2022-01-26 20:48:48 +00:00
|
|
|
job "backup_daily" {
|
|
|
|
datacenters = ["dc1"]
|
|
|
|
type = "batch"
|
2022-01-27 15:32:57 +00:00
|
|
|
|
|
|
|
priority = "60"
|
|
|
|
|
2022-01-26 20:48:48 +00:00
|
|
|
periodic {
|
|
|
|
cron = "@daily"
|
|
|
|
// Do not allow overlapping runs.
|
|
|
|
prohibit_overlap = true
|
|
|
|
}
|
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
group "backup-dovecot" {
|
2022-01-26 20:48:48 +00:00
|
|
|
constraint {
|
|
|
|
attribute = "${attr.unique.hostname}"
|
|
|
|
operator = "="
|
|
|
|
value = "digitale"
|
|
|
|
}
|
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
task "main" {
|
|
|
|
driver = "docker"
|
2022-01-26 20:48:48 +00:00
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
config {
|
|
|
|
image = "restic/restic:0.12.1"
|
|
|
|
entrypoint = [ "/bin/sh", "-c" ]
|
|
|
|
args = [ "restic backup /mail && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
|
|
|
|
volumes = [
|
|
|
|
"/mnt/ssd/mail:/mail"
|
|
|
|
]
|
|
|
|
}
|
2022-01-26 20:48:48 +00:00
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
template {
|
|
|
|
data = <<EOH
|
2022-01-26 20:48:48 +00:00
|
|
|
AWS_ACCESS_KEY_ID={{ key "secrets/email/dovecot/backup_aws_access_key_id" }}
|
|
|
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/email/dovecot/backup_aws_secret_access_key" }}
|
|
|
|
RESTIC_REPOSITORY={{ key "secrets/email/dovecot/backup_restic_repository" }}
|
|
|
|
RESTIC_PASSWORD={{ key "secrets/email/dovecot/backup_restic_password" }}
|
|
|
|
EOH
|
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
destination = "secrets/env_vars"
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 500
|
|
|
|
memory = 200
|
|
|
|
}
|
|
|
|
|
|
|
|
restart {
|
|
|
|
attempts = 2
|
|
|
|
interval = "30m"
|
|
|
|
delay = "15s"
|
|
|
|
mode = "fail"
|
|
|
|
}
|
2022-01-26 20:48:48 +00:00
|
|
|
}
|
2022-01-27 15:32:57 +00:00
|
|
|
}
|
2022-01-26 20:48:48 +00:00
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
group "backup-plume" {
|
|
|
|
constraint {
|
|
|
|
attribute = "${attr.unique.hostname}"
|
|
|
|
operator = "="
|
|
|
|
value = "digitale"
|
2022-01-26 20:48:48 +00:00
|
|
|
}
|
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
task "main" {
|
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
config {
|
|
|
|
image = "restic/restic:0.12.1"
|
|
|
|
entrypoint = [ "/bin/sh", "-c" ]
|
|
|
|
args = [ "restic backup /plume && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
|
|
|
|
volumes = [
|
|
|
|
"/mnt/ssd/plume/media:/plume"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
|
|
|
AWS_ACCESS_KEY_ID={{ key "secrets/plume/backup_aws_access_key_id" }}
|
|
|
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/backup_aws_secret_access_key" }}
|
|
|
|
RESTIC_REPOSITORY={{ key "secrets/plume/backup_restic_repository" }}
|
|
|
|
RESTIC_PASSWORD={{ key "secrets/plume/backup_restic_password" }}
|
|
|
|
EOH
|
|
|
|
|
|
|
|
destination = "secrets/env_vars"
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 500
|
|
|
|
memory = 200
|
|
|
|
}
|
|
|
|
|
|
|
|
restart {
|
|
|
|
attempts = 2
|
|
|
|
interval = "30m"
|
|
|
|
delay = "15s"
|
|
|
|
mode = "fail"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
group "backup-consul" {
|
2022-01-27 15:56:02 +00:00
|
|
|
task "consul-kv-export" {
|
2022-01-27 15:32:57 +00:00
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
lifecycle {
|
|
|
|
hook = "prestart"
|
|
|
|
sidecar = false
|
|
|
|
}
|
|
|
|
|
|
|
|
config {
|
|
|
|
image = "consul:1.11.2"
|
2022-01-27 15:56:02 +00:00
|
|
|
network_mode = "host"
|
2022-01-27 15:32:57 +00:00
|
|
|
entrypoint = [ "/bin/sh", "-c" ]
|
|
|
|
args = [ "/bin/consul kv export > $NOMAD_ALLOC_DIR/consul.json" ]
|
|
|
|
}
|
|
|
|
|
2022-01-27 15:56:02 +00:00
|
|
|
env {
|
|
|
|
CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
|
|
|
|
}
|
|
|
|
|
2022-01-27 15:32:57 +00:00
|
|
|
resources {
|
|
|
|
cpu = 200
|
|
|
|
memory = 200
|
|
|
|
}
|
|
|
|
|
|
|
|
restart {
|
|
|
|
attempts = 2
|
|
|
|
interval = "30m"
|
|
|
|
delay = "15s"
|
|
|
|
mode = "fail"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-01-27 15:56:02 +00:00
|
|
|
task "restic-backup" {
|
2022-01-27 15:32:57 +00:00
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
config {
|
|
|
|
image = "restic/restic:0.12.1"
|
|
|
|
entrypoint = [ "/bin/sh", "-c" ]
|
2022-01-27 15:56:02 +00:00
|
|
|
args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
|
2022-01-27 15:32:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOH
|
2022-01-27 15:56:02 +00:00
|
|
|
AWS_ACCESS_KEY_ID={{ key "secrets/backup/consul/backup_aws_access_key_id" }}
|
|
|
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/consul/backup_aws_secret_access_key" }}
|
|
|
|
RESTIC_REPOSITORY={{ key "secrets/backup/consul/backup_restic_repository" }}
|
|
|
|
RESTIC_PASSWORD={{ key "secrets/backup/consul/backup_restic_password" }}
|
2022-01-27 15:32:57 +00:00
|
|
|
EOH
|
|
|
|
|
|
|
|
destination = "secrets/env_vars"
|
|
|
|
env = true
|
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 200
|
|
|
|
memory = 200
|
|
|
|
}
|
|
|
|
|
|
|
|
restart {
|
|
|
|
attempts = 2
|
|
|
|
interval = "30m"
|
|
|
|
delay = "15s"
|
|
|
|
mode = "fail"
|
|
|
|
}
|
2022-01-26 20:48:48 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|