No description
Find a file
Armaël Guéneau 06d139eb8a add a README
2024-04-11 16:10:54 +02:00
src feature: allow specifying short names for repos 2024-04-10 19:42:58 +02:00
.gitignore first (untested) version 2024-04-07 23:55:45 +02:00
Cargo.lock update Cargo.lock 2024-04-10 15:07:21 +02:00
Cargo.nix add Cargo.nix & update flake.nix accordingly 2024-04-10 15:22:25 +02:00
Cargo.toml remove more unused feature flags 2024-04-08 18:38:39 +02:00
flake.nix define a nixos module, defining a systemd service and timer 2024-04-11 14:49:48 +02:00
README.md add a README 2024-04-11 16:10:54 +02:00

restic-alarm: send alerts for inactive restic backups stored in S3 buckets

Design

restic-alarm watches over S3(-compatible) buckets containing restic backups, and sends alert emails for buckets that have been inactive (= without new snapshots) for too long. Alerts and inactivity duration settings as well as contact email are configured separately for each bucket.

The buckets to watch and their respective configuration are stored in a separate bucket restic-alarm-state accessed by restic-alarm. Each bucket to watch corresponds to a file restic-alarm-state/watch/<bucket uid> containing the bucket's alert settings.

The S3 key id, secret, region and endpoint URL needed by restic-alarm to access restic-alarm-state and the buckets to watch are passed to the process through (standard) environment variables.

Installation (on NixOS)

  1. Create a new S3 key for restic-alarm.
  2. Create a new S3 bucket named restic-alarm-state and owned by this new key.
  3. Install restic-alarm: import the nixos module provided by the flake as nixosModules.default, then add:
custom.restic-alarm = {
  enable = true;
  env_file = "/path/to/secret/env";
};

where /path/to/secret/env points to a file containing the environment variables for S3 access (region, endpoint, access key id, secret key). The env file should only be readable by root.

A template for the env file would be:

AWS_DEFAULT_REGION=xxxx
AWS_ENDPOINT_URL="https://xxxxx"
AWS_ACCESS_KEY_ID=xxxxx
AWS_SECRET_ACCESS_KEY=xxxxx

Adding a bucket to watched by restic-alarm

  1. Give read-only access to restic-alarm's S3 key for your bucket.
  2. Add a new file in the restic-alarm-state bucket at path watch/<bucket uid>, containing the following information:
# Email where to send inactivity alerts
email = "your@email"
# Inactivity after which to send an alert (in days).
# Here, send an alert if there has not been a new snapshot in more than 3 days. 
inactivity = 3
# Optional: short name for your bucket (can be anything)
name = "my_backups"
# Optional: interval between successive alerts (in days; default = 1 day)
alert_interval = 1
# Optional: duration after which we stop sending alerts (in days; default = 7 days)
alert_duration = 7

(the file is parsed as a toml file)

Since some of the fields are optional, a minimal configuration file can be as short as:

email = "your@email"
inactivity = 3