hosts/appview: setup litestream backups to s3

tangled.org / infra

fork atom

Tangled infrastructure definitions in Nix

fork atom

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

anirudh.fi 1 month ago c28d2780 dfdb1bbc

verified

+32 -1

2 changed files

expand all

unified split

flake.nix

hosts

appview

services

litestream.nix

flake.nix

··· 57 57 tangled.nixosModules.appview 58 58 ./hosts/appview/services/appview.nix 59 59 ./hosts/appview/services/nginx.nix 60 + ./hosts/appview/services/litestream.nix 60 61 ]; 61 62 target = "95.111.205.38"; 62 63 };

+31 -1

hosts/appview/services/litestream.nix

··· 1 1 { 2 2 services.litestream = { 3 3 enable = true; 4 - environmentFile = "/etc/secrets/litestream.env" 4 + environmentFile = "/etc/secrets/litestream.env"; 5 + 6 + settings = { 7 + dbs = [ 8 + { 9 + path = "/var/lib/appview/appview.db"; 10 + replicas = [ 11 + { 12 + type = "s3"; 13 + bucket = "appview-backup"; 14 + region = "europe-2"; 15 + path = "appview.db"; 16 + endpoint = "$S3_ENDPOINT_URL"; 17 + snapshot-interval = "1h"; 18 + } 19 + ]; 20 + } 21 + ]; 22 + }; 5 23 }; 24 + 25 + systemd.services.litestream.serviceConfig = { 26 + ReadWritePaths = [ "/var/lib/appview" ]; 27 + }; 28 + 29 + systemd.tmpfiles.rules = [ 30 + "d /var/lib/appview 0775 root litestream - -" 31 + "a+ /var/lib/appview - - - - user:litestream:rwx" 32 + "a+ /var/lib/appview/appview.db - - - - user:litestream:rwx" 33 + "a+ /var/lib/appview/appview.db-wal - - - - user:litestream:rwx" 34 + "a+ /var/lib/appview/appview.db-shm - - - - user:litestream:rwx" 35 + ]; 6 36 }