From 48659b6f6409cb032ec0b5e1b9074fe93431cc66 Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Tue, 6 Aug 2024 23:03:15 -0400
Subject: [PATCH] nullbox: make restic backups atomic for minecraft server

---
 hosts/nullbox/backup.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/hosts/nullbox/backup.nix b/hosts/nullbox/backup.nix
index 28993b7..65ff864 100644
--- a/hosts/nullbox/backup.nix
+++ b/hosts/nullbox/backup.nix
@@ -1,12 +1,41 @@
 { config, lib, pkgs, ... }:
 let
+  inherit (lib) escapeShellArg;
   secret = name: config.age.secrets."${name}".path;
+  fs = config.fileSystems."/srv/mcserver";
 in
 {
   config = {
     age.secrets.restic-rclone.file   = ../../secrets/restic-rclone.age;
     age.secrets.restic-password.file = ../../secrets/restic-password.age;
+
+    systemd.services.restic-backups-system = {
+      path = with pkgs; [ btrfs-progs ];
+      # ensures mounts are isolated to only this service
+      serviceConfig.PrivateMounts = true;
+    };
+
     services.restic.backups.system = {
+
+      # create an atomic backup
+      backupPrepareCommand = ''
+        set -Eeuxo pipefail
+        mkdir -p /tmp/btrfs_root
+        mount -t btrfs -o subvol=/ ${escapeShellArg fs.device} /tmp/btrfs_root
+
+        if btrfs subvol delete /tmp/btrfs_root/@restic-snapshot-mcserver; then
+          echo "Old restic snapshot deleted.";
+        fi
+
+        btrfs subvol snapshot -r /srv/mcserver /tmp/btrfs_root/@restic-snapshot-mcserver
+
+        umount /srv/mcserver
+        mount -t btrfs -o subvol=/@restic-snapshot-mcserver ${escapeShellArg fs.device} /srv/mcserver
+      '';
+      backupCleanupCommand = ''
+        btrfs subvolume delete /tmp/btrfs_root/@restic-snapshot-mcserver
+      '';
+
       rcloneConfigFile = secret "restic-rclone";
       passwordFile = secret "restic-password";
       repository = "rclone:restic:";