experimental backupscript added

This commit is contained in:
Lyn 2024-02-17 02:39:28 +01:00
parent 2d431a978d
commit bdf7b5b7ac
2 changed files with 52 additions and 3 deletions

30
backupscript.nix Normal file
View file

@ -0,0 +1,30 @@
{config, pkgs, ... }:
let
forgejo-borgbackup = pkgs.writeShellScriptBin "forgejo-borgbackup" ''
#!/bin/sh
set -e
#stop forgejo
systemctl stop forgejo.service
# MySQL-Backup
MYSQL_OPTION_FILE="/etc/nixos/dbauth.cnf"
MYSQL_DATABASE="forgejodb"
mysqldump --defaults-file="${MYSQL_OPTION_FILE}" $MYSQL_DATABASE > /borgbackupcache/forgejobackup.sql
# BorgBackup
export BORG_REPO="ssh://backup@cloud.shibe.pro://mnt/onedrive/Backups/borg"
export BACKUP_NAME="forgejo-$(date +%Y-%m-%d)"
# Add everything to be backed up
${pkgs.borgbackup}/bin/borg create --verbose --filter AME --list --stats --show-rc --compression lz4 --exclude-caches \
$BORG_REPO::$BACKUP_NAME \
/var/lib/forgejo/repositories/ \
/var/lib/forgejo/data/ \
/borgbackupcache/forgejobackup.sql
# Remove DB dump
rm /borgbackupcache/forgejobackup.sql
# Start Forgejo again
systemctl start forgejo.service
# Prune old backups
${pkgs.borgbackup}/bin/borg prune --list $BORG_REPO --prefix 'forgejo-' --show-rc --keep-daily=7 --keep-weekly=4 --keep-monthly=6
'';

View file

@ -59,9 +59,9 @@
];
# Create folders
# systemd.tmpfiles.rules = [
# "d /mnt/onedrive/Timemachine 0772 lyn onedriveaccess"
#];
systemd.tmpfiles.rules = [
"d /borgbackupcache 700 root root"
];
# Enable the OpenSSH daemon.
@ -110,6 +110,25 @@
AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
'';
# Backup timer
systemd.services.borg-backup = {
description = "Borg Backup for Forgejo and MySQL";
serviceConfig = {
ExecStart = "${forgejo-borgbackup}";
User = "root";
};
wantedBy = [ "multi-user.target" ];
};
systemd.timers.borg-backup = {
description = "Daily Borg Backup Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
};
#enable qemu-guestagent
services.qemuGuest.enable = true;
# Disable password checking for wheel group users so we can solely rely on ssh keys