pinpox/infra
1
0
Fork 0
forked from pub-solar/infra
Code Pull requests Activity

Merge pull request 'feat: backups to hetzner storagebox' (#66) from feat/backups-to-storagebox into main

Browse source 
Reviewed-on: pub-solar/infra#66
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2023-11-18 22:13:17 +00:00
parent 40ed46b05b a461fc72f6
commit 8bc731da6e
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
8 changed files with 127 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
hosts/nachtigall/apps/forgejo.nix
View file

@ -109,7 +109,7 @@
GPG_TTY = "$(tty)"; GPG_TTY = "$(tty)";
}; };
services.restic.backups.forgejo = { services.restic.backups.forgejo-droppie = {
paths = [ paths = [
"/var/lib/forgejo" "/var/lib/forgejo"
"/tmp/forgejo-backup.sql" "/tmp/forgejo-backup.sql"
@ -129,4 +129,23 @@
rm /tmp/forgejo-backup.sql rm /tmp/forgejo-backup.sql
''; '';
}; };
services.restic.backups.forgejo-storagebox = {
paths = [
"/var/lib/forgejo"
"/tmp/forgejo-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 04:20:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-storagebox".path;
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d gitea > /tmp/forgejo-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/forgejo-backup.sql
'';
};
} }

20
hosts/nachtigall/apps/keycloak.nix
View file

@ -47,7 +47,7 @@
}; };
}; };
services.restic.backups.keycloak = { services.restic.backups.keycloak-droppie = {
paths = [ paths = [
"/tmp/keycloak-backup.sql" "/tmp/keycloak-backup.sql"
]; ];
@ -66,4 +66,22 @@
rm /tmp/keycloak-backup.sql rm /tmp/keycloak-backup.sql
''; '';
}; };
services.restic.backups.keycloak-storagebox = {
paths = [
"/tmp/keycloak-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 04:10:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-storagebox".path;
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d keycloak > /tmp/keycloak-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/keycloak-backup.sql
'';
};
} }

17
hosts/nachtigall/apps/mailman.nix
View file

@ -80,7 +80,7 @@
# ]) # ])
#''; #'';
services.restic.backups.mailman = { services.restic.backups.mailman-droppie = {
paths = [ paths = [
"/var/lib/mailman" "/var/lib/mailman"
"/var/lib/mailman-web/mailman-web.db" "/var/lib/mailman-web/mailman-web.db"
@ -96,4 +96,19 @@
passwordFile = config.age.secrets."restic-repo-droppie".path; passwordFile = config.age.secrets."restic-repo-droppie".path;
repository = "sftp:yule@droppie.b12f.io:/media/internal/pub.solar"; repository = "sftp:yule@droppie.b12f.io:/media/internal/pub.solar";
}; };
services.restic.backups.mailman-storagebox = {
paths = [
"/var/lib/mailman"
"/var/lib/mailman-web/mailman-web.db"
"/var/lib/mailman-web/settings_local.json"
"/var/lib/postfix/conf/aliases.db"
];
timerConfig = {
OnCalendar = "*-*-* 04:15:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-storagebox".path;
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
};
} }

20
hosts/nachtigall/apps/mastodon.nix
View file

@ -93,7 +93,7 @@
}; };
}; };
services.restic.backups.mastodon = { services.restic.backups.mastodon-droppie = {
paths = [ paths = [
"/tmp/mastodon-backup.sql" "/tmp/mastodon-backup.sql"
]; ];
@ -112,4 +112,22 @@
rm /tmp/mastodon-backup.sql rm /tmp/mastodon-backup.sql
''; '';
}; };
services.restic.backups.mastodon-storagebox = {
paths = [
"/tmp/mastodon-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 04:05:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-storagebox".path;
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mastodon > /tmp/mastodon-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/mastodon-backup.sql
'';
};
} }

21
hosts/nachtigall/apps/nextcloud.nix
View file

@ -127,7 +127,7 @@
database.createLocally = true; database.createLocally = true;
}; };
services.restic.backups.nextcloud = { services.restic.backups.nextcloud-droppie = {
paths = [ paths = [
"/var/lib/nextcloud/data" "/var/lib/nextcloud/data"
"/tmp/nextcloud-backup.sql" "/tmp/nextcloud-backup.sql"
@ -147,4 +147,23 @@
rm /tmp/nextcloud-backup.sql rm /tmp/nextcloud-backup.sql
''; '';
}; };
services.restic.backups.nextcloud-storagebox = {
paths = [
"/var/lib/nextcloud/data"
"/tmp/nextcloud-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 04:00:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-storagebox".path;
repository = "sftp:u377325@u377325.your-storagebox.de:/backups";
backupPrepareCommand = ''
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d nextcloud > /tmp/nextcloud-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/nextcloud-backup.sql
'';
};
} }

