nixos_forgejo/backup.nix

{config, pkgs, lib, ... }:

# NOTE: For this to work you should use MariaDB as your Forgejo-Database running on the same host. If this is not the case, update this script accordingly.
let
  makeBackupForRepo = repo: lib.getExe (pkgs.writeShellScriptBin "forgejo-borgbackup" ''
    #!/bin/sh
    set -e
    #stop forgejo
    systemctl stop forgejo.service
    # Dump Forgejo DB
    MYSQL_DATABASE="forgejodb"
    ${pkgs.mariadb}/bin/mysqldump -u root ''${MYSQL_DATABASE} > /borgbackupcache/forgejobackup.sql
    # BorgBackup
    export BORG_PASSCOMMAND="cat /etc/nixos/borgpassword"
    export BORG_REPO=${repo}
    export BACKUP_NAME="forgejo-$(date +%Y-%m-%d-%H-%M)"

    # Add everything to be backed up
    ${pkgs.borgbackup}/bin/borg create --verbose --filter AME --list --stats --show-rc --compression lz4 --exclude-caches \
      $BORG_REPO::$BACKUP_NAME \
      /var/lib/forgejo/repositories/ \
      /var/lib/forgejo/data/ \
      /borgbackupcache/forgejobackup.sql \
      /etc/nixos/
    # Delete DB dump
    rm /borgbackupcache/forgejobackup.sql
    # Start Forgejo again
    systemctl start forgejo.service
    # Prune old backups
    ${pkgs.borgbackup}/bin/borg prune --list $BORG_REPO --prefix 'forgejo-' --show-rc --keep-daily=7 --keep-weekly=4 --keep-monthly=6
  '');
  repos = repolistfile: lib.pipe repolistfile [
    builtins.readFile
    (lib.splitString "\n")
    (lib.filter (s: s != ""))
  ];
  backups = repolistfile: builtins.map makeBackupForRepo (repos repolistfile);
  in
  {
    environment.systemPackages = [ pkgs.borgbackup ];
    # Create folders
    systemd.tmpfiles.rules = [
	    "d /borgbackupcache 700 root root"
    ];
    # Backup timer
   systemd.services.borg-backup = {
   description = "Borg Backup for Forgejo and the Forgejo MySQL Database";
   serviceConfig = {
     ExecStart = lib.getExe (pkgs.writeShellScriptBin "doBackups" (lib.concatStringsSep ";" (backups config._module.args.borgrepolistfile)));
     User = "root";
   };
   requires= ["mysql.service"];
   after = ["forgejo.service" "mysql.service" "network-online.target"];
   wants = ["network-online.target"];
   wantedBy = [ "multi-user.target" ];
 };

