{ pkgs, ... }: { home.packages = [ (pkgs.writeShellApplication { name = "nx_backup"; runtimeInputs = [ ]; text = let web-root = "/var/nginx/webroot"; gitea-backup = "/var/backup/gitea"; postgres-backup = "/var/backup/postgresql"; in /* bash */ '' DIRECTORIES=( "${web-root}" "${gitea-backup}" "${postgres-backup}" ) NOW=$(date +%Y_%m_%d-%H_%M) TEMP_BAK_DIR=$(mktemp -d) TEMP_WORKING_DIR=$(mktemp -d) ZIP_NAME="nx2site-backup-''${NOW}.zip" ZIP_FILE="$TEMP_WORKING_DIR/$ZIP_NAME" ENCRYPTED_NAME="''${ZIP_NAME}.asc" ENCRYPTED_FILE="$TEMP_WORKING_DIR/$ENCRYPTED_NAME" DESTINATION="/vault/$ENCRYPTED_NAME" WEBROOT="${web-root}" echo "Fixing Permissions of Gitea dump" sudo chmod -R g+r "${gitea-backup}" echo "Fixing Permissions of Postgres dump" sudo chmod -R g+r "${postgres-backup}" sudo chmod g+x "${postgres-backup}" echo "Fixing Ownership of Postgres dump" sudo chown -R postgres:postgres "${postgres-backup}" echo "Copying files to backup to tempoary directory $TEMP_BAK_DIR ..." for DIR in "''${DIRECTORIES[@]}"; do rsync -aR "$DIR" "$TEMP_BAK_DIR" done # Create the zip file echo "Adding files to $ZIP_NAME ..." zip -qr "$ZIP_FILE" "$TEMP_BAK_DIR" # Encrypt the zip file using GPG echo "Encryping file with gpg" gpg -e -r gpg@nx2.site -o "$ENCRYPTED_FILE" "$ZIP_FILE" echo "Moving file to Destination $DESTINATION" mv "$ENCRYPTED_FILE" "$DESTINATION" echo "Updating latest-bakup path in $WEBROOT" echo "$DESTINATION" > "$WEBROOT/latest-backup" echo "Cleaning up tempoary files and directories" rm -rf "$TEMP_BAK_DIR" "$TEMP_WORKING_DIR" "$ZIP_FILE" echo "Backup and encryption complete: $DESTINATION" echo "Space remaining:" df -h | head -n 1 df -h | grep -P "^/dev.+? " ''; }) ]; }