initial attempt

2024-10-02 15:42:42 +02:00 · 2024-10-02 15:42:42 +02:00 · 8430708d0b
commit 8430708d0b
parent ee3da99d38
1 changed files with 43 additions and 0 deletions
--- a/modules/blocks/postgresql.nix
+++ b/modules/blocks/postgresql.nix
@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.shb.postgresql;
+  contracts = pkgs.callPackage ../contracts {};

  upgrade-script = old: new:
    let
@ -49,6 +50,48 @@ in
      default = false;
    };

+    backup = lib.mkOption {
+      type = contracts.backup;
+      description = ''
+        Backup configuration. This is an output option.
+
+        Use it to initialize a block implementing the "backup" contract.
+        For example, with the restic block:
+
+        ```
+        shb.restic.instances."postgresql" = {
+          enable = true;
+
+          # Options specific to Restic.
+        } // config.shb.nextcloud.backup;
+        ```
+      '';
+      readOnly = true;
+      default = {
+        user = "postgresql";
+        sourceDirectories = [
+          /tmp/postgresql_backup
+        ];
+        excludePatterns = [ ];
+
+        hooks.before_backup = [''
+          set -e -o pipefail
+
+          umask 077 # Ensure backup is only readable by postgres user
+
+          rm -rf /tmp/postgresql_backup # Clean up in case after_backup hook wasn't run.
+          mkdir /tmp/postgresql_backup
+
+          ${pkgs.psql}/bin/pg_dumpall | ${pkgs.gzip}/bin/gzip --rsyncable > /tmp/postgresql_backup/pg_dumpall.sql.gz
+        ''];
+
+        hooks.after_backup = [''
+          set -e -o pipefail
+          rm -rf /tmp/postgresql_backup
+        ''];
+      };
+    };
+
    ensures = lib.mkOption {
      description = "List of username, database and/or passwords that should be created.";
      type = lib.types.listOf (lib.types.submodule {