blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fin backups

Browse Source
This commit is contained in:
blake
2025-10-18 17:57:38 -05:00
parent 3eb9c9b402
commit 7fd8610476
26 changed files with 122 additions and 396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/borg_lf.sh
View File

@@ -86,8 +86,8 @@ borg mount "$REPO::$selected" "$MOUNT_POINT"
cleanup() {
echo "Unmounting archive..."
borg umount "$MOUNT_DIR" >/dev/null 2>&1 || true
rmdir "$MOUNT_DIR" >/dev/null 2>&1 || true
borg umount "$MOUNT_POINT" >/dev/null 2>&1 || true
rmdir "$MOUNT_POINT" >/dev/null 2>&1 || true
}
trap cleanup EXIT INT TERM

1
hosts/nixos/snowbelle/configuration.nix
View File

@@ -34,6 +34,7 @@ in
};
homelab = {
enable = true;
backups.enable = true;
motd.enable = true;
gitea.enable = true;
glance.enable = true;

2
modules/holocron/copyparty/default.nix
View File

@@ -151,7 +151,7 @@ in {
};
# add to backups
system.backups.baks = {
homelab.backups.baks = {
${service} = {
paths = [cfg.data_dir];
};

2
modules/homelab/arr/bazarr/default.nix
View File

@@ -92,7 +92,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/arr/prowlarr/default.nix
View File

@@ -94,7 +94,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/arr/radarr/default.nix
View File

@@ -97,7 +97,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/arr/sonarr/default.nix
View File

@@ -95,7 +95,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/audiobookshelf/default.nix
View File

@@ -98,7 +98,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

75
modules/homelab/backups/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{
config,
lib,
pkgs,
...
}:
/**/
let
cfg = config.homelab.backups;
sec = config.sops.secrets;
in {
options.homelab.backups = {
enable = lib.mkEnableOption "enables borg backups for state files and db backup services";
baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
backup_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/homelab";
description = "path to take daily backups to with borg!";
};
};
config = lib.mkIf cfg.enable {
# backups homelab with borg
services.borgbackup.jobs.homelab = (lib.mkIf cfg.baks != {}) {
archiveBaseName = "homelab";
repo = cfg.backup_repo;
paths = lib.flatten (lib.attrsets.mapAttrsToList (_: arg: arg.paths) cfg.baks);
compression = "auto,zstd";
startAt = "daily";
group = "archives";
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${sec."borg_passwd".path}";
extraArgs = ["--verbose" "--show-rc" "--umask" "0007"];
extraCreateArgs = ["--list" "--stats" "--filter" "AME"];
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 12;
monthly = -1; # Keep at least one archive for each month
};
};
# mysql backups currently minecraft_recpro is the only thing using this
services.mysqlBackup = lib.mkIf config.services.mysql.enable {
enable = true;
location = "/var/backup/mysql";
user = "root";
calendar = "*-*-* *:59:45"; # goes fast, included in back up with server dirs at **:00
compressionAlg = "zstd";
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
};
# postgresql backups currently immich is the only user
services.postgresqlBackup = lib.mkIf config.services.postgresql.enable {
enable = true;
location = "/var/backup/postgresql";
compression = "zstd"; # optional: "xz", "zstd", "none"
startAt = "03:59"; # the dump is included in a backup taken at 4:00
databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
};
# helpful and for scripts
environment.systemPackages = with pkgs; [borgbackup tree];
sops.secrets = {
"borg_passwd" = {
owner = "root";
group = "root";
};
};
};
}

