obs-portal: add backups
All checks were successful
Flake checks / Check (pull_request) Successful in 4m46s
All checks were successful
Flake checks / Check (pull_request) Successful in 4m46s
Restic backups to garage S3 bucket
This commit is contained in:
parent
b6be95d032
commit
2e64dfad2b
|
@ -1,5 +1,13 @@
|
||||||
{ flake, ... }:
|
{ flake, ... }:
|
||||||
{
|
{
|
||||||
|
age.secrets.restic-repo-garage-obs-portal = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-garage-obs-portal.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
|
age.secrets.restic-repo-garage-obs-portal-env = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-garage-obs-portal-env.age";
|
||||||
|
mode = "600";
|
||||||
|
};
|
||||||
age.secrets."restic-repo-droppie" = {
|
age.secrets."restic-repo-droppie" = {
|
||||||
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
file = "${flake.self}/secrets/restic-repo-droppie.age";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
|
|
|
@ -147,4 +147,29 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.restic.backups.obs-portal-garage = {
|
||||||
|
paths = [
|
||||||
|
"/var/lib/obs-portal/data"
|
||||||
|
"/tmp/obs-portal-backup.sql"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 00:30:00 Etc/UTC";
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
|
passwordFile = config.age.secrets."restic-repo-garage-obs-portal".path;
|
||||||
|
environmentFile = config.age.secrets."restic-repo-garage-obs-portal-env".path;
|
||||||
|
repository = "s3:https://buckets.pub.solar/obs-portal-backups";
|
||||||
|
backupPrepareCommand = ''
|
||||||
|
${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql
|
||||||
|
'';
|
||||||
|
backupCleanupCommand = ''
|
||||||
|
rm /tmp/obs-portal-backup.sql
|
||||||
|
'';
|
||||||
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 4"
|
||||||
|
"--keep-monthly 3"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
BIN
secrets/restic-repo-garage-obs-portal-env.age
Normal file
BIN
secrets/restic-repo-garage-obs-portal-env.age
Normal file
Binary file not shown.
BIN
secrets/restic-repo-garage-obs-portal.age
Normal file
BIN
secrets/restic-repo-garage-obs-portal.age
Normal file
Binary file not shown.
|
@ -54,6 +54,8 @@ in
|
||||||
|
|
||||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"restic-repo-garage-obs-portal.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"restic-repo-garage-obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
|
Loading…
Reference in a new issue