jobs: rework the backup script

jobs.nix

@@ -4,7 +4,7 @@ with lib;
 
 {
 
-systemd.services.ydns = {
+  systemd.services.ydns = {
     description = "update ydns address record";
     after    = [ "network-online.target" ];
     startAt  = "*:0/30";
@@ -42,73 +42,82 @@ systemd.services.ydns = {
       update 4 "$(curl -s -4 https://ydns.io/api/v1/ip)"
       update 6 "$(ip addr show mngtmpaddr | awk '/inet6/{print $2; exit}' | cut -d/ -f1)"
     '';
-};
+  };
 
 
-systemd.services.backup = {
+  systemd.services.backup =
-  description = "run system backup";
+  let
+    saved = ''
+      /etc/lvm
+      /var/lib
+      /home
+    '';
+
+    excluded = ''
+      /var/lib/systemd
+      /var/lib/udisks2
+      /var/lib/postgresql
+      /var/lib/matrix-synapse/media_store/url_cache
+      /var/lib/matrix-synapse/media_store/url_cache_thumbnails
+    '';
+
+  in {
+    description = "system backup";
     after   = [ "network-online.target" ];
     startAt = "weekly";
 
-  serviceConfig.Type = "oneshot";
+    serviceConfig = {
-
+      Type = "oneshot";
-  path = with pkgs; [ bup git nfs-utils ];
+      PrivateTmp = true;
+      LimitNOFILE = 65536;
+    };
 
     environment.BUP_DIR = "/mnt/backup";
+    path = with pkgs; [ bup git nfs-utils sudo gzip postgresql ];
 
     script = ''
-    ${pkgs.fish}/bin/fish << 'EOF'
+      set -e
 
-    set locations \
+      # mount repository
-      /etc/lvm    \
+      mkdir -p "$BUP_DIR"
-      /etc/nixos  \
+      mount.nfs -o nolock 192.168.1.3:/maxwell "$BUP_DIR"
-      /var/lib    \
-      /home
-
-    set excluded       \
-      /var/lib/alsa    \
-      /var/lib/systemd \
-      /var/lib/udisks2 \
-      /var/lib/udev    \
-      /var/lib/postgresql
-
-    # mount NFS share
-    mkdir -p $BUP_DIR
-    mount.nfs -o nolock 192.168.1.3:/maxwell $BUP_DIR
-
-    # check if properly mounted
-    if not mountpoint -q $BUP_DIR
-      echo mount failed! 1>&2
-      exit 1
-    end
 
       # init backup
-    if not test -e $BUP_DIR/bupindex
+      ! test -e $BUP_DIR/bupindex && bup init
-      bup init
-    end
 
-    # build indices and copy
+      # build indices and save
-    for i in $locations
+      saved=${pkgs.writeText "backup-saved" saved}
-      eval bup index $i --exclude=(string join " --exclude=" $excluded)
+      excluded=${pkgs.writeText "backup-excluded" excluded}
-      bup save -n (basename $i) $i
+      while read -r dir; do
-    end
+        name=$(basename "$dir")
+
+        echo indexing $name...
+        bup index "$dir" --exclude-from="$excluded"
+        echo done
+
+        echo saving $name...
+        bup save -n "$name" "$dir"
+        echo done
+      done < "$saved"
 
       # postgresql backup
-    set dir /var/lib/postgresql-backup
+      dir=/tmp/postgresql
-    mkdir -p $dir
+      mkdir -p "$dir"
-    sudo -u postgres pg_dumpall | gzip > $dir/db.bak
-    bup index $dir
-    bup save -n postgresql $dir
-    rm -rf $dir
 
-    umount /mnt/backup
+      echo dumping databases...
-    EOF
+      sudo -u postgres pg_dumpall | gzip > "$dir"/db.bak
+      echo done
+
+      echo saving...
+      bup index "$dir"
+      bup save -n postgresql "$dir" --strip-path=/tmp
+      echo done
     '';
-};
+  };
 
 
-systemd.services.namecoin-update =
+  systemd.services.namecoin-update =
-let
+  let
     userFile = with config.services.namecoind;
       pkgs.writeText "namecoin.conf" ''
       rpcbind=${rpc.address}
@@ -116,7 +125,7 @@ let
       rpcuser=${rpc.user}
       rpcpassword=${rpc.password}
       '';
-in {
+  in {
     description = "update namecoin names";
     after       = [ "namecoind.service" ];
     startAt     = "hourly";
@@ -124,6 +133,6 @@ in {
     path = [ pkgs.namecoind ];
     serviceConfig.Type = "oneshot";
     serviceConfig.ExecStart = "${pkgs.haskellPackages.namecoin-update}/bin/namecoin-update ${userFile}";
-};
+  };
 
 }