2
modules/homelab/caddy/default.nix
View File

@@ -95,7 +95,7 @@ in
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

37
modules/homelab/default.nix
View File

@@ -37,21 +37,12 @@ in
type = lib.types.str;
description = "base domain used for reverse proxy";
};
baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
backup_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/homelab";
description = "path to take daily backups to with borg!";
};
};
# the order determines the order in glance :3
imports = [
./motd
./backups
./glance
./caddy
./home/zigbee2mqtt
@@ -84,31 +75,5 @@ in
};
};
# backups homelab with borg
services.borgbackup.jobs.homelab = {
archiveBaseName = "homelab";
repo = cfg.backup_repo;
paths = lib.flatten (lib.attrsets.mapAttrsToList (_: arg: arg.paths) config.system.backups.baks);
compression = "auto,zstd";
startAt = "daily";
group = "archives";
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.sops.secrets."borg_passwd".path}";
extraArgs = ["--verbose" "--show-rc" "--umask" "0007"];
extraCreateArgs = ["--list" "--stats" "--filter" "AME"];
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 12;
monthly = -1; # Keep at least one archive for each month
};
};
sops.secrets = {
"borg_passwd" = {
owner = "root";
group = "root";
};
};
};
}

2
modules/homelab/gitea/default.nix
View File

@@ -125,7 +125,7 @@ in
};
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/glance/default.nix
View File

@@ -313,7 +313,7 @@ in
};
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = {
paths = [ cfg.data_dir ];
};

2
modules/homelab/home/homeassistant/default.nix
View File

@@ -109,7 +109,7 @@ in
icon = "di:${nixservice}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/home/mosquitto/default.nix
View File

@@ -92,7 +92,7 @@ in
};
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/home/zigbee2mqtt/default.nix
View File

@@ -123,7 +123,7 @@ in
};
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

11
modules/homelab/immich/default.nix
View File

@@ -5,7 +5,14 @@
inputs,
unstable_pkgs,
...
}: let
}:
/*
to restore database ensure it exists
sudo -u postgres psql -c "DROP DATABASE IF EXISTS immich; CREATE DATABASE immich;"
zstd -dc <path_to_backup> | sudo -u postgres psql -d immich
*/
let
service = "immich";
cfg = config.homelab.${service};
sec = config.sops.secrets;
@@ -111,7 +118,7 @@ in {
services.postgresqlBackup.databases = ["immich"]; # set to all databases defined in esure databases
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = {paths = [cfg.data_dir "/var/lib/redis-immich" "/var/backup/postgresql/immich.sql.zstd"];};
};
};

2
modules/homelab/jellyfin/default.nix
View File

@@ -93,7 +93,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

19
modules/homelab/minecraft_recpro/default.nix
View File

@@ -3,7 +3,15 @@
config,
lib,
...
}: let
}:
/*
to restore db make sure it exists with rebuild or command below
then use zstd command to decompress and restore in one go
mysql -u root -p -e "CREATE DATABASE IF NOT EXISTS minecraft_recpro_db;"
zstd -dc <path_to_backup> | mysql -u root -p minecraft_recpro_db
*/
let
service = "minecraft_recpro";
cfg = config.gameservers.${service};
sec = config.sops.secrets;
@@ -141,7 +149,14 @@ in {
#paths = lib.flatten (lib.attrValues (lib.mapAttrs (_: srv: [srv.data_dir]) servers));
paths = lib.flatten (
lib.attrValues (
lib.mapAttrs (_: srv: [srv.data_dir] ++ (if builtins.hasAttr "db_dump_dir" srv then [srv.db_dump_dir] else [])) servers
lib.mapAttrs (_: srv:
[srv.data_dir]
++ (
if builtins.hasAttr "db_dump_dir" srv
then [srv.db_dump_dir]
else []
))
servers
)
);
compression = "auto,zstd";

2
modules/homelab/qbittorrent/default.nix
View File

@@ -131,7 +131,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/uptime-kuma/default.nix
View File

@@ -93,7 +93,7 @@ in
icon = "di:${service}"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/vaultwarden/default.nix
View File

@@ -113,7 +113,7 @@ in
};
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

2
modules/homelab/yacreader/default.nix
View File

@@ -101,7 +101,7 @@ in
icon = "di:yac-reader"; }];
# add to backups
homelab.baks = {
homelab.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};

