diff --git a/hosts/oracle/default.nix b/hosts/oracle/default.nix index 977b2c9..382e7cc 100644 --- a/hosts/oracle/default.nix +++ b/hosts/oracle/default.nix @@ -32,7 +32,7 @@ nixpkgs.lib.nixosSystem { backupS3 = { endpoint = "s3.us-west-002.backblazeb2.com"; bucket = "noahmasur-backup"; - accessKeyId = "0026b0e73b2e2c80000000004"; + accessKeyId = "0026b0e73b2e2c80000000005"; }; # Grant access to Jellyfin directories from Nextcloud diff --git a/modules/services/backups.nix b/modules/services/backups.nix index 57503b6..d63e3dd 100644 --- a/modules/services/backups.nix +++ b/modules/services/backups.nix @@ -23,9 +23,13 @@ config = { + users.groups.backup = { }; + secrets.backup = { source = ../../private/backup.age; dest = "${config.secretsDirectory}/backup"; + group = "backup"; + permissions = "0440"; }; # # Backup library to object storage diff --git a/modules/services/calibre.nix b/modules/services/calibre.nix index d43b9b5..dc29b8d 100644 --- a/modules/services/calibre.nix +++ b/modules/services/calibre.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { - imports = [ ./caddy.nix ]; + imports = [ ./caddy.nix ./backups.nix ]; options = { bookServer = lib.mkOption { @@ -39,6 +39,35 @@ }]; }]; + # Run a backup on a schedule + systemd.timers.calibre-backup = { + timerConfig = { + OnCalendar = "*-*-* 00:00:00"; # Once per day + Unit = "calibre-backup.service"; + }; + wantedBy = [ "timers.target" ]; + }; + + # Backup Calibre data to object storage + systemd.services.calibre-backup = + let libraryPath = "/var/lib/calibre-web"; # Default location + in { + description = "Backup Calibre data"; + environment.AWS_ACCESS_KEY_ID = config.backupS3.accessKeyId; + serviceConfig = { + Type = "oneshot"; + User = "calibre-web"; + Group = "backup"; + EnvironmentFile = config.secrets.backup.dest; + }; + script = '' + ${pkgs.awscli2}/bin/aws s3 sync \ + ${libraryPath}/ \ + s3://${config.backupS3.bucket}/calibre/ \ + --endpoint-url=https://${config.backupS3.endpoint} + ''; + }; + }; } diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 60bcbdd..13f6aeb 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -60,7 +60,7 @@ lib.mkForce "0770"; # Allow litestream and nextcloud to share a sqlite database - users.users.litestream.extraGroups = [ "nextcloud" ]; + users.users.litestream.extraGroups = [ "nextcloud" "backup" ]; users.users.nextcloud.extraGroups = [ "litestream" ]; # Backup sqlite database with litestream diff --git a/private/backup.age b/private/backup.age index 497ddf6..0a9a7e8 100644 --- a/private/backup.age +++ b/private/backup.age @@ -1,10 +1,10 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuMUg4 -TG5Oa1U5WERGOWJibkRZRVJwZGdEZmRsSVBraHdVYTJwbGpNL1VnCjRYaW1nTUR0 -cjR2NHJ1V1lhRHp4a2VOekVTZVl5Rk5CcG1heHhsR2M5SHMKLT4gc3NoLWVkMjU1 -MTkgWXlTVU1RIHhEN3o1NzNTTVIvZG1VcERJQitkRk4vTmtFQk9SVUVJQUVOdVY2 -YWoxM1UKVVVMWTYzKzE4ZjVDWitGNkUvR2U1Z1VJdVdqOWhWZVAxNWFOaFZvZGpS -OAotLS0gWlU2TEY0TFZiM3VCM0hWcDAvQlQzTjE3MkZSOGNXaUhDdVQzL2pVRzlT -VQoP0xMzUx0ozRvXFrNfFNyqwzUoHl7GM1P6VFjjDjuMkuWtQ/+V6DV/rGlXDKJ9 -jidhm8Y0hbjL6cbQrolUSgHSzG5CPD/4pb3zmxTZ9ol7cQuR4PbnPQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmVEo2 +bExsZERhYi9vVXMxVThRK2w3dFR4UlZVcGlsWUFPM3pReTQwaW5ZCjQ5Z3g3amZC +bWUwWkdKTStVbFpwMmdwK3pQQU5CeE5tMVNHbXI1UkdCTFUKLT4gc3NoLWVkMjU1 +MTkgWXlTVU1RIE9sTG1lOHIyVGdLNWtJRTZtdGNWWEFsTTJ5bE1HS1V2MEdKeGNN +WFMyV28KVlRHdDg5SGFadVlJempKWkp6eEp6TkhINnl0R0xDL0J0WXByclpFWE5I +VQotLS0gVVhaUDZLTy8xS3hKOVliSlpuTEY2Q2xOQUEvblBtUG9Vb0I5ZE1oOUZ1 +VQr18Jwx6XDa7bwq0QWT6NdIFzqNUHWhDyUvS9twncFsr0yEAUDQd2XLtE+Vc8T9 +Z7y/C8Ct5+duqd6YaeqROJz5zVj0NnI0lshirBl89PQWF9ihp4V4Hw== -----END AGE ENCRYPTED FILE-----