jobs: rework the backup script

jobs.nix

@@ -45,64 +45,73 @@ systemd.services.ydns = {
   };
 
 
-systemd.services.backup = {
+  systemd.services.backup =
-  description = "run system backup";
+  let
+    saved = ''
+      /etc/lvm
+      /var/lib
+      /home
+    '';
+
+    excluded = ''
+      /var/lib/systemd
+      /var/lib/udisks2
+      /var/lib/postgresql
+      /var/lib/matrix-synapse/media_store/url_cache
+      /var/lib/matrix-synapse/media_store/url_cache_thumbnails
+    '';
+
+  in {
+    description = "system backup";
     after   = [ "network-online.target" ];
     startAt = "weekly";
 
-  serviceConfig.Type = "oneshot";
+    serviceConfig = {
-
+      Type = "oneshot";
-  path = with pkgs; [ bup git nfs-utils ];
+      PrivateTmp = true;
+      LimitNOFILE = 65536;
+    };
 
     environment.BUP_DIR = "/mnt/backup";
+    path = with pkgs; [ bup git nfs-utils sudo gzip postgresql ];
 
     script = ''
-    ${pkgs.fish}/bin/fish << 'EOF'
+      set -e
 
-    set locations \
+      # mount repository
-      /etc/lvm    \
+      mkdir -p "$BUP_DIR"
-      /etc/nixos  \
+      mount.nfs -o nolock 192.168.1.3:/maxwell "$BUP_DIR"
-      /var/lib    \
-      /home
-
-    set excluded       \
-      /var/lib/alsa    \
-      /var/lib/systemd \
-      /var/lib/udisks2 \
-      /var/lib/udev    \
-      /var/lib/postgresql
-
-    # mount NFS share
-    mkdir -p $BUP_DIR
-    mount.nfs -o nolock 192.168.1.3:/maxwell $BUP_DIR
-
-    # check if properly mounted
-    if not mountpoint -q $BUP_DIR
-      echo mount failed! 1>&2
-      exit 1
-    end
 
       # init backup
-    if not test -e $BUP_DIR/bupindex
+      ! test -e $BUP_DIR/bupindex && bup init
-      bup init
-    end
 
-    # build indices and copy
+      # build indices and save
-    for i in $locations
+      saved=${pkgs.writeText "backup-saved" saved}
-      eval bup index $i --exclude=(string join " --exclude=" $excluded)
+      excluded=${pkgs.writeText "backup-excluded" excluded}
-      bup save -n (basename $i) $i
+      while read -r dir; do
-    end
+        name=$(basename "$dir")
+
+        echo indexing $name...
+        bup index "$dir" --exclude-from="$excluded"
+        echo done
+
+        echo saving $name...
+        bup save -n "$name" "$dir"
+        echo done
+      done < "$saved"
 
       # postgresql backup
-    set dir /var/lib/postgresql-backup
+      dir=/tmp/postgresql
-    mkdir -p $dir
+      mkdir -p "$dir"
-    sudo -u postgres pg_dumpall | gzip > $dir/db.bak
-    bup index $dir
-    bup save -n postgresql $dir
-    rm -rf $dir
 
-    umount /mnt/backup
+      echo dumping databases...
-    EOF
+      sudo -u postgres pg_dumpall | gzip > "$dir"/db.bak
+      echo done
+
+      echo saving...
+      bup index "$dir"
+      bup save -n postgresql "$dir" --strip-path=/tmp
+      echo done
     '';
   };