obs-portal: add backups to garage bucket
All checks were successful
Flake checks / Check (pull_request) Successful in 4m57s
All checks were successful
Flake checks / Check (pull_request) Successful in 4m57s
Restic backups to garage S3 bucket nachtigall-backups
This commit is contained in:
parent
b6be95d032
commit
eb28d9ec23
|
@ -10,4 +10,14 @@
|
|||
mode = "400";
|
||||
owner = "root";
|
||||
};
|
||||
age.secrets.restic-repo-garage-nachtigall = {
|
||||
file = "${flake.self}/secrets/restic-repo-garage-nachtigall.age";
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
};
|
||||
age.secrets.restic-repo-garage-nachtigall-env = {
|
||||
file = "${flake.self}/secrets/restic-repo-garage-nachtigall-env.age";
|
||||
mode = "400";
|
||||
owner = "root";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -147,4 +147,29 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.restic.backups.obs-portal-garage = {
|
||||
paths = [
|
||||
"/var/lib/obs-portal/data"
|
||||
"/tmp/obs-portal-backup.sql"
|
||||
];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 00:30:00 Etc/UTC";
|
||||
};
|
||||
initialize = true;
|
||||
passwordFile = config.age.secrets."restic-repo-garage-nachtigall".path;
|
||||
environmentFile = config.age.secrets."restic-repo-garage-nachtigall-env".path;
|
||||
repository = "s3:https://buckets.pub.solar/obs-portal-backups";
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.docker}/bin/docker exec -ti --user postgres obs-portal-db pg_dump obs > /tmp/obs-portal-backup.sql
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
rm /tmp/obs-portal-backup.sql
|
||||
'';
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 4"
|
||||
"--keep-monthly 3"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
BIN
secrets/restic-repo-garage-nachtigall-env.age
Normal file
BIN
secrets/restic-repo-garage-nachtigall-env.age
Normal file
Binary file not shown.
43
secrets/restic-repo-garage-nachtigall.age
Normal file
43
secrets/restic-repo-garage-nachtigall.age
Normal file
|
@ -0,0 +1,43 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iDKjwg yk6WgkJbk16Yqc/aWojwDePfNZN3XgaiacpZqufw1hc
|
||||
qx3x0zCUB6l7qPS9R9xGO41s6ESGsNd/ixglY4gYDtY
|
||||
-> ssh-ed25519 uYcDNw nDZXlykiDEZIA+Srg6imZFRLAzhykR3PDVrfWb693Sg
|
||||
MBJrrXbtLzBozetgfZaE52o1ixsrPK6Ojdp8sXhI3dc
|
||||
-> ssh-rsa f5THog
|
||||
WngnjCboeUafoR5NOg/+NFeW/ILxonIrcl7iUQLXoObcFWtmgzEebcogo3kqnkdk
|
||||
cj7NnqQ/sFiHdPCBr+VyiWcP4BJHJeWF/w+Ht9SYP5+WlHUkC2IPxlcMzJFyy2ro
|
||||
9PDq8FaPX5ZqarOfBW+U1pQsegxG9wkfoSzoF8NVL0jU5mwubPc+1s0ycbjMcGzP
|
||||
