From 1bede8a9d60196d15da3b578117b0a316ba0bbfc Mon Sep 17 00:00:00 2001 From: "sascha.koenig" Date: Wed, 8 Oct 2025 11:25:26 +0200 Subject: [PATCH] mongodb backup --- .../services/containers/librechat.nix | 78 +++++++++++++++---- hosts/AZ-CLD-1/services/postgres.nix | 5 +- 2 files changed, 67 insertions(+), 16 deletions(-) diff --git a/hosts/AZ-CLD-1/services/containers/librechat.nix b/hosts/AZ-CLD-1/services/containers/librechat.nix index 627859f..8d50d8d 100644 --- a/hosts/AZ-CLD-1/services/containers/librechat.nix +++ b/hosts/AZ-CLD-1/services/containers/librechat.nix @@ -77,26 +77,76 @@ in { }; }; - systemd.services."mongo-nightly-dump" = { + systemd.services."mongo-backup" = { serviceConfig = { Type = "oneshot"; - ExecStart = '' - ${pkgs.podman}/bin/podman exec mongodb \ - sh -lc 'mongodump --uri="mongodb://adminUser:securePassword@localhost:27017/?authSource=admin" \ - --out /data/backups/$(date +%F)' - ''; - ExecStartPost = '' - # Clean up old backups from within the container - ${pkgs.podman}/bin/podman exec mongodb \ - sh -lc 'find /data/backups -maxdepth 1 -type d -mtime +14 -exec rm -rf {} +' - ''; + User = "root"; + Group = "root"; }; + script = '' + set -euo pipefail + + BACKUP_DIR="/var/backup/mongodb" + TIMESTAMP=$(date +%Y%m%d_%H%M%S) + TEMP_BACKUP="mongodb_backup_$TIMESTAMP" + ARCHIVE_NAME="mongodb_backup_$TIMESTAMP.tar.gz" + + # Ensure backup directory exists with proper permissions + mkdir -p "$BACKUP_DIR" + chown root:root "$BACKUP_DIR" + chmod 750 "$BACKUP_DIR" + + echo "Starting MongoDB backup at $(date)" + + # Create the backup dump in container + if ${pkgs.podman}/bin/podman exec mongodb mongodump --out "/data/backups/$TEMP_BACKUP"; then + echo "MongoDB dump completed successfully" + + # Create compressed archive from the backup + cd "$BACKUP_DIR" + if [ -d "$TEMP_BACKUP" ]; then + echo "Creating compressed archive: $ARCHIVE_NAME" + ${pkgs.gnutar}/bin/tar --use-compress-program=${pkgs.gzip}/bin/gzip -cf "$ARCHIVE_NAME" -C . "$TEMP_BACKUP" + + # Remove the uncompressed backup directory + rm -rf "$TEMP_BACKUP" + + # Verify archive was created + if [ -f "$ARCHIVE_NAME" ]; then + ARCHIVE_SIZE=$(${pkgs.coreutils}/bin/du -sh "$ARCHIVE_NAME" | cut -f1) + echo "Compressed backup created: $ARCHIVE_NAME (Size: $ARCHIVE_SIZE)" + + # Keep only the 2 most recent backup archives + ls -1t mongodb_backup_*.tar.gz | tail -n +3 | xargs -r rm -f + echo "Old backup archives cleaned up, keeping 2 most recent" + + # List current backups + echo "Current backups:" + ls -lah mongodb_backup_*.tar.gz 2>/dev/null || echo "No previous backups found" + else + echo "ERROR: Failed to create compressed archive" >&2 + exit 1 + fi + else + echo "ERROR: Backup directory not found at $BACKUP_DIR/$TEMP_BACKUP" >&2 + exit 1 + fi + else + echo "ERROR: MongoDB backup failed" >&2 + exit 1 + fi + + echo "MongoDB backup completed successfully at $(date)" + ''; }; - systemd.timers."mongo-nightly-dump" = { + systemd.timers."mongo-backup" = { wantedBy = ["timers.target"]; - timerConfig.OnCalendar = "daily"; - timerConfig.RandomizedDelaySec = "15m"; + timerConfig = { + OnCalendar = "*-*-* 02:00:00"; + RandomizedDelaySec = "30m"; + Persistent = true; + }; }; # Traefik configuration diff --git a/hosts/AZ-CLD-1/services/postgres.nix b/hosts/AZ-CLD-1/services/postgres.nix index 70824ec..e08e362 100644 --- a/hosts/AZ-CLD-1/services/postgres.nix +++ b/hosts/AZ-CLD-1/services/postgres.nix @@ -9,7 +9,8 @@ package = pkgs.postgresql_17; settings = { ssl = true; - max_connections = 180; + max_connections = 200; + shared_buffers = "4GB"; superuser_reserved_connections = 5; idle_in_transaction_session_timeout = "10min"; @@ -34,7 +35,7 @@ CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow'; CREATE DATABASE baserow; ALTER DATABASE baserow OWNER to baserow; - ALTER DATABASE baserow CONNECTION LIMIT 20; + ALTER DATABASE baserow CONNECTION LIMIT 60; CREATE USER kestra WITH ENCRYPTED PASSWORD 'kestra'; CREATE DATABASE kestra;