New module: phoebe.backup.postgresql

README.md

@@ -35,6 +35,10 @@ Module List
 
      HTTPS to HTTP private tunnels for web developers.
 
+  * `phoebe.backup.postgresql`:
+
+     Simple backups for PostgreSQL via `pg_dump`.
+
 
 [nixos]: https://nixos.org/
 [nixpkgs]: https://nixos.org/nixpkgs/

default.nix

@@ -15,7 +15,7 @@ pkgs.stdenvNoCC.mkDerivation rec {
 
   installPhase = ''
     mkdir -p $out
-    cp -rp bin modules lib $out/
+    cp -rp bin modules lib pkgs $out/
     chmod 0555 $out/bin/*
   '';
 }

modules/backup/default.nix

@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ...}:
+
+{
+  imports = [
+    ./postgresql.nix
+  ];
+}

modules/backup/postgresql.nix

@@ -0,0 +1,87 @@
+# Simple backups for PostgreSQL.
+{ config, lib, pkgs, ...}:
+
+with lib;
+
+let
+  cfg = config.phoebe.backup.postgresql;
+  scripts = (import ../../pkgs/default.nix { inherit pkgs; }).backup-scripts;
+  pguser = "postgres";
+
+  # systemd service:
+  service = database: {
+    "backup-postgresql-${database}" = {
+      description = "Backup PostgreSQL Database ${database}";
+      after = [ "postgresql.service" ];
+      path  = [ pkgs.coreutils config.services.postgresql.package scripts ];
+
+      serviceConfig = {
+        Type = "simple";
+        PermissionsStartOnly = "true";
+        User = pguser;
+      };
+
+      preStart = ''
+        mkdir -p "${cfg.directory}"
+        chown ${pguser}:${pguser} "${cfg.directory}"
+        chmod 0750 "${cfg.directory}"
+      '';
+
+      script = ''
+        export BACKUP_DIRECTORY="${cfg.directory}"
+        export BACKUP_LOG_DIR=stdout
+        backup-postgresql-dump.sh "${database}"
+        backup-purge.sh -k ${toString cfg.keep} "${cfg.directory}/${database}"
+      '';
+    };
+  };
+
+  # systemd timer:
+  timer = database: {
+    "backup-postgresql-${database}" = {
+      description = "Scheduled Backup of PostgreSQL ${database}";
+      wantedBy = [ "timers.target" ];
+      timerConfig.OnCalendar = cfg.schedule;
+      timerConfig.RandomizedDelaySec = "5m";
+      timerConfig.Unit = "backup-postgresql-${database}.service";
+    };
+  };
+
+in
+{
+  #### Interface
+  options.phoebe.backup.postgresql = {
+    enable = mkEnableOption "Backup PostgreSQL Databases.";
+
+    databases = mkOption {
+      type = types.nonEmptyListOf types.str;
+      example = [ "store" ];
+      description = "Database names to backup.";
+    };
+
+    directory = mkOption {
+      type = types.path;
+      default = "/var/backup/postgresql";
+      description = "Base directory where dumps are stored.";
+    };
+
+    schedule = mkOption {
+      type = types.str;
+      default = "*-*-* 00/2:00:00";
+      description = "A systemd OnCalendar formatted frequency specification.";
+    };
+
+    keep = mkOption {
+      type = types.ints.positive;
+      default = 12;
+      description = "Number of backups to keep when deleting older backups.";
+    };
+  };
+
+  #### Implementation
+  config = mkIf cfg.enable {
+    # Configure systemd services and timers:
+    systemd.services = foldr (a: b: service a // b) {} cfg.databases;
+    systemd.timers   = foldr (a: b: timer   a // b) {} cfg.databases;
+  };
+}

modules/default.nix

@@ -14,6 +14,7 @@ let
 in
 {
   imports = [
+    ./backup
     ./security
     ./services
   ];

pkgs/backup-scripts.json

@@ -0,0 +1,7 @@
+{
+  "url": "git://git.devalot.com/backup-scripts.git",
+  "rev": "9cadcbeb970405ec99fe99304fcf2ece84927cf9",
+  "date": "2019-03-06T14:20:57-07:00",
+  "sha256": "0y8qba4v1ybvw8m98rwd32i3c4maf8clmv39lwn0f965wa4cr0l9",
+  "fetchSubmodules": false
+}

pkgs/default.nix

@@ -0,0 +1,18 @@
+{ pkgs ? import <nixpkgs> {}
+}:
+
+with pkgs.lib;
+
+let
+  callPackage = f:
+    let json = removeAttrs (importJSON f) ["date"];
+    in callPackageWith attrs "${pkgs.fetchgit json}/default.nix";
+
+  attrs = {
+    inherit pkgs;
+
+    # Useful backup scripts.
+    backup-scripts = callPackage ./backup-scripts.json { };
+  };
+
+in attrs