mail: add backups
All checks were successful
Flake checks / Check (pull_request) Successful in 6m12s

Restic backups to garage S3 bucket
This commit is contained in:
teutat3s 2024-08-25 03:45:53 +02:00
parent b6be95d032
commit 3adca31bab
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
4 changed files with 119 additions and 0 deletions

View file

@ -9,6 +9,18 @@
age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age"; age.secrets.mail-erpnext.file = "${flake.self}/secrets/mail/erpnext.age";
age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age"; age.secrets.mail-hakkonaut.file = "${flake.self}/secrets/mail/hakkonaut.age";
age.secrets.restic-repo-garage-mail = {
file = "${flake.self}/secrets/restic-repo-garage-mail.age";
mode = "400";
owner = "root";
};
age.secrets.restic-repo-garage-mail-env = {
file = "${flake.self}/secrets/restic-repo-garage-mail-env.age";
mode = "400";
owner = "root";
};
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.pub.solar"; fqdn = "mail.pub.solar";
@ -67,4 +79,23 @@
}; };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "security@pub.solar"; security.acme.defaults.email = "security@pub.solar";
services.restic.backups.mail-garage = {
paths = [
"/var/lib/vmail"
"/var/lib/dkim"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-garage-mail".path;
environmentFile = config.age.secrets."restic-repo-garage-mail-env".path;
repository = "s3:https://buckets.pub.solar/mail-backups";
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
};
} }

View file

@ -0,0 +1,43 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg 00wsOEvt4zYgmrTD4nvYjQ9Y9YiWmbfjQojHHvTiRgE
LiUZWpW6uvF6RzcKqOhCAFr+cL0XqR7kz5lGAHEUmpc
-> ssh-ed25519 uYcDNw 1PVM6oGfpjv9oCkvbagB4Plkad82wb0oe8AcIgi/LEU
hzMZ31WDyhaKH5MHyUTXnxHvYwKb9soF69Lg8fOwNMg
-> ssh-rsa f5THog
QHhQ5RkjQDsj+tqdaTx3bm5FakigiidXYR3Cl/xvVF59fiebcRNBfrlWqITKpZS6
pQ1tHYU/7KrssuI8SBUPOKhrNFmv58uhRZsQdcfwzQl5zMuU883wNWuqSxtnk5bY
jFJQTQBk5i2ZemDGOV7Q7amhRzmX57iJIQ8B0+lyYgLTDUGnmdKNisQMUm2OEnxW
