{ config, lib, pkgs, ... }: let inherit (builtins) listToAttrs getAttr; inherit (lib.modules) mkIf mkMerge; inherit (lib.options) mkOption mkEnableOption mdDoc; inherit (lib.strings) optionalString; inherit (lib.attrsets) attrValues; inherit (lib) types; cfg = config.services.postgreSQLRemoteBackup; in { options = { # TODO: add host, port, user options services.postgreSQLRemoteBackup = { enable = mkEnableOption (mdDoc "PostgreSQL database dumps"); keepPrev = mkOption { default = true; type = types.bool; description = mdDoc '' Keep the previous run's backups but rename them to $name.prev ''; }; startAt = mkOption { default = "4h"; type = with types; either (listOf str) str; description = mdDoc '' This option defines (see `systemd.time` for format) when the databases should be dumped. The default is run every 4 hours. ''; }; backupUser = mkOption { default = "root"; type = types.str; description = mdDoc '' User which will be used for backup job and files ''; }; databases = mkOption { default = []; type = types.listOf types.str; description = mdDoc '' List of database names to dump. ''; }; location = mkOption { default = "/var/backup/postgresql"; type = types.path; description = mdDoc '' Path of directory where the PostgreSQL database dumps will be placed. ''; }; pgdumpOptions = mkOption { type = types.separatedString " "; default = "-C"; description = mdDoc '' Command line options for pg_dump. ''; }; compression = mkOption { type = types.enum ["none" "zstd"]; default = "zstd"; description = mdDoc '' The type of compression to use on the generated database dump. ''; }; compressionLevel = mkOption { type = types.int; default = 9; description = mdDoc '' The compression level used when compression is enabled. zstd accepts levels 1 to 19. ''; }; }; }; config = mkMerge [ (mkIf cfg.enable { systemd.tmpfiles.rules = [ "d '${cfg.location}' 0700 ${cfg.backupUser} - - -" ]; }) (mkIf (cfg.enable) { systemd.services = listToAttrs (map (db: { name = "remotePostgreSQLBackup-${db}"; value = let compressSuffixes = { "none" = ""; "zstd" = ".zstd"; }; compressSuffix = getAttr cfg.compression compressSuffixes; compressCmd = getAttr cfg.compression { "none" = "cat"; "zstd" = "${pkgs.zstd}/bin/zstd -c -${toString cfg.compressionLevel}"; }; mkSqlPath = prefix: suffix: "${cfg.location}/${db}${prefix}.sql${suffix}"; curFile = mkSqlPath "" compressSuffix; prevFile = mkSqlPath ".prev" compressSuffix; prevFiles = map (mkSqlPath ".prev") (attrValues compressSuffixes); inProgressFile = mkSqlPath ".in-progress" compressSuffix; in { enable = true; description = "Backup of ${db} database(s)"; requires = mkIf (config.services.postgresql.enable) [ "postgresql.service" ]; path = [ pkgs.coreutils (let pgCfg = config.services.postgresql; in if pgCfg.enable then pgCfg.package else pkgs.postgresql) ]; script = '' set -e -o pipefail umask 0077 # ensure backup is only readable by backup user ${optionalString (cfg.keepPrev) '' if [ -e ${curFile} ]; then rm -f ${toString prevFiles} mv ${curFile} ${prevFile} fi ''} pg_dump ${cfg.pgdumpOptions} ${db} \ | ${compressCmd} \ > ${inProgressFile} mv ${inProgressFile} ${curFile} ''; serviceConfig = { Type = "oneshot"; User = cfg.backupUser; }; startAt = cfg.startAt; }; }) cfg.databases); }) ]; }