dotfiles/home-modules/nx2site-backup.nix

{ pkgs, ... }:
{
  home.packages = [
    (pkgs.writeShellApplication {
      name = "nx_backup";
      runtimeInputs = [ ];
      text = let
        web-root = "/var/nginx/webroot";
        gitea-backup = "/var/backup/gitea";
        postgres-backup = "/var/backup/postgresql";
      in /* bash */ ''
        DIRECTORIES=(
          "${web-root}"
          "${gitea-backup}"
          "${postgres-backup}"
        )

        NOW=$(date +%Y_%m_%d-%H_%M)
        TEMP_BAK_DIR=$(mktemp -d)
        TEMP_WORKING_DIR=$(mktemp -d)
        ZIP_NAME="nx2site-backup-''${NOW}.zip"
        ZIP_FILE="$TEMP_WORKING_DIR/$ZIP_NAME"
        ENCRYPTED_NAME="''${ZIP_NAME}.asc"
        ENCRYPTED_FILE="$TEMP_WORKING_DIR/$ENCRYPTED_NAME"
        DESTINATION="/vault/$ENCRYPTED_NAME"
        WEBROOT="${web-root}"

        echo "Fixing Permissions of Gitea dump"
        sudo chmod -R g+r "${gitea-backup}"

        echo "Fixing Permissions of Postgres dump"
        sudo chmod -R g+r "${postgres-backup}"
        sudo chmod g+x "${postgres-backup}"
        echo "Fixing Ownership of Postgres dump"
        sudo chown -R postgres:postgres "${postgres-backup}"

        echo "Copying files to backup to tempoary directory $TEMP_BAK_DIR ..."
        for DIR in "''${DIRECTORIES[@]}"; do
            rsync -aR "$DIR" "$TEMP_BAK_DIR"
        done

        # Create the zip file
        echo "Adding files to $ZIP_NAME ..."
        zip -qr "$ZIP_FILE" "$TEMP_BAK_DIR"

        # Encrypt the zip file using GPG
        echo "Encryping file with gpg"
        gpg -e -r gpg@nx2.site -o "$ENCRYPTED_FILE" "$ZIP_FILE"

        echo "Moving file to Destination $DESTINATION"
        mv "$ENCRYPTED_FILE" "$DESTINATION"

        echo "Updating latest-bakup path in $WEBROOT"
        echo "$DESTINATION" > "$WEBROOT/latest-backup"

        echo "Cleaning up tempoary files and directories"
        rm -rf "$TEMP_BAK_DIR" "$TEMP_WORKING_DIR" "$ZIP_FILE"

        echo "Backup and encryption complete: $DESTINATION"

        echo "Space remaining:"
        df -h | head -n 1
        df -h | grep -P "^/dev.+? "
      '';
    })
  ];
}