diff --git a/modules/holocron/smb/default.nix b/modules/holocron/smb/default.nix index 5589f8d..052702b 100644 --- a/modules/holocron/smb/default.nix +++ b/modules/holocron/smb/default.nix @@ -19,8 +19,10 @@ let timemachine = { browseable = true; "path" = "/holocron/archives/timemachine"; + "valid users" = "blake"; "public" = "no"; "writeable" = "yes"; + "force user" = "blake"; "fruit:aapl" = "yes"; "fruit:time machine" = "yes"; "vfs objects" = "catia fruit streams_xattr"; diff --git a/modules/homelab/immich/default.nix b/modules/homelab/immich/default.nix index d003d9d..08ec09c 100644 --- a/modules/homelab/immich/default.nix +++ b/modules/homelab/immich/default.nix @@ -109,7 +109,7 @@ in { # add to backups system.backups.baks = { - ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backups/postgresql/immich.sql.zstd"];}; + ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backup/postgresql/immich.sql.zstd"];}; }; }; } diff --git a/modules/homelab/minecraft_recpro/default.nix b/modules/homelab/minecraft_recpro/default.nix index feb8d6b..58afeaf 100644 --- a/modules/homelab/minecraft_recpro/default.nix +++ b/modules/homelab/minecraft_recpro/default.nix @@ -113,11 +113,11 @@ in }; # add to backups - system.backups.baks = lib.listToAttrs ( + system.backups.gameserver_baks = lib.listToAttrs ( lib.mapAttrsToList (srv_name: cfg: { name = srv_name; # attribute key - value = { paths = [ cfg.data_dir "/var/backups/mysql/${service}_db.zst" ]; }; # attribute value + value = { paths = [ cfg.data_dir "/var/backup/mysql/${service}_db.zst" ]; }; # attribute value } ) servers ); diff --git a/modules/system/backups/default.nix b/modules/system/backups/default.nix index ad5c502..f257b30 100644 --- a/modules/system/backups/default.nix +++ b/modules/system/backups/default.nix @@ -29,11 +29,21 @@ in { default = {}; description = "backup jobs, nested attribute sets should be = paths []"; }; + gameserver_baks = lib.mkOption { + type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path)); + default = {}; + description = "backup jobs for game servers, nested attribute sets should be = paths []"; + }; repo = lib.mkOption { type = lib.types.path; default = "/holocron/archives/devices/snowbelle"; description = "borg repository path"; }; + gameserver_repo = lib.mkOption { + type = lib.types.path; + default = "/holocron/archives/gameservers/borg"; + description = "borg repository path"; + }; passwd_file = lib.mkOption { type = lib.types.path; default = sec."borg_passwd".path; @@ -47,12 +57,16 @@ in { }; config = lib.mkIf (cfg.enable && cfg.baks != {}) { + + # create and or set perms for repo dirs systemd.tmpfiles.rules = [ - "d /holocron/archives 2770 root archives - -" + "d ${cfg.repo} 2770 root archives - -" + "d ${cfg.gameserver_repo} 2770 root archives - -" ]; + # create servie to backup services systemd.services.backups = { - description = "backup service with borg!"; + description = "backup services with borg!"; path = [pkgs.borgbackup]; serviceConfig = { Type = "oneshot"; @@ -143,7 +157,6 @@ in { ''; }; }; - # create timer to run backups daily systemd.timers.backups = { description = "daily borg backup timer"; @@ -154,13 +167,88 @@ in { }; }; + # create servie to backup gameservers (back these up hourly) + systemd.services.gameserver_backups = { + description = "backup services with borg!"; + path = [pkgs.borgbackup]; + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "archives"; # make perms shake out + # the actual script borg is using + ExecStart = pkgs.writeShellScript "borg-gameserver_backup" '' + backup() { + set -euo pipefail + export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})" + export BORG_REPO="${cfg.gameserver_repo}" + timestamp="$(date +'%Y-%m-%d_%H:%M:%S')" + + # init repo in needed + if ! borg info "$BORG_REPO" >/dev/null 2>&1; then + echo "Initializing Borg repo at $BORG_REPO" + borg init --encryption=repokey "$BORG_REPO" + fi + + borg break-lock "$BORG_REPO" || true + + echo "starting backup at $timestamp" + + # loop for each backup + ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList ( + bak_name: bak_paths: '' + echo "------------ Backing up ${bak_name} ------------" + archive="$timestamp-${bak_name}" + echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive" + borg create \ + --verbose \ + --filter AME \ + --list \ + --stats \ + --show-rc \ + --compression lz4 \ + "$BORG_REPO::$archive" \ + ${lib.concatStringsSep " " bak_paths.paths} + echo "pruning old backups for ${bak_name}..." + borg prune -v --list "$BORG_REPO" \ + --glob-archives "*-${bak_name}" \ + --keep-hourly=24 \ + --keep-daily=7 \ + --keep-weekly=12 \ + --keep-monthly=12 + echo "backup run complete at \"$BORG_REPO::$archive\"" + '' + ) + cfg.gameserver_baks)} + } + start_time=$(date +%s) + backup + end_time=$(date +%s) + exec_time=$((end_time - start_time)) + cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}') + echo "" + echo "backup stats:" + echo "exec time: $exec_time" + echo "cpu usage: $cpu_usage" + ''; + }; + }; + # create timer to run backups daily + systemd.timers.gameserver_backups = { + description = "daily borg backup timer"; + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "*-*-* *:01:00"; # every hour, at :01 + Persistent = true; + }; + }; + # db backups services.mysqlBackup = lib.mkIf config.services.mysql.enable { # mc servers use this enable = true; location = "/var/backup/mysql"; user = "root"; - calendar = "03:58:00"; + calendar = "*-*-* *:01:00"; compressionAlg = "zstd"; databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases };