Move nspawn containers into nspawn directory

2026-01-21 21:01:34 +01:00 · 2024-09-16 20:41:43 +02:00 · 2024-09-16 20:41:43 +02:00 · 5b1fc56176
commit 5b1fc56176
parent be488a91a7
14 changed files with 2 additions and 1 deletions
--- a/hosts/stratus/containers/nspawn/forgejo/backup.nix
+++ b/hosts/stratus/containers/nspawn/forgejo/backup.nix
@ -0,0 +1,59 @@
+{
+  config,
+  pkgs,
+  lib,
+  dataDir,
+  ...
+}:
+{
+  systemd.tmpfiles.rules = [ "d ${dataDir}/backup 750 forgejo forgejo -" ];
+
+  security.polkit = {
+    enable = true;
+    extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        if (action.id == "org.freedesktop.systemd1.manage-units" &&
+          action.lookup("unit") == "forgejo.service" &&
+          subject.user == "forgejo") {
+          return polkit.Result.YES;
+        }
+      });
+    '';
+  };
+
+  myConfig.resticBackup.forgejo = {
+    enable = true;
+    user = config.users.users.forgejo.name;
+    healthchecks.enable = true;
+
+    extraConfig = {
+      backupPrepareCommand = ''
+        ${lib.getExe' pkgs.systemd "systemctl"} stop forgejo.service
+        ${lib.getExe' config.services.postgresql.package "pg_dump"} forgejo --format=custom --file=${dataDir}/backup/db.dump
+      '';
+      backupCleanupCommand = ''
+        ${lib.getExe' pkgs.systemd "systemctl"} start forgejo.service
+      '';
+      paths = [
+        "${dataDir}/home/custom"
+        "${dataDir}/home/data"
+        "${dataDir}/home/repositories"
+        "${dataDir}/home/.ssh"
+        "${dataDir}/backup"
+      ];
+      extraBackupArgs = [ "--exclude='${dataDir}/home/custom/conf/app.ini'" ];
+    };
+  };
+
+  environment.systemPackages = [
+    (pkgs.writeShellApplication {
+      name = "forgejo-restore";
+      text = ''
+        systemctl stop forgejo.service
+        sudo -u forgejo restic-forgejo restore --target / latest
+        sudo -u forgejo pg_restore --clean --if-exists --dbname forgejo ${dataDir}/backup/db.dump
+        systemctl start forgejo.service
+      '';
+    })
+  ];
+}