{ self, pkgs, config, ... }: let inherit (config.services.secrets) secrets; backupSchedules = import "${self}/data/backupSchedules.nix"; # Because gotosocial-admin isn't a seporate package we need to generate a seperate config # and duplicate the wrapper for use in a systemd unit gotoSocialConfigFile = (pkgs.formats.yaml {}).generate "config.yml" config.services.gotosocial.settings; gotoSocialAdmin = "${(pkgs.writeShellScriptBin "gts-admin" '' exec systemd-run \ -u gotosocial-admin.service \ -p Group=gotosocial \ -p User=gotosocial \ -q -t -G --wait --service-type=exec \ ${pkgs.gotosocial}/bin/gotosocial --config-path ${gotoSocialConfigFile} admin "$@" '')}/bin/gts-admin"; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' systemctl stop gotosocial ${gotoSocialAdmin} export --path /var/lib/gotosocial/gts-export.json ${gotoSocialAdmin} media prune all --dry-run=false systemctl start gotosocial '') }/bin/backupPrepareCommand"; backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" '' rm /var/lib/gotosocial/gts-export.json || true '')}/bin/backupCleanupCommand"; in { environment.systemPackages = with pkgs; [ restic (pkgs.writeShellScriptBin "restic-social" '' env \ RESTIC_PASSWORD_FILE=${secrets.restic_password.path} \ $(cat ${secrets.restic_env.path}) \ ${pkgs.restic}/bin/restic $@ '') ]; services.restic.backups.social = { user = "root"; paths = [ "/var/lib/gotosocial" ]; # repository is overrided in environmentFile to contain auth # make sure to keep up to date when changing repository repository = "rest:https://storage-restic.owo.monster/Social"; passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; pruneOpts = ["--keep-last 10"]; # Don't want to cause too much downtime and take too long to prune media timerConfig = backupSchedules.restic.medium; inherit backupPrepareCommand; inherit backupCleanupCommand; }; }