pub-solar/infra
6
1
Fork 3
Code Issues 23 Pull requests 10 Actions Packages Projects 1 Releases Wiki Activity

mail: add backups
All checks were successful
Flake checks / Check (pull_request) Successful in 6m17s
Details

Browse source 
Restic backups to garage S3 bucket
This commit is contained in:
teutat3s 2024-08-25 03:45:53 +02:00
parent b6be95d032
commit 6fa9fcc271
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
6 changed files with 70 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
hosts/metronom/backups.nix
View file

@ -1,12 +1,13 @@
{ flake, ... }:
{
age.secrets."restic-repo-droppie" = {
file = "${flake.self}/secrets/restic-repo-droppie.age";
age.secrets.restic-repo-garage-mail = {
file = "${flake.self}/secrets/restic-repo-garage-mail.age";
mode = "400";
owner = "root";
};
age.secrets."restic-repo-storagebox" = {
file = "${flake.self}/secrets/restic-repo-storagebox.age";
age.secrets.restic-repo-garage-mail-env = {
file = "${flake.self}/secrets/restic-repo-garage-mail-env.age";
mode = "400";
owner = "root";
};

2
hosts/metronom/default.nix
View file

@ -7,6 +7,6 @@
./networking.nix
./wireguard.nix
#./backups.nix
./backups.nix
];
}

19
modules/mail/default.nix
View file

@ -67,4 +67,23 @@
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "security@pub.solar";
services.restic.backups.mail-garage = {
paths = [
"/var/lib/vmail"
"/var/lib/dkim"
];
timerConfig = {
OnCalendar = "*-*-* 02:00:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-garage-mail".path;
environmentFile = config.age.secrets."restic-repo-garage-mail-env".path;
repository = "s3:https://buckets.pub.solar/mail-backups";
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
};
}

BIN
secrets/restic-repo-garage-mail-env.age Normal file
View file

Binary file not shown.

