docs/src/backups.md at main · dunkirk.sh/dots

dunkirk.sh / dots

fork atom

Kieran's opinionated (and probably slightly dumb) nix config

fork atom

dots / docs / src / backups.md

at main 71 lines 2.1 kB view raw view rendered

wrap content

dunkirk.sh feat: add mdbook 16d ago

a104e5e9

 1# Backups
 2
 3Services are automatically backed up nightly using restic to Backblaze B2. Backup targets are auto-discovered from `data.sqlite`/`data.postgres`/`data.files` declarations in mkService modules.
 4
 5## Schedule
 6
 7- **Time:** 02:00 AM daily
 8- **Random delay:** 0–2 hours (spreads load across services)
 9- **Retention:** 3 snapshots, 7 daily, 5 weekly, 12 monthly
10
11## CLI
12
13The `atelier-backup` command provides an interactive TUI:
14
15```bash
16sudo atelier-backup              # Interactive menu
17sudo atelier-backup status       # Show backup status for all services
18sudo atelier-backup list         # Browse snapshots
19sudo atelier-backup backup       # Trigger manual backup
20sudo atelier-backup restore      # Interactive restore wizard
21sudo atelier-backup dr           # Disaster recovery mode
22```
23
24## Service integration
25
26### Automatic (mkService)
27
28Services using `mkService` with `data.*` declarations get automatic backup:
29
30```nix
31mkService {
32  name = "myapp";
33  extraConfig = cfg: {
34    atelier.services.myapp.data = {
35      sqlite = "${cfg.dataDir}/data/app.db";  # Auto WAL checkpoint + stop/start
36      files = [ "${cfg.dataDir}/uploads" ];    # Just backed up, no hooks
37    };
38  };
39}
40```
41
42The backup system automatically checkpoints SQLite WAL, stops the service during backup, and restarts after completion.
43
44### Manual registration
45
46For services not using `mkService`:
47
48```nix
49atelier.backup.services.myservice = {
50  paths = [ "/var/lib/myservice" ];
51  exclude = [ "*.log" "cache/*" ];
52  preBackup = "systemctl stop myservice";
53  postBackup = "systemctl start myservice";
54};
55```
56
57## Disaster recovery
58
59On a fresh NixOS install:
60
611. Rebuild from flake: `nixos-rebuild switch --flake .#hostname`
622. Run: `sudo atelier-backup dr`
633. All services restored from latest snapshots
64
65## Setup
66
671. Create a B2 bucket and application key
682. Create agenix secrets for `restic/password`, `restic/env`, `restic/repo`
693. Enable: `atelier.backup.enable = true;`
70
71See [modules/nixos/services/restic/README.md](https://github.com/taciturnaxolotl/dots/blob/main/modules/nixos/services/restic/README.md) for full setup details.