CSCpWY0OqqRbCXj8gVBNOOoELVhgbNCO0oRWh6Iafqjrx/rO4MNAdZmUF9DiTZML
|
||||
8QQjBFR7G8/+4ehGHn/9PF/0yVVsnPaJTEo3juS/By+NVcCihwP3b0SgQkjtp73+
|
||||
2QZL4XImwR0bBLDla86IjvZWH7GkLzR8iAw75FZ/FGIxZ/XgwRcUqtcI8m105KAD
|
||||
iX1v7ai0LUYko4RPSqdDItEdGjK31Dl4bCdaLakO+aZdtc+60c7hx8uEoTp7JY9W
|
||||
Qmyv4rt5bVUUAeH0IyR72vTDpTtXSkbp0vypk6Zq+yhYjbe0wmakAPCF4WbIV9gQ
|
||||
YIoSyicQ3NYxfrQGcQvmct2dNXXZcCr8BW704/J5w7ngw44FiZDUIC2y562sHD84
|
||||
9rFO0obVGERJa55+MnZB4UYMqU3eWs+mkxHgWotx5yEtO0wMpTP9IFk92scJeV8h
|
||||
bdr6fq1p6gtFlSNlA7P8A0go1SWs+qIoO/PEPyznoss
|
||||
-> ssh-rsa kFDS0A
|
||||
RM1VIV11yDWaG7KDnXbVt+Qo9kIC5kPO1JwpROuxbTH8tDGbu7bC2mJ6qsZo1R5x
|
||||
ewtmDVwv+Gogs2drjQeQgdZH3qN0cMt34micbW2lvBW4NmvAGKEQ+dkkUgIWIhy9
|
||||
dNuFBCHAGqfw7FDqvX1Mm3e50CsbIVqpurBXe882seMjm/nSVzGgjOOQVaQKmNSg
|
||||
04s0gsLzN1f98kQtKuNPlG8Fun9y1bKLzWpBT2iriQInkhcWSwYqg1M0yM7U01j3
|
||||
Kcxn4LJmgB9qNkloEKNpHCze5fgIGyOf+MsG4VN90CvwpNxy/EHrEyncXDxSxiCt
|
||||
A81PVHCZfC7fQTR+hF2s1xGcW9mmtRpPPSEUrGY84cW2k8m4E5A9J7MJZ7FOKe6C
|
||||
OY3LoU5KCV292ujHqYs1c7JSJRqVq4IMCupsNL6afzB/Fe+cV6GX7bXh1ZUl9HT7
|
||||
B6j1QH2xA9OGz+6VDrB+B6cdnxp02zRZpuS19uPTJqpIg4Sgc4vvw7YFQfz8AfUD
|
||||
/SafkBpVKznEHl1/gO7bOMa1nTkNBicUp6d2Z/zNtJ75NJPb3qYc4aVsaEuyMPts
|
||||
ieMR/iieeiDOMPhedtibfCWZ+0YrtyIrkkUsPK5yG76VbJgMjSRyEP+bXTedih/b
|
||||
bTkE78BoV5DmNxGEAva2BJpMKtn3Or8dCgSudoSlI14
|
||||
-> piv-p256 vRzPNw Al8mhhyZ/0YFf7OSKeGm3LZhowpCdcITOhtjmky7Ygnq
|
||||
CxFNUst8+6e6Cra/j7Pa2lZs3lHGLCOWRInb1VZTr2M
|
||||
-> piv-p256 zqq/iw A+r/W9OhuPjuGXRuhp1vW45k/QzCFO6VLfp1W6l7RJVU
|
||||
GxunFSBPJnzd5t5Ar42vr06tyJkJvZhljlGkHVZOFOQ
|
||||
-> ssh-ed25519 YFSOsg e7udSQwtwKETHB0Re59fb1DdiBBPLDbV/JHmUUI4GSU
|
||||
054wi1iKJm8lnWDjONCk+h2vea0setKqdCpXHuJaecI
|
||||
-> ssh-ed25519 iHV63A S2sle86zYVPjtCozODRjqtTs6a5GksTpJHkmO/WYzHU
|
||||
7h5kS8Hc3BiyhiWerEa9xPX6o+D/bxoJLK1fXFq1jWc
|
||||
-> ssh-ed25519 BVsyTA 7meQJdKDB4JLKsYmBPgDBUnWhil1fKnoijm+uzHDemY
|
||||
1bxklkYv5KYab9fXjMtz/w5QTUYMlZFTQG/khBftlWo
|
||||
-> ssh-ed25519 +3V2lQ n1bF6+o/16zx7dEt/Um1gL30mARiuPaE6z3N+qjFZx4
|
||||
7ZjmhkuJDYXLcMoUEA0wosWcWZ1T1oR45kVhFyQwN1E
|
||||
--- TbpcaLv/1jF23nynpaw1XjSKsO2t9hAxovPQHKhXAoQ
|
||||
P‰^¢f«E~¢÷ß6ÿO[Ö-cf]–øÄ9eÓ6Ñû‘4Eÿl2=sÿßW‡…O¿QFCzcõbÖTšÎÉÿ;[a
|
|
@ -54,6 +54,8 @@ in
|
|||
|
||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"restic-repo-garage-nachtigall.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
"restic-repo-garage-nachtigall-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
||||
|
||||
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
||||
|
|
Loading…
Reference in a new issue