43
secrets/restic-repo-garage-mail.age Normal file
View file

@ -0,0 +1,43 @@
age-encryption.org/v1
-> ssh-ed25519 UE5Ceg ys38fGOhLJNLg9zx9T3v2VgF2IbOr/Y/rj2+dWkcAlU
QwkMX8WKgcJeGUomDSLjijen2K5UcRnYYwtebrITDqU
-> ssh-ed25519 uYcDNw wF0oWExIUjlP32CQzOvp6MyEvFw33Sm8pHhYn3Sb0zE
RHslJJumyXoCLHLw4sGlSLK++UHmgq97KPkqCu77G3o
-> ssh-rsa f5THog
pFSH+qCW+oM9zn2j+830+bja2rTXFuzATqfMNAq3o38ssW8Nl7+0FpkdMam4iYXu
sw4Pcaj1QPTO8PbhkEvjoOU4f0bUsVuJSIvcour4k8SUOBgEMiW/98AVSTIk6KBX
PvA+4uZn2Is+bB2m9EGCguwLJ9zzzfbur+USMQvwkQexg0YRpSfhJsRbCplLXhE+
ZU6ut4HjCP0XWwvxgFzKc6sY4X+/PeWFJOd+WkWy5lL6gcMqUz5DXoi1CeG11AR4
/hQ5KSJBpVsxw/ib3lSkGjA/ktQzwp4hZTI0l/dH9VHOFQflM8/9hPCYT2gsLVpF
7F2N++tMjgqbMI6Jve0gXLixpWFflr7X5UIBFW96k7/Aq2G+WUch/COQA6wTmfqw
OeP1wGd4Ka7YsgGByH5kuL60xDvtHG6+fYlnPXZAB5Fn86Ct6vRmWw9KUvLC7LKU
iBXDccJliY/y4vGFZH74EYlimurEfaBPiT5sxAk0Ke6hoJued3sZ39Qi+wuxMxFH
pleoFR/n1gBq2bu8FqTQaaNXB2Rsy7q4r5Fy1FxRJqDPgHJEmPx1k4rmYPq1VIaP
/ScOstPQgdMNBqVsBGoNYq7vewkzoPl6MkEwh6gP7IjtC1nvYxxwlGh0gESe3RFm
4MRh78EZaY9pmqIRAf/sRzajky26Aw+DkphmWNUjMTA
-> ssh-rsa kFDS0A
XsOTwrszUoHm2k4XSxiLniJZNWYfJOEn7riuDaQSGSW6ZpjMloD8K1FsZ/ZbMoUP
S/QD71rnETAhfQc8JAAHANOarxMXmSw3y1tSmlbL2h+TRnSoq74a1nK4Ble3aszu
y7tlUuUn3vEX6BVPRNOWM3bGW3oWNe5m0sMUAc4YSUXryWF4V48c/GbUp3T0OrRS
jm+5DWOPxt4VcLuCqe4Nv1jrjPnb7oui/7grMuottf3JRJJQxv9qZolRwlhkG2RN
4fuUSuOYnFUuHuaF2cfuTpOPaowLbh5H/Y6ETzOp+z9yNSuxRsdNgA63GrTsAorI
2axdnMakUsP7m3Xxu6YsVu8xP+Sso1xzPZoEQKA+2eol0fZpQvRPrZ59bqaf9p5U
VTIKSqIAIxyr/XN/s8S4ygaNKQZW8yBColG7TlggTth5v3XqAZ8RhcFXUg6z5lSr
RErV6Bio9JIZofvNEiJaqrl8uTo8dU4ymVuYZoEiT/mW3noqBrZlKUh6XZFMplmk
5giRTDThA3mirSTTELFCsc08kJMXqgkOzkPk5xm5kgP7VD6t/0SfGxetVWXOlUNd
dbprg8Oko1hdlO+LePY1n50TTFKBl9TeZWhvcLOhUizc0bTowUcXm+04Taf+MDwa
TMxplrtahOdCTz8k38c/HwBeHtfXRevh8A8Y1qnJXJY
-> piv-p256 vRzPNw AqccwzdKUA4RP2LzIfcTlAN9LsoEB/b7tGYyM8bk39Pn
f0srD9t9HaGY8OIAVImqJSrvHZRhxfMXkYwot4LJGeM
-> piv-p256 zqq/iw Aj8544WraFJMX2S6qyzi6CTal6sRnunmzbMO4KUQhJOO
BFiQSdLgrmgPnynqmSLNBqiWkyBme3KavSbi86HHSck
-> ssh-ed25519 YFSOsg Zece1bOI+mVc6079POREAnnzSG7ZytiTRDm+NzbbhVE
alK4ODfwrgRSDGWzcZmIuyZ88axaiMzSNfeGspsgk70
-> ssh-ed25519 iHV63A LwfUkisQGB3txmxYYLlZSG6ddxVNVC9+UokxPiXEjRc
yRmtdHT9uM0YkS/s80jetMr1baDjGsaRubVKbJVPpCk
-> ssh-ed25519 BVsyTA +8LVssLl+DiF2f3H0KhAhvzEvTjciIAcRM9ZYwrGQh0
CcQxWwMBdyXXzDv10vUmXBifYLXsHKOFd2/L95RGT5U
-> ssh-ed25519 +3V2lQ RWquIefIO5crVvrUxdatV7OvTv1Jabyq4IF209Ezkw0
0SM43tcO7m7FQlNJe9QnhC9J9PwHoVxucRtZGpcACUE
--- xx8BodL5hv2CyeZ8m0tGXNzmH2DGaCveUNobqbAQK8U
)ŠÐÑ\³“9°c½ùt4Ê¿Á~ÁÆëºùeJ¥}¼Š§Å[‘¸Ø+*x£>;m/ «&I»÷Ò:ÏóÛ3

2
secrets/secrets.nix
View file

@ -54,6 +54,8 @@ in
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-garage-mail.age".publicKeys = metronomKeys ++ adminKeys;
"restic-repo-garage-mail-env.age".publicKeys = metronomKeys ++ adminKeys;
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;