Backup nextcloud to backblaze using restic

2026-01-21 23:11:34 +01:00 · 2024-09-03 17:50:18 +02:00 · 2024-09-03 17:50:18 +02:00 · 4168626450
commit 4168626450
parent 3b4022d233
4 changed files with 76 additions and 6 deletions
--- a/hosts/stratus/containers/nextcloud/backup.nix
+++ b/hosts/stratus/containers/nextcloud/backup.nix
@ -0,0 +1,65 @@
+{
+  config,
+  pkgs,
+  lib,
+  dataDir,
+  ...
+}:
+{
+  sops.secrets = {
+    "restic/environment" = {
+      owner = config.users.users.nextcloud.name;
+      inherit (config.users.users.nextcloud) group;
+    };
+    "restic/password" = {
+      owner = config.users.users.nextcloud.name;
+      inherit (config.users.users.nextcloud) group;
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir}/backup 700 nextcloud nextcloud -"
+    "d /var/cache/restic-backups-nextcloud 700 nextcloud nextcloud -"
+  ];
+
+  services.restic.backups.nextcloud = {
+    initialize = true;
+    user = config.users.users.nextcloud.name;
+
+    repository = "s3:https://s3.eu-central-003.backblazeb2.com/stork-atlas/nextcloud";
+    environmentFile = config.sops.secrets."restic/environment".path;
+    passwordFile = config.sops.secrets."restic/password".path;
+
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 5"
+      "--keep-monthly 6"
+      "--keep-yearly 1"
+    ];
+
+    backupPrepareCommand = ''
+      ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on
+      ${lib.getExe' config.services.postgresql.package "pg_dump"} nextcloud --format=custom --file=${dataDir}/backup/db.dump
+    '';
+    backupCleanupCommand = ''
+      ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off
+    '';
+    paths = [
+      "${dataDir}/home/data"
+      "${dataDir}/home/config/config.php"
+      "${dataDir}/backup"
+    ];
+  };
+
+  environment.systemPackages = [
+    (pkgs.writeShellApplication {
+      name = "nextcloud-restore";
+      text = ''
+        sudo -u nextcloud ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --on
+        sudo -u nextcloud restic-nextcloud restore --target / latest
+        sudo -u nextcloud pg_restore --clean --if-exists --dbname nextcloud ${dataDir}/backup/db.dump
+        sudo -u nextcloud ${lib.getExe' config.services.nextcloud.occ "nextcloud-occ"} maintenance:mode --off
+      '';
+    })
+  ];
+}