{
pkgs,
config,
lib,
host_secrets,
...
}: let
secrets = host_secrets;
# Because gotosocial-admin isn't a seporate package we need to generate a seperate config
# and duplicate the wrapper for use in a systemd unit
goToSocialConfigFile = (pkgs.formats.yaml {}).generate "config.yml" config.services.gotosocial.settings;
goToSocialAdmin = "${(pkgs.writeShellScriptBin "goToSocialAdmin" ''
exec systemd-run \
-u gotosocial-admin.service \
-p Group=gotosocial \
-p User=gotosocial \
-q -t -G --wait --service-type=exec \
${pkgs.gotosocial}/bin/gotosocial --config-path ${goToSocialConfigFile} admin "$@"
'')}/bin/goToSocialAdmin";
backupPrepareCommand = "${
(pkgs.writeShellScriptBin "backupPrepareCommand" ''
systemctl start ${
lib.concatStringsSep " "
(lib.forEach config.services.postgresqlBackup.databases
(db: "postgresqlBackup-${db}"))
} --wait
${goToSocialAdmin} export --path /var/lib/gotosocial/gts-export.json
'')
}/bin/backupPrepareCommand";
backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" ''
rm /var/lib/gotosocial/gts-export.json
'')}/bin/backupCleanupCommand";
in {
environment.systemPackages = with pkgs; [
restic
(pkgs.writeShellScriptBin "restic-social" ''
env \
RESTIC_PASSWORD_FILE=${secrets.social_restic_password.path} \
$(cat ${secrets.social_restic_env.path}) \
${pkgs.restic}/bin/restic $@
'')
];
services.restic.backups.social = {
user = "root";
paths = [
"/var/backup/postgresql"
"/var/lib/gotosocial"
];
# repository is overrided in environmentFile to contain auth
# make sure to keep up to date when changing repository
repository = "rest:https://storage-restic.owo.monster/Social";
passwordFile = "${secrets.social_restic_password.path}";
environmentFile = "${secrets.social_restic_env.path}";
pruneOpts = [
"--keep-last 10"
];
timerConfig = {
OnBootSec = "1m";
OnCalendar = "daily";
};
inherit backupPrepareCommand;
inherit backupCleanupCommand;
};
services.postgresqlBackup = {
enable = true;
backupAll = false;
databases = ["gotosocial"];
compression = "zstd";
};
}