mail: add backups
All checks were successful
Flake checks / Check (pull_request) Successful in 6m12s
All checks were successful
Flake checks / Check (pull_request) Successful in 6m12s
Restic backups to garage S3 bucket
This commit is contained in:
parent
b6be95d032
commit
3adca31bab
|
@ -9,6 +9,18 @@
|
||||||
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
|
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
|
||||||
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
|
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
|
||||||
|
|
||||||
|
age.secrets.restic-repo-garage-mail = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-garage-mail.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.restic-repo-garage-mail-env = {
|
||||||
|
file = "${flake.self}/secrets/restic-repo-garage-mail-env.age";
|
||||||
|
mode = "400";
|
||||||
|
owner = "root";
|
||||||
|
};
|
||||||
|
|
||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.pub.solar";
|
fqdn = "mail.pub.solar";
|
||||||
|
@ -67,4 +79,23 @@
|
||||||
};
|
};
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "security@pub.solar";
|
security.acme.defaults.email = "security@pub.solar";
|
||||||
|
|
||||||
|
services.restic.backups.mail-garage = {
|
||||||
|
paths = [
|
||||||
|
"/var/lib/vmail"
|
||||||
|
"/var/lib/dkim"
|
||||||
|
];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
|
||||||
|
};
|
||||||
|
initialize = true;
|
||||||
|
passwordFile = config.age.secrets."restic-repo-garage-mail".path;
|
||||||
|
environmentFile = config.age.secrets."restic-repo-garage-mail-env".path;
|
||||||
|
repository = "s3:https://buckets.pub.solar/mail-backups";
|
||||||
|
pruneOpts = [
|
||||||
|
"--keep-daily 7"
|
||||||
|
"--keep-weekly 4"
|
||||||
|
"--keep-monthly 3"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
43
secrets/restic-repo-garage-mail-env.age
Normal file
43
secrets/restic-repo-garage-mail-env.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg 00wsOEvt4zYgmrTD4nvYjQ9Y9YiWmbfjQojHHvTiRgE
|
||||||
|
LiUZWpW6uvF6RzcKqOhCAFr+cL0XqR7kz5lGAHEUmpc
|
||||||
|
-> ssh-ed25519 uYcDNw 1PVM6oGfpjv9oCkvbagB4Plkad82wb0oe8AcIgi/LEU
|
||||||
|
hzMZ31WDyhaKH5MHyUTXnxHvYwKb9soF69Lg8fOwNMg
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
QHhQ5RkjQDsj+tqdaTx3bm5FakigiidXYR3Cl/xvVF59fiebcRNBfrlWqITKpZS6
|
||||||
|
pQ1tHYU/7KrssuI8SBUPOKhrNFmv58uhRZsQdcfwzQl5zMuU883wNWuqSxtnk5bY
|
||||||
|
jFJQTQBk5i2ZemDGOV7Q7amhRzmX57iJIQ8B0+lyYgLTDUGnmdKNisQMUm2OEnxW
|
||||||
|
SX0NSOfirHV4L4Jdvv0+Rae4abkKAXdn+PvZLbYRZItFSiOci77VyFGBoeDgfA0y
|
||||||
|
iAo2rHkXVfHhFgV/OScN+7lRikk7M8jcXYny4YCV/ipvJDcX6jXi0JzO9oNZ5RI+
|
||||||
|
y9bLihJzCqoyEys1R+3cfRFb29aIXK4x7rC+3555h0OEP3en1zk6ZcNAAyz8HJEV
|
||||||
|
CWqwyPMpj3HclSQDl093sj4OwjBy6Fqnlv7ZnF/Xbn1oQLdZymj2z1EqKl4LmPal