5
hosts/nachtigall/backups.nix
View file

@ -4,4 +4,9 @@
mode = "400"; mode = "400";
owner = "root"; owner = "root";
}; };
age.secrets."restic-repo-storagebox" = {
file = "${flake.self}/secrets/restic-repo-storagebox.age";
mode = "400";
owner = "root";
};
} }

27
secrets/restic-repo-storagebox.age Normal file
View file

@ -0,0 +1,27 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg G30n55ZAQdPKSHqDyAv42h2RyX67tW/Giq47A189CnY
XgXVZolY+DjIpfQYpkWcpbmo9ikbAexAV6amuwcK4f4
-> ssh-ed25519 uYcDNw y+amMdymUI72L6mfmruyiOfYS0p+mmTxxfGB7DKMdGs
oO3/sPGgppRWnVGsL9/3NpPJEQqr8p1h3hyJ9+7gLXM
-> ssh-rsa kFDS0A
B2kcpfc+92kPSds7zaFW+KrwU+oEUn8kdLCy/swjaNlV2NETzXJNAx/xSDlylRTm
5TZcLCs106B1JxVr9Ir61WTyTb1PppLJVh0BRrDDfE+m5678M+KW2RrXrPm1IrHt
0al0gSt0qG07RvETzjKwWOm3NdzKNvVbeiLrBxXIPow3zBzE/pCgK/RARVmsLflb
MBU88tYAoHw8N5Ba+5Lnh/V80K+DEtPGFTROyKDgaXZtVfLNU331m3dbEG1FRi/n
JQBBY80m2yylP24YFxJwCVkresIutjJ3OOk8nth5lgbgqHRW/Z+n6FZIs7L6SV8f
D6qNDB1qcqLk7qMZNDEhjntwcxhHQ80bXnOMdU+p+7/fc2VGw+VgkKpjj3u+xkh4
x0rJAS3edE6ysaIwRAZgGhobHxXBjnWHJp0dRz2+eeVfeomrT4BwT4zPDqkM2EvM
x4wsUh1qBhiJn3lkuyTKD7fXAk91tS+8iFF5Bp/cue8QIIJoXD6hs6AXRcR9OdZQ
vQuGqB9AxRYAUFqxhXGFUEvpvOh6/Mt4daO1fqGkkSeQK88TdKgVgvemf0cAX4sQ
OWgFaK8bLqls7MX7rp57vlhEqhBY29bdMKRUG4hGxnUxH/JmVI3oJ3PoYz93ayb8
P0w8L/wlGRfJdSSqSFuZrAFhQ41xjbq2z09kQQr6FVw
-> ssh-ed25519 YFSOsg NjG+pG/FEkrqIx4YhPlS3gGE7LgKBJTUOOE+kW0OBCo
J0h7GHWTC/S23F/QGBj54fr2YUMCOnolRKWSS9zrjzk
-> ssh-ed25519 iHV63A LOzrqEfJ5jFMLtV8QAbVbj9ikDE/lhBzqwjXWqJcb3w
bgk0mxpif2wtDaS94OJ/uPVZBJZoIh2Eq5M8xRW/a/s
-> ssh-ed25519 BVsyTA JGE9eWZ1la2zSayjcGGRcPYXBTxsfvOxphDLndhYMHo
Xor0OLMsXTU4MmkyvoYoU2tHGwDla/GbbW6AI+Fptuc
-> 6>G-grease ^'eq
vOuziQ8uC81Tflh6vzXJJIqrCgh3UEZhs2tBkB9QwPww+Q
--- BpmRwNLuZ7Za7VA6xb4UWzjaSha6vpZcki868ZBpORo
w÷Q€ër¾lo\n àßãOíÃíì6ÑælË…,l±ª™Ì>”œÜšÝ÷,Ø/¾œØ<C593> <0B>ñß73|Rw@V—`ߥ÷ 0o¥˜“ÓLù‡¤qåΊ)E<45>ïc7¶öG[÷Gí

1
secrets/secrets.nix
View file

@ -51,6 +51,7 @@ in {
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys; "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys; "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys;
"drone-db-secrets.age".publicKeys = flora6Keys ++ baseKeys; "drone-db-secrets.age".publicKeys = flora6Keys ++ baseKeys;
"drone-secrets.age".publicKeys = flora6Keys ++ baseKeys; "drone-secrets.age".publicKeys = flora6Keys ++ baseKeys;