56
modules/system/backups/default.nix
View File

@@ -1,56 +0,0 @@
{
config,
lib,
pkgs,
...
}:
/*
this module
*/
let
cfg = config.system.backups;
sec = config.sops.secrets;
borg = "${pkgs.borgbackup}/bin/borg";
in {
options.system.backups = {
enable = lib.mkEnableOption "enables backups with borg";
baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
gameserver_baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs for game servers, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
};
config = lib.mkIf (cfg.enable && cfg.baks != {}) {
# mysql backups currently minecraft_recpro is the only thing using this
services.mysqlBackup = lib.mkIf config.services.mysql.enable {
enable = true;
location = "/var/backup/mysql";
user = "root";
calendar = "*-*-* *:59:45"; # goes fast, included in back up with server dirs at **:00
compressionAlg = "zstd";
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
};
# postgresql backups currently immich is the only user
services.postgresqlBackup = lib.mkIf config.services.postgresql.enable {
# immich uses this
enable = true;
location = "/var/backup/postgresql";
compression = "zstd"; # optional: "xz", "zstd", "none"
startAt = "03:59"; # the dump is included in a backup taken at 4:00
# currently setting this in the immich file
#databases = ["immich"]; # set to all databases defined in esure databases
#databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
};
# helpful and for scripts
environment.systemPackages = with pkgs; [borgbackup tree];
};
}

