LukaDeka/HexName-NixOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: 10min incremental snapshots/backups

Browse source
This commit is contained in:
Luka Dekanozishvili 2026-02-02 01:32:58 +01:00
parent 3a66e5958a
commit e6b4cc8619
9 changed files with 139 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkgs/backend.nix
View file

@ -30,7 +30,7 @@
Group = "hexname";
Type = "simple";
Restart = "always";
ExecStart = "${pkgs.hexname-backend}/bin/dns-backend";
ExecStart = "${pkgs.hexname-backend}/bin/hexname-backend";
};
};
}

45
pkgs/postgres.nix
View file

@ -14,43 +14,24 @@
listen_addresses = lib.mkForce "127.0.0.1,100.123.91.36";
};
# Allow root to log in as postgres in the DB (for the PowerDNS container)
# identMap = ''
# postgres root postgres
# authentication = ''
# host all replication_user 100.112.93.9/32 scram-sha-256
# '';
authentication = ''
host all replication_user 100.112.93.9/32 scram-sha-256
authentication = lib.mkForce ''
# TYPE DATABASE USER ADDRESS AUTH-METHOD
# Allow the replication subscriber to connect from Tailscale IP
host all replication_user 100.112.93.9/32 scram-sha-256
host hexname-backend hexname-backend 127.0.0.1/32 scram-sha-256
host powerdns powerdns 127.0.0.1/32 scram-sha-256
local all all peer
# local all postgres peer
'';
# authentication = lib.mkForce ''
# # TYPE DATABASE USER ADDRESS AUTH-METHOD [auth-options]
# # host hexname-backend hexname-backend 127.0.0.1/24 scram-sha-256
# # host postgres postgres 127.0.0.1/24 scram-sha-256
# host all all 127.0.0.1/24 scram-sha-256
# # host all powerdns-user 127.0.0.1/24 scram-sha-256
# # local all root trust
# '';
# This password is only the initial one - don't get too excited
initialScript = "/etc/env/hexname/init-db-dns.sql";
# initialScript = pkgs.writeText "set-initial-password-script" ''
# CREATE USER powerdns WITH PASSWORD 'shuaze-gagyof';
# CREATE USER hexname_backend WITH PASSWORD 'shuaze-gagyof2' CREATEDB;
# CREATE USER replication_user SUPERUSER WITH PASSWORD 'shuaze-gagyof3';
# CREATE DATABASE powerdns OWNER "powerdns";
# CREATE DATABASE hexname_backend OWNER "hexname-backend";
# CREATE DATABASE hexname_backend OWNER "hexname-backend";
# \c powerdns;
# CREATE PUBLICATION powerdns_pub FOR ALL TABLES;
# CREATE SUBSCRIPTION hexname_ns2
# CONNECTION 'host=publisher_ip_address port=5432 user=replication_user password=' ' dbname=powerdns'
# PUBLICATION powerdns_pub;
# '';
# ALTER USER "postgres" WITH PASSWORD 'shuaze-gagyof';
};
}

38
pkgs/restic.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, ... }:
{
# users.groups.hexname-postgres-backup = {};
# users.users = {
# hexname-postgres-backup = {
# group = "hexname-postgres-backup";
# isSystemUser = true;
# createHome = true;
# home = "/var/lib/hexname/postgres";
# };
# };
services.restic.backups = {
postgres = {
paths = [
# This is where I store the output of `pg_dump`, not the DB itself
"/var/lib/hexname/postgres"
];
repository = "sftp:hexname-postgres-backup@ns2.hexname.com:/etc/backups/ns1";
extraOptions = [
"sftp.command='ssh -p 6968 hexname-postgres-backup@ns2.hexname.com -i /etc/env/restic/id_ed25519 -s sftp'"
];
passwordFile = "/etc/env/restic/gateway-password";
initialize = true;
timerConfig = null; # Explicitly invoked by backup-postgres.service
pruneOpts = [
"--keep-last 36" # 6 hours' worth
"--keep-daily 7"
"--keep-weekly 2"
"--keep-monthly 3"
"--keep-yearly 1"
];
};
};
}

19
pkgs/zfs.nix Normal file
View file

@ -0,0 +1,19 @@
{ ... }:
{
services.zfs = {
autoSnapshot = {
enable = true;
flags = "-k -p -u";
monthly = 6;
weekly = 2;
daily = 7;
hourly = 24;
frequent = 8;
};
autoScrub.enable = true;
};
}