summaryrefslogtreecommitdiff
path: root/config/borg-backup.nix
blob: fe31144be9fc32dc8980c97beae7644c45b87025 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# To initialize repo
# borg init --encryption=keyfile /staging/backup
# Key file also stored in pass
{ config, lib, pkgs, ... }:
let
  repo = "/staging/backup";
  probe = rec {
    path = "/storage/archive/backup-probe.txt";
    repo = "storage";
    repo_path = lib.removePrefix "/" path;
  };
in
{
  systemd.services.borg-backup = {
    description = "Run backups.";
    path = with pkgs; [ borgbackup rsync openssh ];
    startAt = "03:30";
    environment = {
      BORG_KEY_FILE = "/opt/secret/borg-backup-keys/staging_backup";
      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
    };
    script = ''
      echo "Database backup"
      ssh orbekk@raigh.orbekk.com sqlite3 /home/orbekk/linoquotes.sqlite \".backup /home/orbekk/linoquotes-backup.sqlite\"
      rsync -Hax orbekk@raigh.orbekk.com:linoquotes-backup.sqlite /storage/archive/linoquotes/

      echo "Writing probe file at ${probe.path}"
      # No need for atomic move, because the script terminates if this fails.
      date +%s > "${probe.path}"

      echo "Creating backup"
      borg create -v --stats                     \
        --compression lzma,6                     \
        ${repo}::'storage-{now:%Y-%m-%dT%H:%M:%S}'    \
        /storage

      borg create -v --stats                     \
        --compression lzma,6                     \
        ${repo}::'{hostname}-{now:%Y-%m-%dT%H:%M:%S}' \
        /opt /home /var \
        --exclude /var/lib/lxd \
        --exclude /var/lib/nextcloud

      echo "Pruning old versions"
      borg prune -v --list ${repo} --prefix 'storage-' \
        --keep-daily=7 --keep-weekly=4 --keep-monthly=6  
      borg prune -v --list ${repo} --prefix '{hostname}-' \
        --keep-daily=7 --keep-weekly=4 --keep-monthly=6  

      echo "Synchronizing backup"
      rsync --delete -Hax ${repo} root@orbekk.osl.trygveandre.net:/storage
      echo "Success."
    '';
  };

  systemd.services.backup-prober = {
    description = "Find latest backup probe timestamp.";
    path = with pkgs; [ borgbackup rsync openssh sshfs moreutils ];
    startAt = "06:30";
    serviceConfig = {
      PrivateTmp = true;
    };
    environment = {
      BORG_KEY_FILE = "/opt/secret/borg-backup-keys/staging_backup";
      BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
    };
    script = ''
      mkdir -p "/tmp/mnt"
      sshfs root@orbekk.osl.trygveandre.net:/storage "/tmp/mnt"
      REPOSITORY="/tmp/mnt/backup"

      last_repo="$(borg list $REPOSITORY -P ${probe.repo} --last 1 --short)"
      target="${config.orbekk.monitoring-server.textFileDir}/backup_probe.prom"
      timestamp=$(borg extract --stdout $REPOSITORY::"$last_repo" "${probe.repo_path}")
      echo "backup_probe_timestamp_seconds $timestamp" > "$target.next"
      mv "$target.next" "$target"
      echo Done
    '';
  };
}