 systemd.timers.borg-backup = {
   description = "Daily Borg Backup Timer";
   wantedBy = [ "timers.target" ];
   timerConfig = {
     OnActiveSec = "30s";
     OnCalendar = "daily";
     Persistent = true;
   };
 };
  }
backup script improved with multi-repo-support 2024-03-02 02:26:38 +01:00			`{config, pkgs, lib, ... }:`
import fix 2024-02-17 02:42:35 +01:00
cleaning up 2024-02-20 04:41:48 +01:00			`# NOTE: For this to work you should use MariaDB as your Forgejo-Database running on the same host. If this is not the case, update this script accordingly.`
import fix 2024-02-17 02:42:35 +01:00			`let`
backup script improved with multi-repo-support 2024-03-02 02:26:38 +01:00			`makeBackupForRepo = repo: lib.getExe (pkgs.writeShellScriptBin "forgejo-borgbackup" ''`
import fix 2024-02-17 02:42:35 +01:00			`#!/bin/sh`
			`set -e`
			`#stop forgejo`
			`systemctl stop forgejo.service`
cleaning up 2024-02-20 04:41:48 +01:00			`# Dump Forgejo DB`
import fix 2024-02-17 02:42:35 +01:00			`MYSQL_DATABASE="forgejodb"`
this finally works phew 2024-02-17 05:44:04 +01:00			`${pkgs.mariadb}/bin/mysqldump -u root ''${MYSQL_DATABASE} > /borgbackupcache/forgejobackup.sql`
import fix 2024-02-17 02:42:35 +01:00			`# BorgBackup`
this finally works phew 2024-02-17 05:44:04 +01:00			`export BORG_PASSCOMMAND="cat /etc/nixos/borgpassword"`
backup script improved with multi-repo-support 2024-03-02 02:26:38 +01:00			`export BORG_REPO=${repo}`
cleaning up 2024-02-20 04:41:48 +01:00			`export BACKUP_NAME="forgejo-$(date +%Y-%m-%d-%H-%M)"`
import fix 2024-02-17 02:42:35 +01:00
			`# Add everything to be backed up`
			`${pkgs.borgbackup}/bin/borg create --verbose --filter AME --list --stats --show-rc --compression lz4 --exclude-caches \`
			`$BORG_REPO::$BACKUP_NAME \`
			`/var/lib/forgejo/repositories/ \`
			`/var/lib/forgejo/data/ \`
backup script improved with multi-repo-support 2024-03-02 02:26:38 +01:00			`/borgbackupcache/forgejobackup.sql \`
			`/etc/nixos/`
cleaning up 2024-02-20 04:41:48 +01:00			`# Delete DB dump`
import fix 2024-02-17 02:42:35 +01:00			`rm /borgbackupcache/forgejobackup.sql`
			`# Start Forgejo again`
			`systemctl start forgejo.service`
			`# Prune old backups`
			`${pkgs.borgbackup}/bin/borg prune --list $BORG_REPO --prefix 'forgejo-' --show-rc --keep-daily=7 --keep-weekly=4 --keep-monthly=6`
backup script improved with multi-repo-support 2024-03-02 02:26:38 +01:00			`'');`
			`repos = repolistfile: lib.pipe repolistfile [`
			`builtins.readFile`
			`(lib.splitString "\n")`
			`(lib.filter (s: s != ""))`
			`];`
			`backups = repolistfile: builtins.map makeBackupForRepo (repos repolistfile);`
trying out stuff 2024-02-17 03:11:14 +01:00			`in`
			`{`
			`environment.systemPackages = [ pkgs.borgbackup ];`
			`# Create folders`
			`systemd.tmpfiles.rules = [`
			`"d /borgbackupcache 700 root root"`
			`];`
			`# Backup timer`
			`systemd.services.borg-backup = {`
cleaning up 2024-02-20 04:41:48 +01:00			`description = "Borg Backup for Forgejo and the Forgejo MySQL Database";`
trying out stuff 2024-02-17 03:11:14 +01:00			`serviceConfig = {`
backup script improved with multi-repo-support 2024-03-02 02:26:38 +01:00			`ExecStart = lib.getExe (pkgs.writeShellScriptBin "doBackups" (lib.concatStringsSep ";" (backups config._module.args.borgrepolistfile)));`
trying out stuff 2024-02-17 03:11:14 +01:00			`User = "root";`
			`};`
hotfix because the backup script kept starting and crashing everything before it had networkaccess or forgejo got closed 2024-02-20 22:15:27 +01:00			`requires= ["mysql.service"];`
			`after = ["forgejo.service" "mysql.service" "network-online.target"];`
			`wants = ["network-online.target"];`
trying out stuff 2024-02-17 03:11:14 +01:00			`wantedBy = [ "multi-user.target" ];`
			`};`

			`systemd.timers.borg-backup = {`
			`description = "Daily Borg Backup Timer";`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
hotfix because the backup script kept starting and crashing everything before it had networkaccess or forgejo got closed 2024-02-20 22:15:27 +01:00			`OnActiveSec = "30s";`
trying out stuff 2024-02-17 03:11:14 +01:00			`OnCalendar = "daily";`
			`Persistent = true;`
			`};`
			`};`
this finally works phew 2024-02-17 05:44:04 +01:00			`}`