mongodb backup

hosts/AZ-CLD-1/services/containers/librechat.nix

@@ -77,26 +77,76 @@ in {
     };
   };
 
-  systemd.services."mongo-nightly-dump" = {
+  systemd.services."mongo-backup" = {
     serviceConfig = {
       Type = "oneshot";
-      ExecStart = ''
-        ${pkgs.podman}/bin/podman exec mongodb \
-          sh -lc 'mongodump --uri="mongodb://adminUser:securePassword@localhost:27017/?authSource=admin" \
-                       --out /data/backups/$(date +%F)'
-      '';
-      ExecStartPost = ''
-        # Clean up old backups from within the container
-        ${pkgs.podman}/bin/podman exec mongodb \
-          sh -lc 'find /data/backups -maxdepth 1 -type d -mtime +14 -exec rm -rf {} +'
-      '';
+      User = "root";
+      Group = "root";
     };
+    script = ''
+      set -euo pipefail
+
+      BACKUP_DIR="/var/backup/mongodb"
+      TIMESTAMP=$(date +%Y%m%d_%H%M%S)
+      TEMP_BACKUP="mongodb_backup_$TIMESTAMP"
+      ARCHIVE_NAME="mongodb_backup_$TIMESTAMP.tar.gz"
+
+      # Ensure backup directory exists with proper permissions
+      mkdir -p "$BACKUP_DIR"
+      chown root:root "$BACKUP_DIR"
+      chmod 750 "$BACKUP_DIR"
+
+      echo "Starting MongoDB backup at $(date)"
+
+      # Create the backup dump in container
+      if ${pkgs.podman}/bin/podman exec mongodb mongodump --out "/data/backups/$TEMP_BACKUP"; then
+        echo "MongoDB dump completed successfully"
+
+        # Create compressed archive from the backup
+        cd "$BACKUP_DIR"
+        if [ -d "$TEMP_BACKUP" ]; then
+          echo "Creating compressed archive: $ARCHIVE_NAME"
+          ${pkgs.gnutar}/bin/tar --use-compress-program=${pkgs.gzip}/bin/gzip -cf "$ARCHIVE_NAME" -C . "$TEMP_BACKUP"
+
+          # Remove the uncompressed backup directory
+          rm -rf "$TEMP_BACKUP"
+
+          # Verify archive was created
+          if [ -f "$ARCHIVE_NAME" ]; then
+            ARCHIVE_SIZE=$(${pkgs.coreutils}/bin/du -sh "$ARCHIVE_NAME" | cut -f1)
+            echo "Compressed backup created: $ARCHIVE_NAME (Size: $ARCHIVE_SIZE)"
+
+            # Keep only the 2 most recent backup archives
+            ls -1t mongodb_backup_*.tar.gz | tail -n +3 | xargs -r rm -f
+            echo "Old backup archives cleaned up, keeping 2 most recent"
+
+            # List current backups
+            echo "Current backups:"
+            ls -lah mongodb_backup_*.tar.gz 2>/dev/null || echo "No previous backups found"
+          else
+            echo "ERROR: Failed to create compressed archive" >&2
+            exit 1
+          fi
+        else
+          echo "ERROR: Backup directory not found at $BACKUP_DIR/$TEMP_BACKUP" >&2
+          exit 1
+        fi
+      else
+        echo "ERROR: MongoDB backup failed" >&2
+        exit 1
+      fi
+
+      echo "MongoDB backup completed successfully at $(date)"
+    '';
   };
 
-  systemd.timers."mongo-nightly-dump" = {
+  systemd.timers."mongo-backup" = {
     wantedBy = ["timers.target"];
-    timerConfig.OnCalendar = "daily";
-    timerConfig.RandomizedDelaySec = "15m";
+    timerConfig = {
+      OnCalendar = "*-*-* 02:00:00";
+      RandomizedDelaySec = "30m";
+      Persistent = true;
+    };
   };
 
   # Traefik configuration

hosts/AZ-CLD-1/services/postgres.nix

@@ -9,7 +9,8 @@
     package = pkgs.postgresql_17;
     settings = {
       ssl = true;
-      max_connections = 180;
+      max_connections = 200;
+      shared_buffers = "4GB";
       superuser_reserved_connections = 5;
 
       idle_in_transaction_session_timeout = "10min";
@@ -34,7 +35,7 @@
       CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
         CREATE DATABASE baserow;
         ALTER DATABASE baserow OWNER to baserow;
-        ALTER DATABASE baserow CONNECTION LIMIT 20;
+        ALTER DATABASE baserow CONNECTION LIMIT 60;
 
         CREATE USER kestra WITH ENCRYPTED PASSWORD 'kestra';
         CREATE DATABASE kestra;