dotfiles/nixos/boxes/cupsnet/backups.nix

{
  config,
  pkgs,
  ...
}: let
  genericBackupPath = "/var/lib/backups/";
  nixosContainersBackupPath = "/var/lib/nixos-containers/";
in rec {
  environment.systemPackages = with pkgs; [restic];

  sops.secrets."restic-backups-b2-repo-password" = {
    sopsFile = ./restic.sops.yaml;
  };
  sops.secrets."restic-backups-b2-environment" = {
    sopsFile = ./restic-environment.sops;
    format = "binary";
    path = "/etc/nixos/secrets/b2-env";
  };
  services = {
    restic.backups.b2 = {
      passwordFile = config.sops.secrets."restic-backups-b2-repo-password".path;
      paths = [
        "/var/lib/foundryvtt"
        "/var/lib/gitea"
        "/var/lib/mastodon"
        "/var/lib/postgresql"
        "/var/lib/private/cryptpad/"
        "${nixosContainersBackupPath}"
      ];
      repository = "b2:cyplo-backup-cupsnet";
      backupPrepareCommand = ''
        systemctl stop container@foundryvtt.service
        systemctl stop cryptpad.service
        systemctl stop forgejo.service
        systemctl stop mastodon*
        systemctl stop postgresql.service
      '';
      backupCleanupCommand = ''
        systemctl start postgresql.service
        systemctl start forgejo.service
        systemctl start cryptpad.service
        systemctl start container@foundryvtt.service
        systemctl start --all mastodon*
      '';
      timerConfig = {OnCalendar = "daily";};
      environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";
      exclude = ["cache"];
      pruneOpts = [
        "--keep-hourly 25"
        "--keep-daily 8"
        "--keep-weekly 5"
        "--keep-monthly 13"
        "--keep-yearly 2"
      ];
      checkOpts = ["--with-cache"];
    };
  };

  systemd.services.restic-backups-b2 = {
    environment = {
      GOMAXPROCS = "1";
      GOGC = "20";
    };
    serviceConfig = {
      Nice = 19;
      IOSchedulingClass = "idle";
    };
  };
}
add airy 2024-06-28 19:23:39 +01:00			`{`
			`config,`
			`pkgs,`
			`...`
			`}: let`
backup woodpecker ci 2022-12-02 22:13:18 +00:00			`genericBackupPath = "/var/lib/backups/";`
backup nixos containers on vpsfree 2023-12-23 13:46:39 +00:00			`nixosContainersBackupPath = "/var/lib/nixos-containers/";`
backup woodpecker ci 2022-12-02 22:13:18 +00:00			`in rec {`
add airy 2024-06-28 19:23:39 +01:00			`environment.systemPackages = with pkgs; [restic];`
backups on vpsfree, esp foundryvtt 2022-08-20 10:13:25 +01:00
			`sops.secrets."restic-backups-b2-repo-password" = {`
			`sopsFile = ./restic.sops.yaml;`
			`};`
			`sops.secrets."restic-backups-b2-environment" = {`
			`sopsFile = ./restic-environment.sops;`
			`format = "binary";`
			`path = "/etc/nixos/secrets/b2-env";`
			`};`
			`services = {`
			`restic.backups.b2 = {`
cupsnet backups plus vpsfree cleanup 2024-04-21 12:18:05 +01:00			`passwordFile = config.sops.secrets."restic-backups-b2-repo-password".path;`
backup woodpecker ci 2022-12-02 22:13:18 +00:00			`paths = [`
			`"/var/lib/foundryvtt"`
			`"/var/lib/gitea"`
			`"/var/lib/mastodon"`
cupsnet backups plus vpsfree cleanup 2024-04-21 12:18:05 +01:00			`"/var/lib/postgresql"`
			`"/var/lib/private/cryptpad/"`
backup nixos containers on vpsfree 2023-12-23 13:46:39 +00:00			`"${nixosContainersBackupPath}"`
backup woodpecker ci 2022-12-02 22:13:18 +00:00			`];`
cupsnet backups plus vpsfree cleanup 2024-04-21 12:18:05 +01:00			`repository = "b2:cyplo-backup-cupsnet";`
backup woodpecker ci 2022-12-02 22:13:18 +00:00			`backupPrepareCommand = ''`
cupsnet backups plus vpsfree cleanup 2024-04-21 12:18:05 +01:00			`systemctl stop container@foundryvtt.service`
			`systemctl stop cryptpad.service`
			`systemctl stop forgejo.service`
add airy 2024-06-28 19:23:39 +01:00			`systemctl stop mastodon*`
cupsnet backups plus vpsfree cleanup 2024-04-21 12:18:05 +01:00			`systemctl stop postgresql.service`
backup woodpecker ci 2022-12-02 22:13:18 +00:00			`'';`
stop masto server before backups to try to prevent ooms 2023-05-25 12:11:24 +01:00			`backupCleanupCommand = ''`
cupsnet backups plus vpsfree cleanup 2024-04-21 12:18:05 +01:00			`systemctl start postgresql.service`
			`systemctl start forgejo.service`
			`systemctl start cryptpad.service`
			`systemctl start container@foundryvtt.service`
add airy 2024-06-28 19:23:39 +01:00			`systemctl start --all mastodon*`
stop masto server before backups to try to prevent ooms 2023-05-25 12:11:24 +01:00			`'';`
add airy 2024-06-28 19:23:39 +01:00			`timerConfig = {OnCalendar = "daily";};`
			`environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";`
			`exclude = ["cache"];`
automatic prune of backups 2023-12-23 16:47:23 +00:00			`pruneOpts = [`
			`"--keep-hourly 25"`
			`"--keep-daily 8"`
			`"--keep-weekly 5"`
			`"--keep-monthly 13"`
			`"--keep-yearly 2"`
			`];`
add airy 2024-06-28 19:23:39 +01:00			`checkOpts = ["--with-cache"];`
backups on vpsfree, esp foundryvtt 2022-08-20 10:13:25 +01:00			`};`
			`};`

only one go proc for restic on vpsfree, to see if it helps with memory usage 2023-05-06 08:27:43 +01:00			`systemd.services.restic-backups-b2 = {`
backup nixos containers on vpsfree 2023-12-23 13:46:39 +00:00			`environment = {`
			`GOMAXPROCS = "1";`
			`GOGC = "20";`
			`};`
only one go proc for restic on vpsfree, to see if it helps with memory usage 2023-05-06 08:27:43 +01:00			`serviceConfig = {`
			`Nice = 19;`
			`IOSchedulingClass = "idle";`
			`};`
backups on vpsfree, esp foundryvtt 2022-08-20 10:13:25 +01:00			`};`
			`}`