obs-portal: add backups
All checks were successful
Flake checks / Check (pull_request) Successful in 4m57s

Restic backups to garage S3 bucket
This commit is contained in:
teutat3s 2024-08-25 03:29:25 +02:00
parent b6be95d032
commit c196aff3f6
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
4 changed files with 37 additions and 0 deletions

View file

@ -55,6 +55,16 @@ in
mode = "600";
};
age.secrets.restic-repo-garage-obs-portal = {
file = "${flake.self}/secrets/restic-repo-garage-obs-portal.age";
mode = "600";
};
age.secrets.restic-repo-garage-obs-portal-env = {
file = "${flake.self}/secrets/restic-repo-garage-obs-portal-env.age";
mode = "600";
};
systemd.services."docker-network-obs-portal" =
let
docker = config.virtualisation.oci-containers.backend;
@ -147,4 +157,29 @@ in
};
};
};
services.restic.backups.obs-portal-garage = {
paths = [
"/var/lib/obs-portal/data"
"/tmp/obs-portal-backup.sql"
];
timerConfig = {
OnCalendar = "*-*-* 00:30:00 Etc/UTC";
};
initialize = true;
passwordFile = config.age.secrets."restic-repo-garage-obs-portal".path;
environmentFile = config.age.secrets."restic-repo-garage-obs-portal-env".path;
repository = "s3:https://buckets.pub.solar/obs-portal-backups";
backupPrepareCommand = ''
${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql
'';
backupCleanupCommand = ''
rm /tmp/obs-portal-backup.sql
'';
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 3"
];
};
}

Binary file not shown.

Binary file not shown.

View file

@ -54,6 +54,8 @@ in
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-garage-obs-portal.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-garage-obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;