matrix: enable postgres backups

2023-01-19 21:02:10 +00:00 · 2023-01-19 21:02:10 +00:00 · 2929c85623
commit 2929c85623
parent 2b2ebd9e0b
5 changed files with 39 additions and 0 deletions
--- a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
+++ b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix
@ -63,4 +63,7 @@
    { name = "resources"; secretFile = config.age.secrets."resilio/encrypted/resources".path; }
    { name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; }
  ];
+
+  ## Backups
+  config.services.postgresqlBackup.location = "/data/backup/postgres";
 }
--- a/modules/matrix/default.nix
+++ b/modules/matrix/default.nix
@ -12,6 +12,14 @@
    owner = "matrix-synapse";
    group = "matrix-synapse";
  };
+  config.age.secrets."backblaze/vm-strangervm-backups-matrix" = {
+    file = ../../secrets/backblaze/vm-strangervm-backups-matrix.age;
+  };
+  config.age.secrets."restic/b2-backups-matrix" = {
+    file = ../../secrets/restic/b2-backups-matrix.age;
+    owner = "postgres";
+    group = "postgres";
+  };

  config.services.postgresql = {
    enable = true;
@ -23,6 +31,28 @@
        LC_CTYPE = "C";
    '';
  };
+  config.services.postgresqlBackup = {
+    enable = true;
+    compression = "none"; # for better diffing
+    databases = [ "matrix-synapse" ];
+  };
+  config.services.restic.backups."matrix" = {
+    user = "postgres";
+    timerConfig = {
+      OnCalendar = "03:00";
+      RandomizedDelaySec = "30m";
+    };
+    repository = "b2:hillion-personal:backups/matrix";
+    pruneOpts = [
+      "--keep-daily 14"
+      "--keep-weekly 5"
+      "--keep-monthly 24"
+      "--keep-yearly 10"
+    ];
+    paths = [ "${config.services.postgresqlBackup.location}/matrix-synapse.sql" ];
+    passwordFile = config.age.secrets."restic/b2-backups-matrix".path;
+    environmentFile = config.age.secrets."backblaze/vm-strangervm-backups-matrix".path;
+  };

  config.services.matrix-synapse = {
    enable = true;
--- a/secrets/backblaze/vm-strangervm-backups-matrix.age
+++ b/secrets/backblaze/vm-strangervm-backups-matrix.age
--- a/secrets/restic/b2-backups-matrix.age
+++ b/secrets/restic/b2-backups-matrix.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -36,4 +36,10 @@ in
  # Matrix Secrets
  "matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = users ++ [ vm_strangervm ];
  "matrix/matrix.hillion.co.uk/email.age".publicKeys = users ++ [ vm_strangervm ];
+
+  # Backblaze Secrets
+  "backblaze/vm-strangervm-backups-matrix.age".publicKeys = users ++ [ vm_strangervm ];
+
+  # Restic Secrets
+  "restic/b2-backups-matrix.age".publicKeys = users ++ [ vm_strangervm ];
 }