game server backups

modules/holocron/smb/default.nix

@@ -19,8 +19,10 @@ let
     timemachine = {
       browseable = true;
       "path" = "/holocron/archives/timemachine";
+      "valid users" = "blake";
       "public" = "no";
       "writeable" = "yes";
+      "force user" = "blake";
       "fruit:aapl" = "yes";
       "fruit:time machine" = "yes";
       "vfs objects" = "catia fruit streams_xattr";

modules/homelab/immich/default.nix

@@ -109,7 +109,7 @@ in {
 
     # add to backups
     system.backups.baks = {
-      ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backups/postgresql/immich.sql.zstd"];};
+      ${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backup/postgresql/immich.sql.zstd"];};
     };
   };
 }

modules/homelab/minecraft_recpro/default.nix

@@ -113,11 +113,11 @@ in
     };
 
     # add to backups
-    system.backups.baks = lib.listToAttrs (
+    system.backups.gameserver_baks = lib.listToAttrs (
       lib.mapAttrsToList (srv_name: cfg:
         {
           name = srv_name;                     # attribute key
-          value = { paths = [ cfg.data_dir "/var/backups/mysql/${service}_db.zst" ]; }; # attribute value
+          value = { paths = [ cfg.data_dir "/var/backup/mysql/${service}_db.zst" ]; }; # attribute value
         }
       ) servers
     );

modules/system/backups/default.nix

@@ -29,11 +29,21 @@ in {
       default = {};
       description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
     };
+    gameserver_baks = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
+      default = {};
+      description = "backup jobs for game servers, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
+    };
     repo = lib.mkOption {
       type = lib.types.path;
       default = "/holocron/archives/devices/snowbelle";
       description = "borg repository path";
     };
+    gameserver_repo = lib.mkOption {
+      type = lib.types.path;
+      default = "/holocron/archives/gameservers/borg";
+      description = "borg repository path";
+    };
     passwd_file = lib.mkOption {
       type = lib.types.path;
       default = sec."borg_passwd".path;
@@ -47,12 +57,16 @@ in {
   };
 
   config = lib.mkIf (cfg.enable && cfg.baks != {}) {
+
+    # create and or set perms for repo dirs
     systemd.tmpfiles.rules = [
-      "d /holocron/archives 2770 root archives - -"
+      "d ${cfg.repo} 2770 root archives - -"
+      "d ${cfg.gameserver_repo} 2770 root archives - -"
     ];
 
+    # create servie to backup services
     systemd.services.backups = {
-      description = "backup service with borg!";
+      description = "backup services with borg!";
       path = [pkgs.borgbackup];
       serviceConfig = {
         Type = "oneshot";
@@ -143,7 +157,6 @@ in {
         '';
       };
     };
-
     # create timer to run backups daily
     systemd.timers.backups = {
       description = "daily borg backup timer";
@@ -154,13 +167,88 @@ in {
       };
     };
 
+    # create servie to backup gameservers (back these up hourly)
+    systemd.services.gameserver_backups = {
+      description = "backup services with borg!";
+      path = [pkgs.borgbackup];
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+        Group = "archives"; # make perms shake out
+        # the actual script borg is using
+        ExecStart = pkgs.writeShellScript "borg-gameserver_backup" ''
+          backup() {
+            set -euo pipefail
+            export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
+            export BORG_REPO="${cfg.gameserver_repo}"
+            timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
+
+            # init repo in needed
+            if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
+              echo "Initializing Borg repo at $BORG_REPO"
+              borg init --encryption=repokey "$BORG_REPO"
+            fi
+
+            borg break-lock "$BORG_REPO" || true
+
+            echo "starting backup at $timestamp"
+
+              # loop for each backup
+              ${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
+              bak_name: bak_paths: ''
+                  echo "------------ Backing up ${bak_name} ------------"
+                  archive="$timestamp-${bak_name}"
+                  echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} → $archive"
+                  borg create \
+                    --verbose \
+                    --filter AME \
+                    --list \
+                    --stats \
+                    --show-rc \
+                    --compression lz4 \
+                    "$BORG_REPO::$archive" \
+                    ${lib.concatStringsSep " " bak_paths.paths}
+                echo "pruning old backups for ${bak_name}..."
+                borg prune -v --list "$BORG_REPO" \
+                  --glob-archives "*-${bak_name}" \
+                  --keep-hourly=24 \
+                  --keep-daily=7 \
+                  --keep-weekly=12 \
+                  --keep-monthly=12
+                echo "backup run complete at \"$BORG_REPO::$archive\""
+              ''
+            )
+            cfg.gameserver_baks)}
+          }
+          start_time=$(date +%s)
+          backup
+          end_time=$(date +%s)
+          exec_time=$((end_time - start_time))
+          cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
+          echo ""
+          echo "backup stats:"
+          echo "exec time: $exec_time"
+          echo "cpu usage: $cpu_usage"
+        '';
+      };
+    };
+    # create timer to run backups daily
+    systemd.timers.gameserver_backups = {
+      description = "daily borg backup timer";
+      wantedBy = ["timers.target"];
+      timerConfig = {
+        OnCalendar = "*-*-* *:01:00"; # every hour, at :01
+        Persistent = true;
+      };
+    };
+
     # db backups
     services.mysqlBackup = lib.mkIf config.services.mysql.enable {
       # mc servers use this
       enable = true;
       location = "/var/backup/mysql";
       user = "root";
-      calendar = "03:58:00";
+      calendar = "*-*-* *:01:00";
       compressionAlg = "zstd";
       databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
     };