obs-portal: add backups
All checks were successful
Flake checks / Check (pull_request) Successful in 4m57s
All checks were successful
Flake checks / Check (pull_request) Successful in 4m57s
Restic backups to garage S3 bucket
This commit is contained in:
parent
b6be95d032
commit
c196aff3f6
|
@ -55,6 +55,16 @@ in
|
|||
mode = "600";
|
||||
};
|
||||
|
||||
age.secrets.restic-repo-garage-obs-portal = {
|
||||
file = "${flake.self}/secrets/restic-repo-garage-obs-portal.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
age.secrets.restic-repo-garage-obs-portal-env = {
|
||||
file = "${flake.self}/secrets/restic-repo-garage-obs-portal-env.age";
|
||||
mode = "600";
|
||||
};
|
||||
|
||||
systemd.services."docker-network-obs-portal" =
|
||||
let
|
||||
docker = config.virtualisation.oci-containers.backend;
|
||||
|
@ -147,4 +157,29 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.restic.backups.obs-portal-garage = {
|
||||
paths = [
|
||||
"/var/lib/obs-portal/data"
|
||||
"/tmp/obs-portal-backup.sql"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 00:30:00 Etc/UTC";
|
||||
};
|
||||
initialize = true;
|
||||
passwordFile = config.age.secrets."restic-repo-garage-obs-portal".path;
|
||||
environmentFile = config.age.secrets."restic-repo-garage-obs-portal-env".path;
|
||||
repository = "s3:https://buckets.pub.solar/obs-portal-backups";
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
rm /tmp/obs-portal-backup.sql
|
||||
'';
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 4"
|
||||
"--keep-monthly 3"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
BIN
secrets/restic-repo-garage-obs-portal-env.age
Normal file
BIN
secrets/restic-repo-garage-obs-portal-env.age
Normal file
Binary file not shown.
BIN
secrets/restic-repo-garage-obs-portal.age
Normal file
BIN
secrets/restic-repo-garage-obs-portal.age
Normal file
Binary file not shown.
|
@ -54,6 +54,8 @@ in
|
|||
|
||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"restic-repo-garage-obs-portal.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"restic-repo-garage-obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
|
||||
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||
|
|
Loading…
Reference in a new issue