pub-solar/infra
6
1
Fork 3
Code Issues 24 Pull requests 9 Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: pub-solar:57964ef279a49f719f0d71d1f7377eb7d25f30b9
Branches Tags
pub-solar:main
pub-solar:element-call
pub-solar:matrix-rendezvous-server
pub-solar:ssl-cert-warning
pub-solar:feat/automated-account-deletion
pub-solar:feat/matrix-moderation-draupnir
pub-solar:nginx-maintenance
pub-solar:feat/matrix-moderation
pub-solar:fix/use-nix-firewall-nat-feature-for-forgejo-redirect
pub-solar:feat/loomio
pub-solar:feat/matrix-hookshot
pub-solar:feat/libreddit
pub-solar:feat/invidious
...
compare: pub-solar:09804f5c250463f3f924d249bdd5774c9eab906c
Branches Tags
pub-solar:main
pub-solar:element-call
pub-solar:matrix-rendezvous-server
pub-solar:ssl-cert-warning
pub-solar:feat/automated-account-deletion
pub-solar:feat/matrix-moderation-draupnir
pub-solar:nginx-maintenance
pub-solar:feat/matrix-moderation
pub-solar:fix/use-nix-firewall-nat-feature-for-forgejo-redirect
pub-solar:feat/loomio
pub-solar:feat/matrix-hookshot
pub-solar:feat/libreddit
pub-solar:feat/invidious

2 commits
57964ef279 ... 09804f5c25

Author SHA1 Message Date
teutat3s 09804f5c25
docs: how-to add backups for new hosts
All checks were successful
Flake checks / Check (pull_request) Successful in 3m43s
Details
2024-08-29 16:36:11 +02:00
teutat3s 2eb54a331e
backups: add storagebox to programs.ssh.knownHosts 2024-08-29 16:36:09 +02:00
2 changed files with 42 additions and 0 deletions
Show stats Expand all files Collapse all files

36
docs/backups.md Normal file
View file

@ -0,0 +1,36 @@
# Backups
We use [Restic](https://restic.readthedocs.io/en/stable/) to create backups and push them to two repositories.
Check `./modules/backups.nix` and `./hosts/nachtigall/backups.nix` for working examples.
### Hetzner Storagebox
- Uses SFTP for transfer of backups
Adding a new host SSH public key to the storagebox:
First, [SSH to nachtigall](./administrative-access.md#ssh-access), then become root and add the new SSH public key
```
sudo -i
echo '<ssh-public-key>' | ssh -p23 u377325@u377325.your-storagebox.de install-ssh-key
```
[Link to Hetzner storagebox docs](https://docs.hetzner.com/robot/storage-box/backup-space-ssh-keys).
### Garage S3 buckets
- Uses S3 for transfer of backups
- One bucket per host, e.g. `nachtigall-backups`, `metronom-backups`
To start transfering backups from a new hosts, this is how to create a new bucket:
First, [SSH to trinkgenossin](./administrative-access.md#ssh-access), then use the `garage` CLI to create a new key and bucket:
```
export GARAGE_RPC_SECRET=<secret-in-keepass>
garage bucket create <hostname>-backups
garage key create <hostname>-backups-key
garage bucket allow <hostname>-backups --read --write --key <hostname>-backups-key
```

6
modules/backups/default.nix
View file

@ -280,5 +280,11 @@ in
in
builtins.listToAttrs (lib.lists.flatten (map createBackups backupNames));
# Used for pub-solar-os.backups.repos.storagebox
programs.ssh.knownHosts = {
"u377325.your-storagebox.de".publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==";
"[u377325.your-storagebox.de]:23".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
};
}