From 0c1cbedf1cad8b004540aff7b7723d114425dcf2 Mon Sep 17 00:00:00 2001
From: ChaotiCryptidz <chaoticryptidz@owo.monster>
Date: Thu, 4 Aug 2022 21:53:51 +0100
Subject: [PATCH] restore shenanigan

---
 deployNodes.nix                      |  2 +-
 guides/HETZNERVM_RESTORE_GUIDE.md    | 73 ++++++++++++++++++++++++++++
 hosts/hetzner-vm/services/restic.nix | 47 +++++++++++++-----
 3 files changed, 108 insertions(+), 14 deletions(-)
 create mode 100644 guides/HETZNERVM_RESTORE_GUIDE.md

diff --git a/deployNodes.nix b/deployNodes.nix
index a0fae5a..720b9ac 100644
--- a/deployNodes.nix
+++ b/deployNodes.nix
@@ -9,7 +9,7 @@ in {
     };
   };
   hetzner-vm = {
-    hostname = "hetzner-vm.tailscale-internal.genderfucked.monster";
+    hostname = "hetzner-vm.servers.genderfucked.monster";
     username = "root";
     profiles.system = {
       user = "root";
diff --git a/guides/HETZNERVM_RESTORE_GUIDE.md b/guides/HETZNERVM_RESTORE_GUIDE.md
new file mode 100644
index 0000000..32cb8bf
--- /dev/null
+++ b/guides/HETZNERVM_RESTORE_GUIDE.md
@@ -0,0 +1,73 @@
+# ok so you fucked up, what next,
+## Step 1
+Either create a new VM or if still have access, go to ISOs and put in nixos 22.05 iso and reboot server.
+If create new vm, please change DNS and update IPs in the main nix config and this document (v6) and set rhost
+## Step 2 
+Use console to set ssh password.
+
+SSH in `ssh root@hetzner-vm.servers.genderfucked.monster`
+
+Add ssh key `echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAeN3T1aZkTm5xS0b66cRDyKUbdEQCFyzVWXeW+eIbsa chaos@chaos" >> /root/.ssh/authorized_keys`
+## Step 3
+Install NixOS.
+```
+parted -s "/dev/sda" -- mklabel msdos
+parted -s "/dev/sda" -- mkpart primary 512MiB 100%
+parted -s "/dev/sda" -- print
+
+mkfs.ext4 /dev/sda1
+
+mount /dev/sda1 /mnt
+
+nixos-generate-config --root /mnt
+```
+
+Edit configuration.nix and replace with
+```nix
+{ config, pkgs, ... }:
+{
+  imports = [ ./hardware-configuration.nix ];
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAeN3T1aZkTm5xS0b66cRDyKUbdEQCFyzVWXeW+eIbsa chaos@chaos"
+    ];
+  };
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.kernelModules = [ "nvme" ];
+
+  services.openssh.enable = true;
+
+  networking.enableIPv6 = true;
+  networking.usePredictableInterfaceNames = false;
+  networking.dhcpcd.enable = true;
+  systemd.network = {
+    enable = true;
+    networks.eth0 = {
+      name = "eth0";
+      address = [ "2a01:4f9:c010:8beb::1/64" ];
+      gateway = [ "fe80::1" ];
+    };
+  };
+
+  system.stateVersion = "21.11"; 
+}
+```
+
+Then run `nixos-install` and reboot if successful.
+
+## Step 4
+Redeploy with `deploy -s .#hetzner-vm --magic-rollback=false --auto-rollback=false --ssh-user root`
+
+## Step 5 
+Restore using restic.
+`B2_ACCOUNT_ID=id B2_ACCOUNT_KEY=key RESTIC_REPOSITORY=b2:Chaos-Backups:HetznerVM restic restore latest`
+
+## Step 6
+re-connect to tailscale `tailscale up` and redo dns
+
+## Step 7
+Restore Postgres `cat /var/backup/postgresql/all.sql.zstd | zstd -d | sudo -u postgres psql`
+
+## Step 8 
+Restore music, either via `mkdir -p /storage/music && env B2_ACCOUNT_ID=id B2_ACCOUNT_KEY=key RESTIC_REPOSITORY=b2:Chaos-Backups:Music restic restore latest --target /storage/music` or ./sync.sh on laptop.
\ No newline at end of file
diff --git a/hosts/hetzner-vm/services/restic.nix b/hosts/hetzner-vm/services/restic.nix
index 374ed41..1282bf8 100644
--- a/hosts/hetzner-vm/services/restic.nix
+++ b/hosts/hetzner-vm/services/restic.nix
@@ -1,19 +1,32 @@
-{ lib, pkgs, ... }:
+{ lib, config, pkgs, ... }:
 let
 
   mail_config = (import ./mailserver/config.nix { });
 
   backupUser = "root";
   backupPaths = [
-    "/var/lib/postgresql"
+    "/secrets"
+
     "/var/lib/vault"
     "/var/lib/acme"
-    "/secrets"
+    # Quassel & Invidious
+    "/var/backup/postgresql"
+    "/home/quassel/.config/quassel-irc.org"
+    # MPD State
+    "/mpd"
+    # doesn't work for restoring might as well not backup
+    # "/var/lib/tailscale"
+
+    # mail
     mail_config.vmail_config.directory
     mail_config.sieve_directory
     mail_config.dkim_directory
     "/var/lib/redis-rspamd"
   ];
+  backupPrepareCommand = "${(pkgs.writeShellScriptBin "backupPrepareCommand" ''
+    systemctl start postgresqlBackup --wait
+  '')}/bin/backupPrepareCommand";
+
   timerConfig = {
     OnBootSec = "1m";
     OnCalendar = "daily";
@@ -31,16 +44,16 @@ let
     };
   };
 
-  restic_commands = lib.mapAttrsToList (repoName: repoInfo: (
-    # nya
-    pkgs.writeShellScriptBin "restic-${repoName}" ''
-      env \
-        $(cat ${repoInfo.environmentFile}) \
-        RESTIC_PASSWORD_FILE=${repoInfo.passwordFile} \
-        RESTIC_REPOSITORY=${repoInfo.repository} \
-      ${pkgs.restic}/bin/restic $@
-    ''
-  )) repos;
+  restic_commands = lib.mapAttrsToList (repoName: repoInfo:
+    (
+      # nya
+      pkgs.writeShellScriptBin "restic-${repoName}" ''
+        env \
+          $(cat ${repoInfo.environmentFile}) \
+          RESTIC_PASSWORD_FILE=${repoInfo.passwordFile} \
+          RESTIC_REPOSITORY=${repoInfo.repository} \
+        ${pkgs.restic}/bin/restic $@
+      '')) repos;
 in {
   environment.systemPackages = restic_commands;
 
@@ -49,6 +62,7 @@ in {
       user = backupUser;
       paths = backupPaths;
       inherit timerConfig;
+      inherit backupPrepareCommand;
     }
     repos.Chaos-Backups-HetznerVM
   ];
@@ -57,7 +71,14 @@ in {
       user = backupUser;
       paths = backupPaths;
       inherit timerConfig;
+      inherit backupPrepareCommand;
     }
     repos.Cassie-Backups-HetznerVM
   ];
+
+  services.postgresqlBackup = {
+    enable = true;
+    backupAll = true;
+    compression = "zstd";
+  };
 }