|
||||||
|
WZw2EMteVgx+aaoh9RNYQX7aLTpOinh2bxXe1hOdk1E14caxJO4repXhSMX9E44W
|
||||||
|
dib1wfDOSs1wxTQanYhd6JSgu9PdyQuAYjsod78HObihNYTQaFz10P7HH5Ax4f/l
|
||||||
|
WrOT/bimbVlHy/Has0OKSFrUk+WjCW+Fi+ha9WDGdLGpQ5YjBep/Ne7adttXl/2+
|
||||||
|
as0zC72unqI7y4iCnYzvAsVcaCo0feWkkWcPl2GJEgc
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
OEOkHcQGRha/u97Oe4B6e529xDO/pPwGEs/IVgLBNBGYATwrs35oZb02ejFStY3e
|
||||||
|
6NP7GI46pu3kvP3sZmX1NplIhS6ceQDAtl2HP8dsHuEF7d7d+r6BchCCD5gMis27
|
||||||
|
/tmM5TffhFaJG4PdTFsqMb9ti1NuZwYxvKqYMswiQEChExFAw1KO6golRSDbjz0W
|
||||||
|
GLpHEVZ8z/oHQpOJTNVvsSWBb3yFQ0RH/QNN9bNMzFjbs94o7SSzTyALxj947iDv
|
||||||
|
z9xtbK6fNpn+TcHwP7YAnILcezOXIl+mYdXfS99z4vOdeq/i48dnLY9zlwiu/pN0
|
||||||
|
a4WyOlLcOZuyEb1VpbAf4R9B6lqKJB4vKrHPhjjQcW+13XOx10+lFKGshB3dnGpE
|
||||||
|
G0aJr9VwAyt1n56PRCd25QCSMnNX7SOlGKU+gvOnpA1zJBYRriLpP5nqt0h59tBn
|
||||||
|
wYWi8KJycJRxCTyfTJxTO/x0C2q16uhF62jueY22txKgPaMA4EoP00AEsxjTXieQ
|
||||||
|
JkuOzxW1ZUrVXpXUIQPJTIHL7JZ7uR2Y9im78dP6ZOAI0sKgii3VR+dg3HJJQls9
|
||||||
|
rdT/Ku0gWERDpAMT2Jh0O9XwMESFo9IHRfEW5hNAw1oAlvCRalTfwaCchGuU1jxM
|
||||||
|
S3q51d/Za5Yk6sEhuFNON7PDWOHyhV+BFjpbQpxSBAY
|
||||||
|
-> piv-p256 vRzPNw Ard8G6ehj6nZC8wlqZQ9gEOxTfL2DAf15GbPeI6mChv5
|
||||||
|
BPuhhWE5w4BtQQnEDhV4dXMIIuJzCTPd6VV9dzaEYI8
|
||||||
|
-> piv-p256 zqq/iw AjfgwI2GXG07gQia3xdw+W/l/r2POsJfOLcq3kwxWuZ/
|
||||||
|
AgnvAkoUZOA1M8vvLCPUeDp6paiixfSXQpr+CxSZsQI
|
||||||
|
-> ssh-ed25519 YFSOsg fvx54J7FFCC5Aot1jqLWGZDn40iRMYw1onCuNp+thhw
|
||||||
|
alow6miTYlOzPYMX5fEbm9Gl3VL/HlZ6nq0MjSEFLg8
|
||||||
|
-> ssh-ed25519 iHV63A QdOJrEqruK+dh/d9fCIp1nvGlwg4lIObEUqrB/VFhGc
|
||||||
|
w0k0JB1xz9eZwj5O+71Ht2qkM0lOiQhlQFTRR9tNaLE
|
||||||
|
-> ssh-ed25519 BVsyTA m0/I+Gon8k8XVTnuw3N3zJsvUHut01JcyNcLW+GU3Ag
|
||||||
|
3C23u78FAHfh98grgBVFp9/ZVrkAV/SdOBcX6JS83Fg
|
||||||
|
-> ssh-ed25519 +3V2lQ r0v/L0tL1WGcHjUKV0aJw0dkmwgcF27vqpJ/pY9p1B8
|
||||||
|
hFQL/VBAt0F+6KTRF/pyiI+2cvctHmTAypZ/MhomQVE
|
||||||
|
--- CGNMkMH1+XCGCIwhTQmbubVBeJHEbQ3H0C3LH4xuW1s
|
||||||
|
<EFBFBD>>0õ±„¶I ©Ï¸š±ÀAJ€ÄŠš¶ëH^y<ŽÙ¬ô/«l<C2AB>¦ü’½mý[‰/2Â/Ôƒ¼›O²×º`”b'þªã «0Ë¿eà%†¶É ‹ùÖ½æEÝßfqéí¶fœ¾>iÝÌbp®rk½eN¤øáw£¢x¯:Ƙ…ͳ?¤´íÕROÏ’»q?0É<x#š”ØWÿ¶
|
43
secrets/restic-repo-garage-mail.age
Normal file
43
secrets/restic-repo-garage-mail.age
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 iDKjwg M+EDCwvqKTFn03v1lC9ZuI0HkgxPZfLgdDbYMFR9KhI
|
||||||
|
8LPjee85UAcasn6zKx1+MiZ4u3qX9iLHr7CZxdPbEug
|
||||||
|
-> ssh-ed25519 uYcDNw o0PBFfjYAax4hZwIb0OeJi+rx6VC9Plf7oCj40x1G1Q
|
||||||
|
TZCrvJFPsOl74Nj0Jv3255r50Lez+03GdyfyW4JpV6A
|
||||||
|
-> ssh-rsa f5THog
|
||||||
|
sdJAKwTHhf48Ks/Bkln0lMFBjp5GJ4ovq4ejUZXdNZsdWC+Meb7mPOFxNyz0n9Va
|
||||||
|
5xmkhVcfAYZP/rVXXEv515sBcERvnngFI7YX3GvsqaH+3WxpxkF08lWAFstmPNI8
|
||||||
|