SX0NSOfirHV4L4Jdvv0+Rae4abkKAXdn+PvZLbYRZItFSiOci77VyFGBoeDgfA0y
iAo2rHkXVfHhFgV/OScN+7lRikk7M8jcXYny4YCV/ipvJDcX6jXi0JzO9oNZ5RI+
y9bLihJzCqoyEys1R+3cfRFb29aIXK4x7rC+3555h0OEP3en1zk6ZcNAAyz8HJEV
CWqwyPMpj3HclSQDl093sj4OwjBy6Fqnlv7ZnF/Xbn1oQLdZymj2z1EqKl4LmPal
WZw2EMteVgx+aaoh9RNYQX7aLTpOinh2bxXe1hOdk1E14caxJO4repXhSMX9E44W
dib1wfDOSs1wxTQanYhd6JSgu9PdyQuAYjsod78HObihNYTQaFz10P7HH5Ax4f/l
WrOT/bimbVlHy/Has0OKSFrUk+WjCW+Fi+ha9WDGdLGpQ5YjBep/Ne7adttXl/2+
as0zC72unqI7y4iCnYzvAsVcaCo0feWkkWcPl2GJEgc
-> ssh-rsa kFDS0A
OEOkHcQGRha/u97Oe4B6e529xDO/pPwGEs/IVgLBNBGYATwrs35oZb02ejFStY3e
6NP7GI46pu3kvP3sZmX1NplIhS6ceQDAtl2HP8dsHuEF7d7d+r6BchCCD5gMis27
/tmM5TffhFaJG4PdTFsqMb9ti1NuZwYxvKqYMswiQEChExFAw1KO6golRSDbjz0W
GLpHEVZ8z/oHQpOJTNVvsSWBb3yFQ0RH/QNN9bNMzFjbs94o7SSzTyALxj947iDv
z9xtbK6fNpn+TcHwP7YAnILcezOXIl+mYdXfS99z4vOdeq/i48dnLY9zlwiu/pN0
a4WyOlLcOZuyEb1VpbAf4R9B6lqKJB4vKrHPhjjQcW+13XOx10+lFKGshB3dnGpE
G0aJr9VwAyt1n56PRCd25QCSMnNX7SOlGKU+gvOnpA1zJBYRriLpP5nqt0h59tBn
wYWi8KJycJRxCTyfTJxTO/x0C2q16uhF62jueY22txKgPaMA4EoP00AEsxjTXieQ
JkuOzxW1ZUrVXpXUIQPJTIHL7JZ7uR2Y9im78dP6ZOAI0sKgii3VR+dg3HJJQls9
rdT/Ku0gWERDpAMT2Jh0O9XwMESFo9IHRfEW5hNAw1oAlvCRalTfwaCchGuU1jxM
S3q51d/Za5Yk6sEhuFNON7PDWOHyhV+BFjpbQpxSBAY
-> piv-p256 vRzPNw Ard8G6ehj6nZC8wlqZQ9gEOxTfL2DAf15GbPeI6mChv5
BPuhhWE5w4BtQQnEDhV4dXMIIuJzCTPd6VV9dzaEYI8
-> piv-p256 zqq/iw AjfgwI2GXG07gQia3xdw+W/l/r2POsJfOLcq3kwxWuZ/
AgnvAkoUZOA1M8vvLCPUeDp6paiixfSXQpr+CxSZsQI
-> ssh-ed25519 YFSOsg fvx54J7FFCC5Aot1jqLWGZDn40iRMYw1onCuNp+thhw
alow6miTYlOzPYMX5fEbm9Gl3VL/HlZ6nq0MjSEFLg8
-> ssh-ed25519 iHV63A QdOJrEqruK+dh/d9fCIp1nvGlwg4lIObEUqrB/VFhGc
w0k0JB1xz9eZwj5O+71Ht2qkM0lOiQhlQFTRR9tNaLE
-> ssh-ed25519 BVsyTA m0/I+Gon8k8XVTnuw3N3zJsvUHut01JcyNcLW+GU3Ag
3C23u78FAHfh98grgBVFp9/ZVrkAV/SdOBcX6JS83Fg
-> ssh-ed25519 +3V2lQ r0v/L0tL1WGcHjUKV0aJw0dkmwgcF27vqpJ/pY9p1B8
hFQL/VBAt0F+6KTRF/pyiI+2cvctHmTAypZ/MhomQVE
--- CGNMkMH1+XCGCIwhTQmbubVBeJHEbQ3H0C3LH4xuW1s
<EFBFBD>>0õ±„¶I ©Ï¸š±ÀAJ€ÄŠš¶ëH^y<ŽÙ¬ô/«l<C2AB>¦ü½mý[‰/2Â/Ôƒ¼×º`”b'þªã «0Ë¿eà%†¶É ùÖ½æEÝßfqéí¶fœ¾>iÝÌbp®rk½eN¤øáw£¢x¯:Ƙ…ͳ´íÕROÏ»q?0É< x#š”ØWÿ¶

