patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: maddy backup

Browse source
This commit is contained in:
Patrick Großmann 2024-01-29 14:43:41 +01:00
parent c9ffe17049
commit 4158ba3bbf
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
4 changed files with 58 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
hosts/maddy/secrets/generated/maddyHetznerSsh.age Normal file
View file

Binary file not shown.

BIN
hosts/maddy/secrets/generated/resticpasswd.age Normal file
View file

Binary file not shown.

59
modules/services/maddy.nix
View file

@ -4,11 +4,68 @@
{ {
config, config,
pkgs, pkgs,
lib,
... ...
}: let }: let
priv_domain = config.secrets.secrets.global.domains.mail_private; priv_domain = config.secrets.secrets.global.domains.mail_private;
domain = config.secrets.secrets.global.domains.mail_public; domain = config.secrets.secrets.global.domains.mail_public;
maddyBackupDir = "/var/cache/backups/maddy";
in { in {
systemd.tmpfiles.settings = {
"10-maddy".${maddyBackupDir}.d = {
inherit (config.services.maddy) user group;
mode = "0770";
};
};
age.secrets.resticpasswd = {
generator.script = "alnum";
};
age.secrets.maddyHetznerSsh = {
generator.script = "ssh-ed25519";
};
services.restic.backups = {
main = {
user = "root";
timerConfig = {
OnCalendar = "06:00";
Persistent = true;
RandomizedDelaySec = "3h";
};
initialize = true;
passwordFile = config.age.secrets.resticpasswd.path;
hetznerStorageBox = {
enable = true;
inherit (config.secrets.secrets.global.hetzner) mainUser;
inherit (config.secrets.secrets.global.hetzner.users.maddy) subUid path;
sshAgeSecret = "maddyHetznerSsh";
};
paths = ["/var/lib/maddy/messages" maddyBackupDir];
pruneOpts = [
"--keep-daily 10"
"--keep-weekly 7"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
};
systemd.services.maddy-backup = let
cfg = config.systemd.services.maddy;
in {
description = "Maddy db backup";
serviceConfig =
lib.recursiveUpdate
cfg.serviceConfig
{
ExecStart = "${pkgs.sqlite}/bin/sqlite3 /var/lib/maddy/imapsql.db \".backup '${maddyBackupDir}/imapsql.sqlite3'\"";
Restart = "no";
Type = "oneshot";
};
inherit (cfg) environment;
requiredBy = ["restic-backups-main.service"];
before = ["restic-backups-main.service"];
};
age.secrets.patrickPasswd = { age.secrets.patrickPasswd = {
generator.script = "alnum"; generator.script = "alnum";
owner = "maddy"; owner = "maddy";
@ -240,7 +297,7 @@ in {
mx: mx1.pgrossmann.org mx: mx1.pgrossmann.org
" > "$out/.well-known/mta-sts.txt" " > "$out/.well-known/mta-sts.txt"
'' ''
} } ;
''; '';
}; };
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [

BIN
secrets/secrets.nix.age
View file

Binary file not shown.