tVZfZdPfz7nzm6xBiRKECFTJXsoXs+1sRQ677NwTMVCcmgh40jXSf6sw39e5DkiV
|
||||||
|
AKWNuXZKTWNCnjVrhzOUc+poKnT+VFSDeXeiQmFpPINv8wxPqK1TX8EK8nvwAdap
|
||||||
|
o4yZcuSRfq6iK/QWFGiQ/mC15R5OPzJ4t2rgRf8uCyzWc1jh8XEXuYe/6viFwhNg
|
||||||
|
jUILWwPILIWIRH3s3tKWVJOB4YnSZxNowld4Sl4CYFheUbrM2qTxvXkG8zn9PZe/
|
||||||
|
8kIsHussJYa4/j9O1ICvNs0SOqY49eBR5RN5YdqOobJbEBjU+XJ2QPQ+imVez8Mv
|
||||||
|
sFqtt+1EsFOViHnTqSqWYjz49+rt4EGMYJrs5yrwGH42XvvavkecIAXvhBvAg3Uy
|
||||||
|
elvaGQXYHSGUjCGx2KyVSpJIf8VW/zoL+vz5SOlOXszYdS5HKRT5M7A8F3NHfNNm
|
||||||
|
UeDS1ap3/1H/1jotFdP4IkcPRT+iS6ohoQA0JnNuoj0aMHpa/8Y8ciwU0qpjRmyC
|
||||||
|
ePS3Wd626j+AnyRLGfYN7xJSEdwGlAS7u1c4MRT5jnk
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
CZYGJdzAh8CkGVdALGMi65ghyy+XPzxL5iXPEvgqjB3W2pS16mT2LtrIO0R9QzHO
|
||||||
|
wXc4H5YoXj89G+SA/rz4Nn5Pm2j6MWAdy1xegTNKv+IdJbUazxLXoj0WZjZ1Z0/L
|
||||||
|
uJDooSRWBCzL6mTTpjULy4uNqSUUucuPfc7dROvo0+nPpipGOlfMRViJrO1pUMLO
|
||||||
|
ZGA3yGHm6Tw7xrUZkvC/S9iuzR8EbyD3lmLaF2eLbaN8AKFePmY1qg9N77amfaCQ
|
||||||
|
CFWsSljKVxq0Ocs//mN6lmULH537GozHoYaBSR8SdSuJWvYUiLnVAabBTkXF8mA2
|
||||||
|
5kWZO5kr91oqZVZnRyHVXVDSTxG6n3aCHouvxchzbvCbiVwA60kTHE2g0scjeHB1
|
||||||
|
pvIFB8ANSHURv0BDvoGsMxvZAM6LljHlDDD7ugbWd2k1aQWpw6Ja+x8w4/Zzpnpq
|
||||||
|
1luNKZL8HfbIAsE6a/S5rnrmw3xFWOT1JXQnGpWVC6uYiGoMB3xqKjhfH/diW+KM
|
||||||
|
h4iYIk3rJ+CPI9fwFwIvHVj/tPpN/n/fAFcYV+ivAlMk/HCT4vfjmQrWzukhFda+
|
||||||
|
HGPTmKnYO9WxWMzyNshCg9Se6krqbF1gPRZckiBSIIHw7QkicJWy8GeqEXuL+wPX
|
||||||
|
GBce3CBdg/w/UmZ2k8ZePikGc8ZNKGp/Cx7wui9WYQA
|
||||||
|
-> piv-p256 vRzPNw A/d7vHxjk4xk9dXbkWFnbTBsZ5vjZjnV6Aas4h02na6i
|
||||||
|
TgVbhRHJWRULqwphVwUk6PjmJcM8fHAtMoXr8MCYXz4
|
||||||
|
-> piv-p256 zqq/iw Akqn3jVJGnU4xrVMZQ7GWnzMiNypV7BIa1Aqwwerms64
|
||||||
|
ppUmCfKen5Vim8D3xOtkeC9ugHzS8eLwfSls5MgALIM
|
||||||
|
-> ssh-ed25519 YFSOsg T/Lv2HU9guj2XmUiI7HUKuxq30WATx5Ihxl3tDjRFlk
|
||||||
|
xVadVgGovqOrjofXzuF9pBGWfCOZHIyaY8gKWVANmSQ
|
||||||
|
-> ssh-ed25519 iHV63A amPJnMElPliFfkLVyVEqDkQhQ6X4q7OQDwpqi+JhiUg
|
||||||
|
wO3zti3SGNPWxcfIF/E+KFkqfGah/Vct8GMU6/MQDhE
|
||||||
|
-> ssh-ed25519 BVsyTA iouZDGJSkBfUGqck0LC0uIMo5I1ELtyRSYd/+P6NqGg
|
||||||
|
U0e3WSRhG535Fg9cO04V51t+S+w8KnT0FDA3zaU2460
|
||||||
|
-> ssh-ed25519 +3V2lQ j8gt6Twkb8fomdHAZ7Fs9haj6AmOWCjrfBlrIV8Ceic
|
||||||
|
JeBABwSUf7u+qvITa2CLCg391MPgXLJRcQJ5iaPkdo0
|
||||||
|
--- OGhz265WS4l8djGetL33Fdu4hzH8S8z/Om2YiwW50ek
|
||||||
|
w•ôTÑÕðlªžµ¬)—0^•)âôi¸4Ç®×9üwy3Ž*<2A>=>©P¥Çðà¨XõÔ¨<+PÅœŽ
|
|
@ -54,6 +54,8 @@ in
|
||||||
|
|
||||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"restic-repo-garage-mail.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
"restic-repo-garage-mail-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||||
|
|
||||||
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||||
|
|
Loading…
Reference in a new issue