change sync to home directory

home/dot_config/borgmatic.d/torus_bulk.yaml

@@ -1,10 +1,18 @@
 source_directories:
     - /engi/backup # Static files and service dumps
-    #- /home/tstarr/Sync # Syncthing files
+    - /var/lib/nextcloud # nextcloud files (besides sql dump)
+    - /home/tstarr/sync # Syncthing backups
     
 before_backup:
   - "tree /engi > /engi/backup/tree.txt"
-  - sudo -u gitea backup-dump-gitea
+  - sudo -u gitea dump-gitea
+  - sudo -u nextcloud dump-nextcloud
+  - sudo -u miniflux dump-miniflux
+  - nextcloud-occ maintenance:mode --on
+
+after_backup:
+  - restore-docker-containers
+  - nextcloud-occ maintenance:mode --off
 
 archive_name_format: 'torus_bulk.borg-{now}'
 

provision/hosts/bulwark/configuration.nix

@@ -41,6 +41,7 @@
         certPath = ../../secrets/syncthing/bulwark/cert.pem.age;
         devices = {
           "kestrel" = { id = "5WWL4FE-ARZ4FHP-J33HQCH-CZKEXLN-2RAY4KW-PDI754F-3HVPZYI-VC3ESAF"; };
+          "torus" = { id = "ZVABUCA-3SA5QKR-OZSCIS5-RDAHR2V-D4R4NFK-ZBYOKDP-6HQUG2M-BNL3DAO"; };
         };
       };
     };

provision/hosts/kestrel/configuration.nix

@@ -36,7 +36,6 @@
     desktop = {
       enable = true;
       gnome.enable = true;
-      peripherals.enable = true;
     };
     devel = {
       engineering.enable = true;
@@ -63,6 +62,7 @@
         certPath = ../../secrets/syncthing/kestrel/cert.pem.age;
         devices = {
           "bulwark" = { id = "YKPOWTQ-XMXG3SD-XKLPVEC-H4SO345-2ZZQK65-EBISRED-ISKCFMQ-T74P6Q5"; };
+          "torus" = { id = "ZVABUCA-3SA5QKR-OZSCIS5-RDAHR2V-D4R4NFK-ZBYOKDP-6HQUG2M-BNL3DAO"; };
         };
       };
     };

provision/hosts/torus/configuration.nix

@@ -102,6 +102,15 @@
     };
     services = {
       ssh.enable = true;
+      syncthing = {
+        enable = true;
+        keyPath = ../../secrets/syncthing/torus/key.pem.age;
+        certPath = ../../secrets/syncthing/torus/cert.pem.age;
+        devices = {
+          "bulwark" = { id = "YKPOWTQ-XMXG3SD-XKLPVEC-H4SO345-2ZZQK65-EBISRED-ISKCFMQ-T74P6Q5"; };
+          "kestrel" = { id = "5WWL4FE-ARZ4FHP-J33HQCH-CZKEXLN-2RAY4KW-PDI754F-3HVPZYI-VC3ESAF"; };
+        };
+      };
     };
   };
 }

provision/hosts/torus/gitea.nix

@@ -11,7 +11,7 @@ in {
   ];
 
   environment.systemPackages = [
-    (pkgs.writeScriptBin "backup-dump-gitea" ''
+    (pkgs.writeScriptBin "dump-gitea" ''
       #!/bin/sh
       cd ${dumpFolder}
       [ -e gitea-dump.zip ] && rm gitea-dump.zip

provision/hosts/torus/nextcloud.nix

@@ -1,7 +1,24 @@
 { config, lib, pkgs, user, ... }:
-{
+let
+  dumpFolder = "/engi/backup/dumps/nextcloud";
+  domain = "cloud.tstarr.us";
+in {
   environment.systemPackages = with pkgs; [
     cron
+    zip
+    rsync
+    (pkgs.writeScriptBin "dump-nextcloud" ''
+      #!/bin/sh
+      cd ${dumpFolder}
+      [ -e nextcloud-sql ] && rm nextcloud-sql 
+      nextcloud-occ maintenance:mode --on
+      mysqldump --single-transaction nextcloud > ${dumpFolder}/nextcloud-sql
+      nextcloud-occ maintenance:mode --off
+    '')
+  ];
+
+  systemd.tmpfiles.rules = [
+    "d ${dumpFolder} 0775 nextcloud nextcloud -"
   ];
   
   # nextcloud secrets
@@ -13,7 +30,7 @@
 
   services = {
     nginx.virtualHosts = {
-      "cloud.tstarr.us" = {
+      "${domain}" = {
         forceSSL = true;
         enableACME = true;
       };
@@ -21,7 +38,7 @@
 
     nextcloud = {
       enable = true;
-      hostName = "cloud.tstarr.us";
+      hostName = "${domain}";
 
        # Need to manually increment with every major upgrade.
       package = pkgs.nextcloud29;

provision/hosts/torus/rss.nix

@@ -1,8 +1,22 @@
 { config, lib, pkgs, user, ... }:
 let
   domain = "rssbridge.tstarr.us";
+  dumpFolder = "/engi/backup/dumps/miniflux";
 in 
 {
+  systemd.tmpfiles.rules = [
+    "d ${dumpFolder} 0775 miniflux miniflux -"
+  ];
+
+  environment.systemPackages = [
+    (pkgs.writeScriptBin "dump-miniflux" ''
+      #!/bin/sh
+      cd ${dumpFolder}
+      [ -e miniflux-sql ] && rm miniflux-sql
+      pg_dump miniflux > ${dumpFolder}/miniflux-sql
+    '')
+  ];
+
   services.postgresql = {
     enable = true;
     authentication = pkgs.lib.mkOverride 10 ''

provision/secrets/secrets.nix

@@ -24,5 +24,7 @@ in
   "syncthing/kestrel/cert.pem.age".publicKeys = systems;
   "syncthing/bulwark/key.pem.age".publicKeys = systems;
   "syncthing/bulwark/cert.pem.age".publicKeys = systems;
+  "syncthing/torus/key.pem.age".publicKeys = systems;
+  "syncthing/torus/cert.pem.age".publicKeys = systems;
 }