feat(id.tjo.space): simplify backup

id.tjo.space/configure.sh

@@ -28,18 +28,16 @@ echo "=== Prepare srv directories"
 mkdir -p /srv/authentik/{media,certs,custom-templates}
 chown -R 1200:1200 /srv/authentik
 
-mkdir -p /srv/postgresql/data
+mkdir -p /srv/postgresql/{data,backups}
 
 echo "=== Read Secrets"
 age -d -i /etc/age/key.txt id.tjo.space/secrets.env.encrypted >id.tjo.space/secrets.env
 set -a && source id.tjo.space/secrets.env && set +a
 
 echo "=== Prepare Configurations"
-mkdir -p /etc/postgresql
 cat <<EOF >/etc/postgresql/secrets.env
 POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD}
 EOF
-mkdir -p /etc/authentik
 cat <<EOF >/etc/authentik/secrets.env
 AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
 AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
@@ -51,12 +49,12 @@ systemctl restart caddy
 
 echo "=== Setup Postgresql"
 systemctl restart postgresql
+systemctl start postgresql-backup.timer
 
 echo "=== Setup Valkey"
 systemctl restart valkey
 
 echo "=== Setup Authentik Server"
-
 systemctl restart authentik-server
 
 echo "=== Setup Authentik Worker"

id.tjo.space/root/etc/containers/systemd/postgresql.container

@@ -2,6 +2,7 @@
 Description=A Postgresql Container
 
 [Container]
+# Make sure the postgres image/version matches the one in backup service.
 Image=docker.io/postgres:17.4
 Volume=/srv/postgresql/data:/var/lib/postgresql/data
 EnvironmentFile=/etc/postgresql/secrets.env

id.tjo.space/root/etc/systemd/system/postgresql-backup.service

@@ -7,3 +7,6 @@ ExecStart=/usr/local/bin/postgresql-backup.sh
 EnvironmentFile=/etc/postgresql/secrets.env
 EnvironmentFile=/etc/postgresql/postgresql.env
 Environment=BACKUP_DIR=/srv/postgresql/backups
+Environment=POSTGRES_HOST=systemd-postgresql
+ExecStartPre=/usr/bin/mkdir -p $BACKUP_DIR
+ExecStart=/usr/bin/podman run --rm --network systemd-main -v $BACKUP_DIR:/backups:z docker.io/library/postgres:17.4 pg_dumpall -U $POSTGRES_USER -h $POSTGRES_HOST -p $POSTGRES_PORT -f /backups/$(date +'%Y-%m-%d_%H-%M-%S').sql

id.tjo.space/root/usr/local/bin/postgresql-backup.sh

@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-
-[ -z "${POSTGRES_USER}" ] && { echo "=> POSTGRES_USER cannot be empty" && exit 1; }
-[ -z "${POSTGRES_PASSWORD}" ] && { echo "=> POSTGRES_PASSWORD cannot be empty" && exit 1; }
-[ -z "${GZIP_LEVEL}" ] && { GZIP_LEVEL=6; }
-
-DATE=$(date +%Y%m%d%H%M)
-echo "=> Backup started at $(date "+%Y-%m-%d %H:%M:%S")"
-
-export PGHOST=${POSTGRES_HOST}
-export PGPORT=${POSTGRES_PORT}
-export PGUSER=${POSTGRES_USER}
-export PGPASSWORD=${POSTGRES_PASSWORD}
-
-DATABASES=${POSTGRES_DATABASE:-${POSTGRES_DB:-$(psql "${POSTGRES_SSL_OPTS}" -t -c "SELECT datname FROM pg_database;")}}
-
-for db in ${DATABASES}; do
-  if [[ "$db" != "template1" ]] &&
-    [[ "$db" != "template0" ]]; then
-
-    echo "==> Dumping database: $db"
-
-    FILENAME=${BACKUP_DIR}/$DATE.$db.sql
-
-    if pg_dump ${POSTGRESDUMP_OPTS} "${db}" >"${FILENAME}"; then
-      if [ -z "${USE_PLAIN_SQL}" ]; then
-        echo "==> Compressing $db with LEVEL $GZIP_LEVEL"
-        gzip "-$GZIP_LEVEL" -f "$FILENAME"
-      fi
-    else
-      rm -rf "$FILENAME"
-    fi
-  fi
-done
-echo "=> Backup process finished at $(date "+%Y-%m-%d %H:%M:%S")"