diff --git a/docs/backups.md b/docs/backups.md new file mode 100644 index 0000000..ccce5f9 --- /dev/null +++ b/docs/backups.md @@ -0,0 +1,36 @@ +# Backups + +We use [Restic](https://restic.readthedocs.io/en/stable/) to create backups and push them to two repositories. +Check `./modules/backups.nix` and `./hosts/nachtigall/backups.nix` for working examples. + +### Hetzner Storagebox + +- Uses SFTP for transfer of backups + +Adding a new host SSH public key to the storagebox: + +First, [SSH to nachtigall](./administrative-access.md#ssh-access), then become root and add the new SSH public key + +``` +sudo -i +echo '' | ssh -p23 u377325@u377325.your-storagebox.de install-ssh-key +``` + +[Link to Hetzner storagebox docs](https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys). + +### Garage S3 buckets + +- Uses S3 for transfer of backups +- One bucket per host, e.g. `nachtigall-backups`, `metronom-backups` + +To start transfering backups from a new hosts, this is how to create a new bucket: + +First, [SSH to trinkgenossin](./administrative-access.md#ssh-access), then use the `garage` CLI to create a new key and bucket: + +``` +export GARAGE_RPC_SECRET= + +garage bucket create -backups +garage key create -backups-key +garage bucket allow -backups --read --write --key -backups-key +```