backups

newinfra/nix/apps/hugo-chat/default.nix

@@ -40,6 +40,17 @@ in
     };
   };
 
+  services.custom-backup.jobs = [
+    {
+      app = "hugo-chat";
+      pgDump = {
+        containerName = "hugo-chat-db";
+        dbName = "postgres";
+        userName = "postgres";
+      };
+    }
+  ];
+
   # https://www.reddit.com/r/NixOS/comments/13e5w6b/does_anyone_have_a_working_nixos_ocicontainers/
   systemd.services.init-hugo-chat-podman-network = {
     description = "Create the network bridge for hugo-chat.";

newinfra/nix/hive.nix

@@ -242,15 +242,6 @@
       ./modules/ingress
       ./modules/wg-mesh
       ./modules/garage
-      ./modules/backup
-    ];
-
-    services.custom-backup.jobs = [
-      {
-        app = "testapp";
-        file = "/etc/hosts";
-        environmentFile = pkgs.writeText "env" "MyEnv=true\n";
-      }
     ];
 
     deployment.tags = [ "eu" "apps" "wg" ];

newinfra/nix/modules/backup/backup.sh

@@ -8,6 +8,7 @@ echo "Starting backup procedure with time=$time"
 dir=$(mktemp -d)
 echo "Setting workdir to $dir"
 cd "$dir"
+export HOME="$dir"
 # Delete the temporary directory afterwards.
 # Yes, this variable should expand now.
 # shellcheck disable=SC2064
@@ -20,6 +21,10 @@ mc alias set garage "$S3_ENDPOINT" "$S3_ACCESS_KEY" "$S3_SECRET_KEY" --api S3v4
 mc ls garage/backups
 
 files=$(jq -c '.files[]' "$CONFIG_FILE")
+pg_dumps=$(jq -c '.pg_dumps[]' "$CONFIG_FILE")
+
+echo "$files"
+echo "$pg_dumps"
 
 IFS=$'\n'
 for file_config in $files; do
@@ -34,3 +39,24 @@ for file_config in $files; do
     mc put "$tmppath" "garage/$S3_BUCKET/$app/$time/$(basename "$filepath").xz"
     echo "Uploaded file"
 done
+
+for pg_config in $pg_dumps; do
+    app=$(echo "$pg_config" | jq -r ".app")
+    containerName=$(echo "$pg_config" | jq -r ".containerName")
+    dbName=$(echo "$pg_config" | jq -r ".dbName")
+    userName=$(echo "$pg_config" | jq -r ".userName")
+
+    echo "Backing up app $app POSTGRES $containerName/$dbName..."
+    tmppath="$dir/file"
+    
+    podman exec "$containerName" pg_dump --format=custom --file /tmp/db.bak \
+        --host "127.0.0.1"  --dbname "$dbName" --username "$userName"
+    podman cp "$containerName:/tmp/db.bak" "$tmppath"
+    xz -f "$tmppath" > "$tmppath.xz"
+
+    echo "Uplading file"
+    mc put "$tmppath.xz" "garage/$S3_BUCKET/$app/$time/$dbName.bak.xz"
+    echo "Uploaded file"
+
+    podman exec "$containerName" rm "/tmp/db.bak"
+done

newinfra/nix/modules/backup/default.nix

@@ -11,9 +11,25 @@ let
         default = null;
       };
       file = mkOption {
+        type = types.nullOr types.string;
+        default = null;
+      };
+      pgDump = mkOption {
+        type = types.nullOr (types.submodule ({ ... }: {
+          options = {
+            containerName = mkOption {
               type = types.string;
             };
-      #pg_dump = { };
+            dbName = mkOption {
+              type = types.string;
+            };
+            userName = mkOption {
+              type = types.string;
+            };
+          };
+        }));
+        default = null;
+      };
       #mongo_dump = { };
     };
   };
@@ -33,10 +49,12 @@ in
       backupConfig = {
         files = builtins.map (job: { app = job.app; file = job.file; })
           (builtins.filter (job: job.file != null) cfg.jobs);
+        pg_dumps = builtins.map (job: { app = job.app; } // job.pgDump)
+          (builtins.filter (job: job.pgDump != null) cfg.jobs);
       };
       backupScript = pkgs.writeShellApplication {
         name = "backup";
-        runtimeInputs = with pkgs; [ jq minio-client getent xz ];
+        runtimeInputs = with pkgs; [ podman jq minio-client getent xz ];
         text = builtins.readFile ./backup.sh;
       };
     in
@@ -46,7 +64,8 @@ in
       systemd.services.custom-backup = {
         startAt = "daily";
         serviceConfig = {
-          DynamicUser = true;
+          # TODO: can we use a dynamic user?
+          #DynamicUser = true;
           ExecStart = "${backupScript}/bin/backup";
           Environment = [
             "CONFIG_FILE=${pkgs.writeText "backup-config.json" (builtins.toJSON backupConfig)}"

vps2/backup.sh

@@ -65,12 +65,9 @@ function upload_directory {
     rm "$tmppath"
 }
 
-#upload_file "bisect-rustc-service/db.sqlite"
 upload_file "killua/trivia_questions.json"
-#upload_file "uptime/uptime.db"
 
 upload_pg_dump "cors-school" "cors-school-db" "davinci" "postgres"
-#upload_pg_dump "hugo-chat" "hugo-chat-db" "postgres" "postgres"
 upload_pg_dump "openolat" "openolat-db" "oodb" "oodbu"
 
 # shellcheck disable=SC1091