279
modules/system/backups/default.nix.old
View File

@@ -1,279 +0,0 @@
{
config,
lib,
pkgs,
...
}:
/*
this module enables a backup script made with borg!
to use import & set the options below
to declare a backup add the following code
to a module and it will backup all listed paths
in a borg archive to the specified repo
| <3yy> |
V V
system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
*/
let
cfg = config.system.backups;
sec = config.sops.secrets;
borg = "${pkgs.borgbackup}/bin/borg";
in {
options.system.backups = {
enable = lib.mkEnableOption "enables backups with borg";
baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
gameserver_baks = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path));
default = {};
description = "backup jobs for game servers, nested attribute sets should be <bak_name> = paths [<list_of_paths>]";
};
repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/devices/snowbelle";
description = "borg repository path";
};
gameserver_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/gameservers/borg";
description = "borg repository path";
};
passwd_file = lib.mkOption {
type = lib.types.path;
default = sec."borg_passwd".path;
description = "borg repository passphrase file";
};
mode = lib.mkOption {
type = lib.types.str;
default = "split"; # "all"
description = "choice between creating one archive of all paths or one archive per service";
};
};
config = lib.mkIf (cfg.enable && cfg.baks != {}) {
# create and or set perms for repo dirs
systemd.tmpfiles.rules = [
"d ${cfg.repo} 2770 root archives - -"
"d ${cfg.gameserver_repo} 2770 root archives - -"
];
# create servie to backup services
systemd.services.backups = {
description = "backup services with borg!";
path = [pkgs.borgbackup];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "archives"; # make perms shake out
UMask = "0007"; # make perms shake out
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-backup" ''
backup() {
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
export BORG_REPO="${cfg.repo}"
timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
mode=split
# init repo in needed
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
echo "Initializing Borg repo at $BORG_REPO"
borg init --encryption=repokey "$BORG_REPO"
fi
borg break-lock "$BORG_REPO" || true
echo "starting backup at $timestamp"
if [ "$mode" = "split" ]; then
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::$archive" \
${lib.concatStringsSep " " bak_paths.paths}
echo "pruning old backups for ${bak_name}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${bak_name}" \
--keep-daily=7 \
--keep-weekly=52 \
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::$archive\""
''
)
cfg.baks)}
exit 0
else
# flatten all paths from cfg.baks into one big list
all_paths="${
lib.concatStringsSep " "
(lib.flatten
(lib.mapAttrsToList (_: bak: bak.paths) cfg.baks))
}"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lzma,9 \
"$BORG_REPO::$timestamp-${toString config.networking.hostName}" \
$all_paths
echo "pruning old backups for ${toString config.networking.hostName}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${toString config.networking.hostName}" \
--keep-daily=7 \
--keep-weekly=52 \
--keep-monthly=-1
echo "backup run complete at \"$BORG_REPO::${toString config.networking.hostName}\""
exit 0
fi
}
start_time=$(date +%s)
backup
end_time=$(date +%s)
exec_time=$((end_time - start_time))
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
echo ""
echo "backup stats:"
echo "exec time: $exec_time"
echo "cpu usage: $cpu_usage"
'';
};
};
# create timer to run backups daily
systemd.timers.backups = {
description = "daily borg backup timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "04:00";
Persistent = true;
};
};
# create servie to backup gameservers (back these up hourly)
systemd.services.gameserver_backups = {
description = "backup services with borg!";
path = [pkgs.borgbackup];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "archives"; # make perms shake out
UMask = "0007"; # make perms shake out
# the actual script borg is using
ExecStart = pkgs.writeShellScript "borg-gameserver_backup" ''
backup() {
set -euo pipefail
export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
export BORG_REPO="${cfg.gameserver_repo}"
timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
# init repo in needed
if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
echo "Initializing Borg repo at $BORG_REPO"
borg init --encryption=repokey "$BORG_REPO"
fi
borg break-lock "$BORG_REPO" || true
echo "starting backup at $timestamp"
# loop for each backup
${lib.concatStringsSep "\n\n" (lib.mapAttrsToList (
bak_name: bak_paths: ''
echo "------------ Backing up ${bak_name} ------------"
archive="$timestamp-${bak_name}"
echo "backing up: ${lib.concatStringsSep " " bak_paths.paths} $archive"
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
"$BORG_REPO::$archive" \
${lib.concatStringsSep " " bak_paths.paths}
echo "pruning old backups for ${bak_name}..."
borg prune -v --list "$BORG_REPO" \
--glob-archives "*-${bak_name}" \
--keep-hourly=24 \
--keep-daily=7 \
--keep-weekly=12 \
--keep-monthly=12
echo "backup run complete at \"$BORG_REPO::$archive\""
''
)
cfg.gameserver_baks)}
exit 0
}
start_time=$(date +%s)
backup
end_time=$(date +%s)
exec_time=$((end_time - start_time))
cpu_usage=$(top -bn1 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - $1"%"}')
echo ""
echo "backup stats:"
echo "exec time: $exec_time"
echo "cpu usage: $cpu_usage"
'';
};
};
# create timer to run backups daily
systemd.timers.gameserver_backups = {
description = "daily borg backup timer";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* *:00:00"; # every hour, at :01 (one min after db dump)
Persistent = true;
};
};
# db backups
services.mysqlBackup = lib.mkIf config.services.mysql.enable {
# mc servers use this
enable = true;
location = "/var/backup/mysql";
user = "root";
calendar = "*-*-* *:59:00";
compressionAlg = "zstd";
databases = config.services.mysql.ensureDatabases; # set to all databases defined in esure databases
};
services.postgresqlBackup = lib.mkIf config.services.postgresql.enable {
# immich uses this
enable = true;
location = "/var/backup/postgresql";
compression = "zstd"; # optional: "xz", "zstd", "none"
startAt = "03:58";
databases = ["immich"]; # set to all databases defined in esure databases
#databases = config.services.postgresql.ensureDatabases; # set to all databases defined in esure databases
};
# install borg binary
environment.systemPackages = with pkgs; [borgbackup tree];
# declare secret for repo password
sops.secrets = {
"borg_passwd" = {
owner = "root";
group = "root";
};
};
};
}

2
modules/system/default.nix
View File

@@ -6,7 +6,6 @@
}: {
imports = [
./ssh
./backups
./sops
./docker
./podman
@@ -19,7 +18,6 @@
];
system.ssh.enable = lib.mkDefault true;
system.backups.enable = lib.mkDefault true;
system.sops.enable = lib.mkDefault true;
system.docker.enable = lib.mkDefault false;
system.tailscale.enable = lib.mkDefault true;