citadel

My dotfiles, scripts and nix configs
git clone git://jb55.com/citadel
Log | Files | Refs | README | LICENSE

default.nix (1315B)

      1 extra:
      2 { config, lib, pkgs, ... }:
      3 let pubkey = pkgs.fetchurl {
      4                url = "https://jb55.com/pgp.txt";
      5                sha256 = "012910961fb58b886fc44a8ebedba394240be4e17604703f3b094eef86d5aca5";
      6              };
      7 in
      8 {
      9   systemd.services.postgresql-backup = {
     10     description = "PostgreSQL backups";
     11 
     12     environment = {
     13       AWS_ACCESS_KEY_ID = extra.private.aws_access_key;
     14       AWS_SECRET_ACCESS_KEY = extra.private.aws_secret_key;
     15     };
     16 
     17     unitConfig.OnFailure = "notify-failed@%n.service";
     18     # Saturday morning? should be fine
     19     startAt = "Sat *-*-* 08:10:00";
     20     serviceConfig.ExecStart = let script = pkgs.writeScript "postgresql-backup" ''
     21       #!${pkgs.bash}/bin/bash
     22       set -euo pipefail
     23 
     24       filename="Monstercat-pgdev-$(date +%F-%H%M%z).sql.xz.gpg"
     25 
     26       ${pkgs.gnupg}/bin/gpg2 --import ${pubkey} || echo "already have key!"
     27 
     28       ${pkgs.postgresql}/bin/pg_dump Monstercat \
     29          | ${pkgs.pxz}/bin/pxz -T24 \
     30          | ${pkgs.gnupg}/bin/gpg2 \
     31               -e \
     32               --compress-level 0 \
     33               --yes \
     34               --no-tty \
     35               --output - \
     36               -r 0x6D3E2004415AF4A3 \
     37          | ${pkgs.awscli}/bin/aws s3 \
     38               cp - \
     39               "s3://data.monstercat.com/backups/pg-dev/$filename"
     40 
     41     '';
     42     in "${script}";
     43   };
     44 
     45 }