JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

matrix: enable postgres backups
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Jake Hillion 2023-01-19 21:02:10 +00:00
parent 2b2ebd9e0b
commit 2929c85623
5 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/vm.strangervm.ts.hillion.co.uk/default.nix
View File

@ -63,4 +63,7 @@
{ name = "resources"; secretFile = config.age.secrets."resilio/encrypted/resources".path; } { name = "resources"; secretFile = config.age.secrets."resilio/encrypted/resources".path; }
{ name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; } { name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; }
]; ];
## Backups
config.services.postgresqlBackup.location = "/data/backup/postgres";
} }

30
modules/matrix/default.nix
View File

@ -12,6 +12,14 @@
owner = "matrix-synapse"; owner = "matrix-synapse";
group = "matrix-synapse"; group = "matrix-synapse";
}; };
config.age.secrets."backblaze/vm-strangervm-backups-matrix" = {
file = ../../secrets/backblaze/vm-strangervm-backups-matrix.age;
};
config.age.secrets."restic/b2-backups-matrix" = {
file = ../../secrets/restic/b2-backups-matrix.age;
owner = "postgres";
group = "postgres";
};
config.services.postgresql = { config.services.postgresql = {
enable = true; enable = true;
@ -23,6 +31,28 @@
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
}; };
config.services.postgresqlBackup = {
enable = true;
compression = "none"; # for better diffing
databases = [ "matrix-synapse" ];
};
config.services.restic.backups."matrix" = {
user = "postgres";
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "30m";
};
repository = "b2:hillion-personal:backups/matrix";
pruneOpts = [
"--keep-daily 14"
"--keep-weekly 5"
"--keep-monthly 24"
"--keep-yearly 10"
];
paths = [ "${config.services.postgresqlBackup.location}/matrix-synapse.sql" ];
passwordFile = config.age.secrets."restic/b2-backups-matrix".path;
environmentFile = config.age.secrets."backblaze/vm-strangervm-backups-matrix".path;
};
config.services.matrix-synapse = { config.services.matrix-synapse = {
enable = true; enable = true;

BIN
secrets/backblaze/vm-strangervm-backups-matrix.age Normal file
View File

Binary file not shown.

BIN
secrets/restic/b2-backups-matrix.age Normal file
View File

Binary file not shown.

6
secrets/secrets.nix
View File

@ -36,4 +36,10 @@ in
# Matrix Secrets # Matrix Secrets
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = users ++ [ vm_strangervm ]; "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = users ++ [ vm_strangervm ];
"matrix/matrix.hillion.co.uk/email.age".publicKeys = users ++ [ vm_strangervm ]; "matrix/matrix.hillion.co.uk/email.age".publicKeys = users ++ [ vm_strangervm ];
# Backblaze Secrets
"backblaze/vm-strangervm-backups-matrix.age".publicKeys = users ++ [ vm_strangervm ];
# Restic Secrets
"restic/b2-backups-matrix.age".publicKeys = users ++ [ vm_strangervm ];
} }