From 0a51e0a3ab15fad7a1e4b937ea887e5781416928 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 25 Aug 2024 02:33:55 +0200 Subject: [PATCH] mediawiki: add backups Restic backups to garage S3 bucket https://garagehq.deuxfleurs.fr/documentation/connect/backup/#restic --- modules/mediawiki/default.nix | 40 ++++++++++++++++++ secrets/restic-repo-garage-mediawiki-env.age | 44 ++++++++++++++++++++ secrets/restic-repo-garage-mediawiki.age | 43 +++++++++++++++++++ secrets/secrets.nix | 2 + 4 files changed, 129 insertions(+) create mode 100644 secrets/restic-repo-garage-mediawiki-env.age create mode 100644 secrets/restic-repo-garage-mediawiki.age diff --git a/modules/mediawiki/default.nix b/modules/mediawiki/default.nix index 4512b55..7d8df93 100644 --- a/modules/mediawiki/default.nix +++ b/modules/mediawiki/default.nix @@ -184,6 +184,20 @@ in group = "mediawiki"; }; + age.secrets.restic-repo-garage-mediawiki = { + file = "${flake.self}/secrets/restic-repo-garage-mediawiki.age"; + mode = "440"; + owner = "mediawiki"; + group = "mediawiki"; + }; + + age.secrets.restic-repo-garage-mediawiki-env = { + file = "${flake.self}/secrets/restic-repo-garage-mediawiki-env.age"; + mode = "440"; + owner = "mediawiki"; + group = "mediawiki"; + }; + services.postgresql = { authentication = '' host mediawiki all 172.17.0.0/16 password @@ -232,4 +246,30 @@ in }; }; }; + + services.restic.backups.mediawiki-garage = { + paths = [ + "/var/lib/mediawiki/images" + "/var/lib/mediawiki/uploads" + "/tmp/mediawiki-backup.sql" + ]; + timerConfig = { + OnCalendar = "*-*-* 00:30:00 Etc/UTC"; + }; + initialize = true; + passwordFile = config.age.secrets."restic-repo-garage-mediawiki".path; + environmentFile = config.age.secrets."restic-repo-garage-mediawiki-env".path; + repository = "s3:https://buckets.pub.solar/mediawiki-backups"; + backupPrepareCommand = '' + ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump -d mediawiki > /tmp/mediawiki-backup.sql + ''; + backupCleanupCommand = '' + rm /tmp/mediawiki-backup.sql + ''; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; + }; } diff --git a/secrets/restic-repo-garage-mediawiki-env.age b/secrets/restic-repo-garage-mediawiki-env.age new file mode 100644 index 0000000..f76de15 --- /dev/null +++ b/secrets/restic-repo-garage-mediawiki-env.age @@ -0,0 +1,44 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg mrV+hjzpF3Gqk6InUYmhwR7mrFHIcOI5PZLTgLnHtGQ +6uYiGWNPewz8LKRns4Ykh5JJROSoCksxwvZLwtyGSoE +-> ssh-ed25519 uYcDNw u659THLfszj4qa80Z+MfEyf3ObrMoJXD/jIcbZh6SFA +uOm0RUX+1RG9+eLadJmhY7BwwLwG47USVuaB2p4B8Xk +-> ssh-rsa f5THog +rHdJxOggqqo5wnh88CL3Qodw3f1ZcktIxT5rfs3PnFYjOWt43Y2SCUUGBzh8Qrz/ +5x5jY6rwDRu+QRolbIdEzpZPgbbL/UJkYd7D3NwUIOkXIHPWn2GomO5WSNFL+hTS +UpjWzZh+ij66ttSJsfZDomJclMt/FgSheHiZPH98vszi6UV2fQP5/0Hi9JoEvq83 +Q1HlFwHaV4pBcCARvTvnG6scsBnoD9AATbv4DnBGHLKK8SWrD0n+GrK5KqQy7tUF +tQW7SrYISmRLIiJ2jdr7XibjgIjpraFjIcVAP+Al/cgy0BsL7Ta9BHwpc6akDnLA +dBzABfOPxCc/6RwddE6+aFvHlCRe+9rk/MVFrBRi6WNphkT5RJHg/u7IjHGXg4O/ +6r5CSeJvWmvx6mG9LoACZTxXAfFiV9kF+AB39cOKHD9O4AHdn3SoaeCwgyeLl0pm +FSg7yr0fpfq4Kw7g6KUh8Tlkd4jHEYnESaabKdf9sZcSGve08xg4JNrWnDauPKQE +CCNBaWj1SY1lkmNQBNP4c0wgzo90aiMFNHlvKTgBCVW1pfEgaeNMr9BzDnWrBxYC +IZMQguDh2DZrw5Ywm+xh8eiluUO3AWq2GpfzCwbzZnGBiD5VwuFXCTpDVU8sB+80 +TDbK6vYNR1MwVOlg3Mdlm7DVe0fmTPetb2fX50KzkIc +-> ssh-rsa kFDS0A +URYkxMJfK4Y7oNhHJ62ZynnWJYsT3MdLqmROvvzbt3Y/VHHjVNv3RdHGxqPECsmA +kebXG8EUFZEYA7xIC9m92y/PiQccNCx/ihaUbq3a6RmWimOyyBSm0hK99Fu+YccE +riKfyx3dI2blt4qSplEW+BeVvbm6ENFTADjqLa86aqbWPpbLiuTIINNJc4QuOhyP +kbtxRibYWqYoSEYfi/4mXju7LqhY3IyC7R82mI188RcAxoCSSIeHfs41danAcMS/ +pwA3xdcurx0nHpNaDu3ahj8VtfKCRZAcf36WcCxIdQA8I9jnzWOhUcAongU4rjyI +tuXQGrFuW2Ji0knAJE/bLcAg77NZNqyEa/AccjnTP0jkUR7lPB/AnhVj/LnOrjnn +ZSampmEF/LW/jHgLWBDqHYYRFfiTrItXnbh3pHwhodXzq4Y3ree+6CiM32LlurGH +3dWLQxYUccbwhP48ISQ6y7Vkuso1AMdKNf1NIRU0mVuIfmEy0r1S1wuAfj/l8zo2 +a2ZP/bMxQO6gh5VEVaOJI4o9WjFe9IM8/CrtAw0HuVmhUV7904TwXEEfyZlsMEiS +Ny5LTdCCukjvH1i3QQtdWMhf4OSnuujGitpwozhY/p3/lDGzZWFALYjvyErIl+ix +5qdAINkrwwuwECc092uSBmoBqZYynINBoUB4THne+uE +-> piv-p256 vRzPNw AjFzsneyImnlMT9U0nX31rODKWaFq7VYXhpTMVjVhnj2 +lnVRkWquK4RPYgK9ZfvDtF+jUsr1I2gyyt3/pnJYJ4I +-> piv-p256 zqq/iw A8Oi3vaSDWG0pywERBUvEYG5qyBq1UH/dOhkc0qVX9AI +af/MkfdLhtkYI9+2IVbGSSQ0WDxfesEXxV1Js7e5FkY +-> ssh-ed25519 YFSOsg lwI3MhcOKH5PXvqqaSRCdOr+brSMActxcYou6i9be2Q +dsfNt+pLcdTYSoKe4yayejWgny8tei8jmYRKCc+QS84 +-> ssh-ed25519 iHV63A KufdIs6lDf56eIRysnP8KDggGsb3vuHwP0rMW/u79hY +pGZ68vzEAQtioseP4zJ0CADesCyosF3BYMVsz1tJlgk +-> ssh-ed25519 BVsyTA yLZGBdalJE4HtW5VUWWilptIV29rS2AEPQniTVIpRDU +qe25JoMDlIwAt8nP4AlTA0uyEH3dydr+ompAzpCBFn4 +-> ssh-ed25519 +3V2lQ G+4GB+IGDqhqWT/VQZ3545oX/0Px1A7R/tN3aLfpHy8 +XLS0WgXviONcyaLFc3GVCdRMN4Z4cTgk6lFLOk3dmbg +--- SgCT9VjfKeV5B1szYDpqrXy/vhDT/HqPI03f8HF6Nl4 +.îÞ€ø º(Ì4¡ÔVÔßÓÙ¤Í Rô¬ä™j{<gm?pñ‘5T#ßý˜Ê„$ûpÿ™Û°óR˜=éàˆ‰qoÒ$ìLðýH.¾êvÆfŠË³;س6-óÍ9óõÀf(0¶n%ÿ®äèœ?ÙÅòòskd ƒ:zv×t +yϬ&]Çý‰XÕ¡éApd /0±B$‹U3âK¬Tñ* \ No newline at end of file diff --git a/secrets/restic-repo-garage-mediawiki.age b/secrets/restic-repo-garage-mediawiki.age new file mode 100644 index 0000000..c9cefe5 --- /dev/null +++ b/secrets/restic-repo-garage-mediawiki.age @@ -0,0 +1,43 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg yk6WgkJbk16Yqc/aWojwDePfNZN3XgaiacpZqufw1hc +qx3x0zCUB6l7qPS9R9xGO41s6ESGsNd/ixglY4gYDtY +-> ssh-ed25519 uYcDNw nDZXlykiDEZIA+Srg6imZFRLAzhykR3PDVrfWb693Sg +MBJrrXbtLzBozetgfZaE52o1ixsrPK6Ojdp8sXhI3dc +-> ssh-rsa f5THog +WngnjCboeUafoR5NOg/+NFeW/ILxonIrcl7iUQLXoObcFWtmgzEebcogo3kqnkdk +cj7NnqQ/sFiHdPCBr+VyiWcP4BJHJeWF/w+Ht9SYP5+WlHUkC2IPxlcMzJFyy2ro +9PDq8FaPX5ZqarOfBW+U1pQsegxG9wkfoSzoF8NVL0jU5mwubPc+1s0ycbjMcGzP +CSCpWY0OqqRbCXj8gVBNOOoELVhgbNCO0oRWh6Iafqjrx/rO4MNAdZmUF9DiTZML +8QQjBFR7G8/+4ehGHn/9PF/0yVVsnPaJTEo3juS/By+NVcCihwP3b0SgQkjtp73+ +2QZL4XImwR0bBLDla86IjvZWH7GkLzR8iAw75FZ/FGIxZ/XgwRcUqtcI8m105KAD +iX1v7ai0LUYko4RPSqdDItEdGjK31Dl4bCdaLakO+aZdtc+60c7hx8uEoTp7JY9W +Qmyv4rt5bVUUAeH0IyR72vTDpTtXSkbp0vypk6Zq+yhYjbe0wmakAPCF4WbIV9gQ +YIoSyicQ3NYxfrQGcQvmct2dNXXZcCr8BW704/J5w7ngw44FiZDUIC2y562sHD84 +9rFO0obVGERJa55+MnZB4UYMqU3eWs+mkxHgWotx5yEtO0wMpTP9IFk92scJeV8h +bdr6fq1p6gtFlSNlA7P8A0go1SWs+qIoO/PEPyznoss +-> ssh-rsa kFDS0A +RM1VIV11yDWaG7KDnXbVt+Qo9kIC5kPO1JwpROuxbTH8tDGbu7bC2mJ6qsZo1R5x +ewtmDVwv+Gogs2drjQeQgdZH3qN0cMt34micbW2lvBW4NmvAGKEQ+dkkUgIWIhy9 +dNuFBCHAGqfw7FDqvX1Mm3e50CsbIVqpurBXe882seMjm/nSVzGgjOOQVaQKmNSg +04s0gsLzN1f98kQtKuNPlG8Fun9y1bKLzWpBT2iriQInkhcWSwYqg1M0yM7U01j3 +Kcxn4LJmgB9qNkloEKNpHCze5fgIGyOf+MsG4VN90CvwpNxy/EHrEyncXDxSxiCt +A81PVHCZfC7fQTR+hF2s1xGcW9mmtRpPPSEUrGY84cW2k8m4E5A9J7MJZ7FOKe6C +OY3LoU5KCV292ujHqYs1c7JSJRqVq4IMCupsNL6afzB/Fe+cV6GX7bXh1ZUl9HT7 +B6j1QH2xA9OGz+6VDrB+B6cdnxp02zRZpuS19uPTJqpIg4Sgc4vvw7YFQfz8AfUD +/SafkBpVKznEHl1/gO7bOMa1nTkNBicUp6d2Z/zNtJ75NJPb3qYc4aVsaEuyMPts +ieMR/iieeiDOMPhedtibfCWZ+0YrtyIrkkUsPK5yG76VbJgMjSRyEP+bXTedih/b +bTkE78BoV5DmNxGEAva2BJpMKtn3Or8dCgSudoSlI14 +-> piv-p256 vRzPNw Al8mhhyZ/0YFf7OSKeGm3LZhowpCdcITOhtjmky7Ygnq +CxFNUst8+6e6Cra/j7Pa2lZs3lHGLCOWRInb1VZTr2M +-> piv-p256 zqq/iw A+r/W9OhuPjuGXRuhp1vW45k/QzCFO6VLfp1W6l7RJVU +GxunFSBPJnzd5t5Ar42vr06tyJkJvZhljlGkHVZOFOQ +-> ssh-ed25519 YFSOsg e7udSQwtwKETHB0Re59fb1DdiBBPLDbV/JHmUUI4GSU +054wi1iKJm8lnWDjONCk+h2vea0setKqdCpXHuJaecI +-> ssh-ed25519 iHV63A S2sle86zYVPjtCozODRjqtTs6a5GksTpJHkmO/WYzHU +7h5kS8Hc3BiyhiWerEa9xPX6o+D/bxoJLK1fXFq1jWc +-> ssh-ed25519 BVsyTA 7meQJdKDB4JLKsYmBPgDBUnWhil1fKnoijm+uzHDemY +1bxklkYv5KYab9fXjMtz/w5QTUYMlZFTQG/khBftlWo +-> ssh-ed25519 +3V2lQ n1bF6+o/16zx7dEt/Um1gL30mARiuPaE6z3N+qjFZx4 +7ZjmhkuJDYXLcMoUEA0wosWcWZ1T1oR45kVhFyQwN1E +--- TbpcaLv/1jF23nynpaw1XjSKsO2t9hAxovPQHKhXAoQ +P‰^¢f«E~¢÷ß6ÿO[Ö-cf]–øÄ9eÓ6Ñû‘4Eÿl2=sÿßW‡…O¿QFCzcõbÖTšÎÉÿ;[a \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ab52663..03a6e3d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -54,6 +54,8 @@ in "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys; "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys; + "restic-repo-garage-mediawiki.age".publicKeys = nachtigallKeys ++ adminKeys; + "restic-repo-garage-mediawiki-env.age".publicKeys = nachtigallKeys ++ adminKeys; "drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys; "drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;