View file

@ -0,0 +1,43 @@
age-encryption.org/v1
-> ssh-ed25519 iDKjwg M+EDCwvqKTFn03v1lC9ZuI0HkgxPZfLgdDbYMFR9KhI
8LPjee85UAcasn6zKx1+MiZ4u3qX9iLHr7CZxdPbEug
-> ssh-ed25519 uYcDNw o0PBFfjYAax4hZwIb0OeJi+rx6VC9Plf7oCj40x1G1Q
TZCrvJFPsOl74Nj0Jv3255r50Lez+03GdyfyW4JpV6A
-> ssh-rsa f5THog
sdJAKwTHhf48Ks/Bkln0lMFBjp5GJ4ovq4ejUZXdNZsdWC+Meb7mPOFxNyz0n9Va
5xmkhVcfAYZP/rVXXEv515sBcERvnngFI7YX3GvsqaH+3WxpxkF08lWAFstmPNI8
tVZfZdPfz7nzm6xBiRKECFTJXsoXs+1sRQ677NwTMVCcmgh40jXSf6sw39e5DkiV
AKWNuXZKTWNCnjVrhzOUc+poKnT+VFSDeXeiQmFpPINv8wxPqK1TX8EK8nvwAdap
o4yZcuSRfq6iK/QWFGiQ/mC15R5OPzJ4t2rgRf8uCyzWc1jh8XEXuYe/6viFwhNg
jUILWwPILIWIRH3s3tKWVJOB4YnSZxNowld4Sl4CYFheUbrM2qTxvXkG8zn9PZe/
8kIsHussJYa4/j9O1ICvNs0SOqY49eBR5RN5YdqOobJbEBjU+XJ2QPQ+imVez8Mv
sFqtt+1EsFOViHnTqSqWYjz49+rt4EGMYJrs5yrwGH42XvvavkecIAXvhBvAg3Uy
elvaGQXYHSGUjCGx2KyVSpJIf8VW/zoL+vz5SOlOXszYdS5HKRT5M7A8F3NHfNNm
UeDS1ap3/1H/1jotFdP4IkcPRT+iS6ohoQA0JnNuoj0aMHpa/8Y8ciwU0qpjRmyC
ePS3Wd626j+AnyRLGfYN7xJSEdwGlAS7u1c4MRT5jnk
-> ssh-rsa kFDS0A
CZYGJdzAh8CkGVdALGMi65ghyy+XPzxL5iXPEvgqjB3W2pS16mT2LtrIO0R9QzHO
wXc4H5YoXj89G+SA/rz4Nn5Pm2j6MWAdy1xegTNKv+IdJbUazxLXoj0WZjZ1Z0/L
uJDooSRWBCzL6mTTpjULy4uNqSUUucuPfc7dROvo0+nPpipGOlfMRViJrO1pUMLO
ZGA3yGHm6Tw7xrUZkvC/S9iuzR8EbyD3lmLaF2eLbaN8AKFePmY1qg9N77amfaCQ
CFWsSljKVxq0Ocs//mN6lmULH537GozHoYaBSR8SdSuJWvYUiLnVAabBTkXF8mA2
5kWZO5kr91oqZVZnRyHVXVDSTxG6n3aCHouvxchzbvCbiVwA60kTHE2g0scjeHB1
pvIFB8ANSHURv0BDvoGsMxvZAM6LljHlDDD7ugbWd2k1aQWpw6Ja+x8w4/Zzpnpq
1luNKZL8HfbIAsE6a/S5rnrmw3xFWOT1JXQnGpWVC6uYiGoMB3xqKjhfH/diW+KM
h4iYIk3rJ+CPI9fwFwIvHVj/tPpN/n/fAFcYV+ivAlMk/HCT4vfjmQrWzukhFda+
HGPTmKnYO9WxWMzyNshCg9Se6krqbF1gPRZckiBSIIHw7QkicJWy8GeqEXuL+wPX
GBce3CBdg/w/UmZ2k8ZePikGc8ZNKGp/Cx7wui9WYQA
-> piv-p256 vRzPNw A/d7vHxjk4xk9dXbkWFnbTBsZ5vjZjnV6Aas4h02na6i
TgVbhRHJWRULqwphVwUk6PjmJcM8fHAtMoXr8MCYXz4
-> piv-p256 zqq/iw Akqn3jVJGnU4xrVMZQ7GWnzMiNypV7BIa1Aqwwerms64
ppUmCfKen5Vim8D3xOtkeC9ugHzS8eLwfSls5MgALIM
-> ssh-ed25519 YFSOsg T/Lv2HU9guj2XmUiI7HUKuxq30WATx5Ihxl3tDjRFlk
xVadVgGovqOrjofXzuF9pBGWfCOZHIyaY8gKWVANmSQ
-> ssh-ed25519 iHV63A amPJnMElPliFfkLVyVEqDkQhQ6X4q7OQDwpqi+JhiUg
wO3zti3SGNPWxcfIF/E+KFkqfGah/Vct8GMU6/MQDhE
-> ssh-ed25519 BVsyTA iouZDGJSkBfUGqck0LC0uIMo5I1ELtyRSYd/+P6NqGg
U0e3WSRhG535Fg9cO04V51t+S+w8KnT0FDA3zaU2460
-> ssh-ed25519 +3V2lQ j8gt6Twkb8fomdHAZ7Fs9haj6AmOWCjrfBlrIV8Ceic
JeBABwSUf7u+qvITa2CLCg391MPgXLJRcQJ5iaPkdo0
--- OGhz265WS4l8djGetL33Fdu4hzH8S8z/Om2YiwW50ek
w•ôTÑÕðlªžµ¬)—0^•)âôi¸4Ç®×9üwy3Ž*<2A>=>©P¥Çðà¨XõÔ¨<+PÅœŽ

View file

@ -54,6 +54,8 @@ in
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys; "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys; "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-garage-mail.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-garage-mail-env.age".publicKeys = nachtigallKeys ++ adminKeys;
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys; "drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys; "drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;