machines: serv: add automated backups for postgresql dumps

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

machines/serv.nix

@@ -6,6 +6,8 @@
     ../modules/services/filebrowser.nix
     ../modules/services/homer.nix
     ../secrets/morph/acme.nix
+    ../secrets/morph/restic.nix
+    ../secrets/morph/serv.nix
     ../secrets/morph/sourcehut
     ../services/nginx.nix
     ../services/paperless.nix
@@ -36,5 +38,12 @@
     inherit (my.homelab.services.homer) settings;
   };
 
+  services.restic.server = {
+    enable = true;
+    dataDir = "/backup";
+    listenAddress = "127.0.0.1:8000";
+    appendOnly = true;
+  };
+
   services.nginx.virtualHosts = my.homelab.services.nginx.virtualHosts;
 }

services/postgresql.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, my, pkgs, ... }:
 
 {
   services.postgresql = {
@@ -14,4 +14,18 @@
     compression = "zstd";
     startAt = "*-*-* 04:00:00"; # daily at 04:00
   };
+
+  users.users.postgres.extraGroups = [ "restic-backup" ];
+
+  services.restic.backups.postgresql-15 =
+    let resticCfg = my.homelab.services.restic;
+    in {
+      inherit (resticCfg) environmentFile;
+      initialize = true;
+      repository = "${resticCfg.repositoryBase}/${config.networking.hostName}";
+      passwordFile = "/var/secrets/restic/repo/${config.networking.hostName}";
+      user = "postgres";
+      paths = [ "/var/backup/postgresql/all.sql.zstd" ];
+      timerConfig.OnCalendar = "*-*-* 4:30:00"; # daily at 04:30
+    };
 }