep/services/mysql.nix +++ b/hosts/bicep/services/mysql.nix @@ -1,4 +1,7 @@ { pkgs, lib, config, values, ... }: +let + backupDir = "/var/lib/mysql/backups"; +in { sops.secrets."mysql/password" = { owner = "mysql"; @@ -36,11 +39,6 @@ }]; }; - services.mysqlBackup = { - enable = true; - location = "/var/lib/mysql/backups"; - }; - networking.firewall.allowedTCPPorts = [ 3306 ]; systemd.services.mysql.serviceConfig = { @@ -50,4 +48,51 @@ values.ipv6-space ]; }; + + # NOTE: instead of having the upstream nixpkgs postgres backup unit trigger + # another unit, it was easier to just make one ourselves + systemd.services."backup-mysql" = { + description = "Backup MySQL data"; + requires = [ "mysql.service" ]; + + path = [ + pkgs.coreutils + pkgs.rsync + pkgs.gzip + config.services.mysql.package + ]; + + script = let + rotations = 10; + sshTarget1 = "root@isvegg.pvv.ntnu.no:/mnt/backup1/bicep/mysql"; + sshTarget2 = "root@isvegg.pvv.ntnu.no:/mnt/backup2/bicep/mysql"; + in '' + set -eo pipefail + + mysqldump | gzip -c -9 --rsyncable > "${backupDir}/$(date --iso-8601)-dump.sql.gz" + + while [ $(ls -1 "${backupDir}" | wc -l) -gt ${toString rotations} ]; do + rm $(find "${backupDir}" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2) + done + + rsync -avz --delete "${backupDir}" '${sshTarget1}' + rsync -avz --delete "${backupDir}" '${sshTarget2}' + ''; + + serviceConfig = { + Type = "oneshot"; + User = "mysql"; + Group = "mysql"; + UMask = "0077"; + ReadWritePaths = [ backupDir ]; + }; + + startAt = "*-*-* 02:15:00"; + }; + + systemd.tmpfiles.settings."10-mysql-backup".${backupDir}.d = { + user = "mysql"; + group = "mysql"; + mode = "700"; + }; } -- 2.47.0