diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2023-08-31 11:44:53 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-08-31 11:56:26 +0200 |
commit | 6592341dc31c6f26422ec3a9fed2e601ab985cfc (patch) | |
tree | 52bc5f39e17c6875725a3e80cce5e73d0b86dd65 | |
parent | 666a2b0a8a7941768077a7774d6ca7732d8e8c24 (diff) |
prism: add backup
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
-rw-r--r-- | lass/2configs/codimd.nix | 71 |
1 files changed, 67 insertions, 4 deletions
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index ccca49fac..0927788a7 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -2,7 +2,8 @@ with import <stockholm/lib>; let domain = "pad.lassul.us"; -in { +in +{ # redirect legacy domain to new one services.nginx.virtualHosts."codi.lassul.us" = { @@ -25,13 +26,77 @@ in { security.dhparams = { enable = true; - params.hedgedoc = {}; + params.hedgedoc = { }; }; systemd.services.hedgedoc.environment = { CMD_COOKIE_POLICY = "none"; CMD_CSP_ALLOW_FRAMING = "true"; }; + + systemd.services.hedgedoc-backup = { + startAt = "daily"; + serviceConfig = { + ExecStart = ''${pkgs.sqlite}/bin/sqlite3 /var/lib/hedgedoc/db.hedgedoc.sqlite ".backup /var/backup/hedgedoc/backup.sq3"''; + Type = "oneshot"; + }; + }; + + services.postgresqlBackup.enable = true; + + systemd.services.borgbackup-job-hetzner.serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ]; + + services.borgbackup.jobs.hetzner = { + paths = [ + "/home" + "/etc" + "/var" + "/root" + ]; + exclude = [ + "*.pyc" + "/home/*/.direnv" + "/home/*/.cache" + "/home/*/.cargo" + "/home/*/.npm" + "/home/*/.m2" + "/home/*/.gradle" + "/home/*/.opam" + "/home/*/.clangd" + "/var/lib/containerd" + # already included in database backup + "/var/lib/postgresql" + # not so important + "/var/lib/docker/" + "/var/log/journal" + "/var/cache" + "/var/tmp" + "/var/log" + ]; + repo = "u348918@u348918.your-storagebox.de:/./hetzner"; + encryption.mode = "none"; + compression = "auto,zstd"; + startAt = "daily"; + # TODO: change backup key + environment.BORG_RSH = "ssh -oPort=23 -i ${config.sops.secrets.hetzner-borgbackup-ssh.path}"; + preHook = '' + set -x + ''; + + postHook = '' + cat > /var/log/telegraf/borgbackup-job-hetzner.service <<EOF + task,frequency=daily last_run=$(date +%s)i,state="$([[ $exitStatus == 0 ]] && echo ok || echo fail)" + EOF + ''; + + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 4; + monthly = 0; + }; + }; + services.hedgedoc = { enable = true; configuration.allowOrigin = [ domain ]; @@ -51,8 +116,6 @@ in { sslCertPath = "/var/lib/acme/${domain}/cert.pem"; sslKeyPath = "/var/lib/acme/${domain}/key.pem"; dhParamPath = config.security.dhparams.params.hedgedoc.path; - }; }; } - |